It is currently Sun Dec 22, 2024 9:27 pm

All times are UTC - 7 hours




Post new topic Reply to topic  [ 16 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: NWRO Getting Hammered by DOS Attacks
PostPosted: Mon Aug 25, 2003 9:05 pm 
Offline
User avatar

Joined: Sat Oct 12, 2002 10:20 am
Posts: 116
Location: ON.
Well...

Am getting attacked by the same IP that KidCapri is...130.230.72.156...I hear that it is happening to Slayed and Herm as well. Looks like some disgruntled player found the server list on the RI page. I don't really know if it affects the server much...I was playing on mine earlier, and it seemed smooth enough. There are apparently a few things you can try to stop it, or at the very least make it so it has minimal effect...the UTPG that made the 451 patch we are using has some suggestions. I'll try them out later...

Bo


Last edited by BoDacious on Mon Aug 25, 2003 10:44 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 25, 2003 9:23 pm 
Offline
User avatar

Joined: Wed Jun 25, 2003 11:50 am
Posts: 222
Location: UK, Coventry, (but I'm from Doncaster in S.yorkshire "best part of the UK".
I dont know much about proxies servers, but couldnt some one (if they have sence) be usin a public proxy to bonuce there dos attacts to keep there ip out of the lime light, thats what i would do.


Is the problem due to floodin of the band width or by over powerin the server, if its the later then if u have a server set up with one ip addy and all ut connections go thught that one and are redirected to the other server.

uuummm... NM, :P

_________________
All the best Jonathan :).

PS free the weed.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 25, 2003 9:53 pm 
Offline

Joined: Sat Jul 12, 2003 8:44 pm
Posts: 237
Location: USA
THATS MY IP!

_________________
Fine


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 25, 2003 9:56 pm 
Offline

Joined: Sat Jul 12, 2003 8:44 pm
Posts: 237
Location: USA
If you don't mind me asking, when did this start. I have had several Ips do port scans in the last few hours....right after i started my Firewall. 68.x.x.x numbers. And it keep saying subseven back door blocked on my Norton Securtiy....

_________________
Fine


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 25, 2003 10:00 pm 
Offline
User avatar

Joined: Thu Jan 09, 2003 8:46 am
Posts: 858
Location: PA
we were getting the same ip addy as kid was the 130.230.72.156 is theip that keeps appearing
ours started friday night server ran great and still is we are trying to get the word out to our regs on the server before we change the ip so sometime tomrrow our ip will be changed

damn assholes in this world have to try and ruin everything

hotts


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 25, 2003 10:05 pm 
Offline

Joined: Sat Jul 12, 2003 8:44 pm
Posts: 237
Location: USA
Is it possible a hacker spoofing my ip....or do I have a virus?

Could my server be doing this. If everyone is having the same phenomenom....I would be resoanable to assume it is my server since I just brought it online.

I am taking it offline for now.

_________________
Fine


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 25, 2003 10:11 pm 
Offline

Joined: Sat Jul 12, 2003 8:44 pm
Posts: 237
Location: USA
The server is down. I am going to shut the pc off for the night and most of tomorrow. When I get off work I will check for any updates before loading the server.

Don't know if this is caused by my crap but don't want to chance it. See ya tomorrow.

_________________
Fine


Top
 Profile  
 
 Post subject: I traced it and got this:
PostPosted: Mon Aug 25, 2003 10:27 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 17, 2002 8:35 am
Posts: 2733
Location: Houston, Texas
I had the IP traced and it went like this:



Trying 13.230.72 at ARIN

OrgName: Xerox Palo Alto Research Center
OrgID: XPARC
Address: 3333 Coyote Hill Road
City: Palo Alto
StateProv: CA
PostalCode: 94304
Country: US

NetRange: 13.0.0.0 - 13.255.255.255
CIDR: 13.0.0.0/8
NetName: XEROX-NET
NetHandle: NET-13-0-0-0-1
Parent:
NetType: Direct Assignment
NameServer: ADRASTEA.XEROX.COM
NameServer: BETA.XEROX.COM
NameServer: CARME.XEROX.COM
Comment:
RegDate: 1986-04-25
Updated: 2001-12-17

TechHandle: KF357-ARIN
TechName: Farrar, Keith
TechPhone: +1-650-812-4292
TechEmail: farrar@parc.xerox.com

# ARIN WHOIS database, last updated 2003-08-24 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

__________________
~~Unreal/UT/UT2003 Maps - BU IRC - Official BU Servers - 3DMark 03~~
Report Post | IP: Logged
Posts: 9,279


Today, 08:05 AM
Post #3

Fearless
Registered User



Joined: Jul. 8th, 2002
Location: South of Belgium Wo, that's the place where the guys from Apple nicked the idea of GUI and then decided to make the version of MacOS :P .

