Question DDoS hitting just the teamspeak, and not the whole server

Discussion in 'Server' started by Cynical, May 17, 2017.

  1. Cynical

    Cynical New Member

    Hey guys,
    So I have relatively decent DDoS protection built on my Teamspeak 3 server, but today we got hit pretty hard by a DDoS attack that has been taking us down 10 minutes at a time. I am noticing however, the server itself is perfectly fine and intact. Infact, my VPS isn't eating any bandwidth at all as it normally would from a regular DDoS attack.
    So, what is this attack and is there any way to prevent it? I can't tell if this is just a regular attack, but this seems to me to be something completely different since my server is seemingly online and functioning fine.
     
    Asphyxia likes this.
  2. Asphyxia

    Asphyxia Web Admin Administrator Super Mod

    Can you get us some information? A good start is providing us with a TCPDUMP perhaps?

    For some help on collecting a TCPDUMP check below:
    http://souptonuts.sourceforge.net/tcpdump_tutorial.html

    We need to be able to see what type of attack this is. ;)

    If you are not familiar with TCPDUMP, here is some other helpful info:
    https://www.wireshark.org/docs/wsug_html_chunked/AppToolstcpdump.html

     
    linuxman, Ridicc and Cynical like this.
  3. Asphyxia

    Asphyxia Web Admin Administrator Super Mod

    One last thing:
    Keep in mind that we need this TCPDUMP while the attack is happening otherwise you may be capturing all clean traffic.
     
    linuxman and Cynical like this.
  4. Cynical

    Cynical New Member

    Awesome, this is exactly what I was looking for, thank you! I will be sure to go through all this and run it when the next attack comes, updates to come.
     
    Asphyxia likes this.
  5. Asphyxia

    Asphyxia Web Admin Administrator Super Mod

    I will look for a response and will check the capture once you are able to capture it and upload it somewhere --- hopefully the a-holes leave ya alone though. If you have any questions about TCPDUMP or anything related, feel free to ask here. :D
     
    Ridicc likes this.
  6. egcmasti

    egcmasti VIP

    yes this will help to block the attack if happens again. I mean it won't be repeated. My suggestion is to get ahead of this like get something better protection so you do not have to work this way every time you got what i mean? i mean if the attack type and length is different from previous . it is a hassle to do again and block it using iptables / netfilter. Better buy OVH Game or Zare . These both have large pipelines and they can protect you. OVH Game for sure can do . Zare is affortable wont get down too easily like you have right now.

    Good Luck
     

Share This Page