__________________
[smiley]
It is time to smile once again .
Smiley forums





Is this really your IP Bigi? When you first said it, I thought you were joking. If it is That is strange but the IP I'm getting nailed with is different than the one you and BH are talking about I think.

_________________
~Peace~

Hermskii,


Top
 Profile  
 
 Post subject: Sorry Bigi...you can relax now...
PostPosted: Mon Aug 25, 2003 10:42 pm 
Offline
User avatar

Joined: Sat Oct 12, 2002 10:20 am
Posts: 116
Location: ON.
Hey bud...

Sorry....I was looking at the wrong address when I typed that in...it is NOT Bigi's address that is hacking me. The address that is pounding me is 130.230.72.156...

Sorry if this caused you any panic, m8.....your server was working fine for me...I think I need a drink now...

Bo


Top
 Profile  
 
 Post subject:
PostPosted: Tue Aug 26, 2003 12:45 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 17, 2002 9:22 am
Posts: 1823
Location: In the Desert of the Real
LOL Bigi :lol: We're on to you buddy!!!

I wonder if the hacker is the same guy that was logging onto Herm's before with those skin attacks. This must be one bitter newbie, lol. We must've put him through 1-on-1 Contact too many times or something.

Is the hacker just trying to break into your servers, or are your servers being used as a launchpad for some other diabolical plan?

_________________
<SRA>/v/ahatma


Top
 Profile  
 
 Post subject:
PostPosted: Tue Aug 26, 2003 4:26 am 
Offline
User avatar

Joined: Wed Jun 25, 2003 11:50 am
Posts: 222
Location: UK, Coventry, (but I'm from Doncaster in S.yorkshire "best part of the UK".
You can fool others about your real ip addy as I was sayin b4 with the proxy, when i was in uni halls my ip was 172.19.6.x but to the out side it was 81.x.x.x but my ip addy was real and could connected directly to its, id if you tryied to track any of them they all turned up tracin to america well im in the UK, :)

Hope this helps.
And beside no real hacker will keep usin the same ip addy.
:twisted:

_________________
All the best Jonathan :).

PS free the weed.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Aug 26, 2003 4:31 am 
Offline
User avatar

Joined: Wed Jun 25, 2003 11:50 am
Posts: 222
Location: UK, Coventry, (but I'm from Doncaster in S.yorkshire "best part of the UK".
If this is the real ip addy of the bugger, we should all get a icmp flooder and ping him back at the same time, I think about 10 of us will beat him. :)
nothing more i could think of, :P

_________________
All the best Jonathan :).

PS free the weed.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Aug 26, 2003 7:29 am 
Offline
User avatar

Joined: Thu Jan 09, 2003 8:46 am
Posts: 858
Location: PA
not sure who this but it is the person attacking herm kid bo on reg ut and hitting our server on ut2k3
i guess some people just can't handle being beat over and over

i have not seen any different names on our server or the same name as any of the people who play on kid's herm's or bo's running around on ours

this is to frickin weird

lates
hotts


Top
 Profile  
 
 Post subject: Well, now...
PostPosted: Tue Aug 26, 2003 8:57 am 
Offline
User avatar

Joined: Sat Oct 12, 2002 10:20 am
Posts: 116
Location: ON.
Last night I was talking to Trigon about all this crap going on. I half-jokingly suggested that it may have been Dondon...only player that I can think of lately that regularly annoys the regs with his constant votes for Crane. In fact, whenever I have been in with him and a bunch of regs on Crane, we spend our time chasing him around on the street level, tag-teaming him, telefragging him, etc...

My server had been getting hammered at by the 130.230.72.156 address, which traced out to the Tampere University of Technology in Tampere, Finland. When I rolled out of bed today, I came down to check and see if it was still happening. It had been, up until Dondon2 joined the server. He played one game and left. I managed to get his IP (12.248.87.139) traced to Chicago. Within minutes, the server was getting attacked by ANOTHER address, which traced out to Czechoslovakia. A few minutes later, getting banged from an address in Slovenia. Funny how it stopped long enough for Dondon to get a game in, then immediately started again as soon as he left. It has stopped again while I have been typing this. Ah, well...thanks to the folks at the UTPG and thier 451 patch, the effect is minimal, just annoying. Will post if anything interesting develops...

Bo


Top
 Profile  
 
 Post subject:
PostPosted: Tue Aug 26, 2003 10:44 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 17, 2002 9:22 am
Posts: 1823
Location: In the Desert of the Real
FRAG DONDON!

_________________
<SRA>/v/ahatma


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 16 posts ]  Go to page 1, 2  Next

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Jedi Knights style by HighDefGeek