TS3 flood attack

Shur1k

Member
Apr 9, 2017
5
1
35
Server version 3.2.0
The bitch comes to the server and spams all the rooms, and each has a password. Serveradmin access is only one. I know that he does something from scripts and the server crashes. How to defend yourself?
One more thing, spam does not reach me, other users see it, but not admins.
This character did this before and was blocked.
 
Last edited by a moderator:

Shur1k

Member
Apr 9, 2017
5
1
35
Hm, what do the logs say when the server crashes? What's CPU, RAM and network usage?
I'm curious as to how he made spam in all rooms, nobody has the right to do this. In the security rules, there are several addresses that have access to 10011 port, for output statistics in the monitoring and my address, the rest just will not let.

Spam passed, such as the server will close and we will move to a new address. Spam did not reach me, in others it was written, as if ignoring only me. There were clipping voices in the chat and the server collapsed. In this case, the console was activated under the root of access and the load on the processor and the RAM did not exceed the norm.

The logs are clean, just shows who connected or disconnected.

Hoster provides 1 core and 1 gigabyte RAM .


[root@site ~]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 1
On-line CPU(s) list: 0
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 44
Model name: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Stepping: 2
CPU MHz: 2400.084
BogoMIPS: 4800.16
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 256K
L3 cache: 12288K
NUMA node0 CPU(s): 0


My security rules IP port 10011:

# GameTracker & Teamspeak-Server.org monitoring accept
iptables -A INPUT -p tcp -m tcp --dport 10011 -m iprange --src-range 208.167.225.11-208.167.225.13 -m comment --comment "gametracker.com monitoring" -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 10011 -m iprange --src-range 208.167.241.183-208.167.241.190 -m comment --comment "gametracker.com monitoring" -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 10011 -m iprange --src-range 108.61.78.147-108.61.78.150 -m comment --comment "gametracker.com monitoring" -j ACCEPT

# teamspeak-servers.org monitoring
iptables -A INPUT -s 37.187.252.194/32 -p tcp -m tcp --dport 10011 -m comment --comment "teamspeak-servers.org monitoring" -j ACCEPT
iptables -A INPUT -s 94.23.153.152/32 -p tcp -m tcp --dport 10011 -m comment --comment "teamspeak-servers.org monitoring" -j ACCEPT
iptables -A OUTPUT -s 80.190.145.215 -p tcp --dport 2008 -j ACCEPT
iptables -A OUTPUT -s 194.97.114.3 -p udp --dport 2010 -j ACCEPT
iptables -A INPUT -s 188.0.84.77/32 -p tcp -m tcp --dport 10011 -j ACCEPT
iptables -A INPUT -s 193.26.217.121/32 -p tcp -m tcp --dport 10011 -j ACCEPT
iptables -A INPUT -s 37.59.31.160/32 -p tcp -m tcp --dport 10011 -j ACCEPT
iptables -A INPUT -s 94.23.235.222/32 -p tcp -m tcp --dport 10011 -j ACCEPT
iptables -A INPUT -s 37.187.22.8/32 -p tcp -m tcp --dport 10011 -j ACCEPT
iptables -A INPUT -s 93.189.42.45/32 -p tcp -m tcp --dport 10011 -j ACCEPT
iptables -A OUTPUT -s 80.190.145.215 -p tcp --dport 2008 -j ACCEPT
iptables -A OUTPUT -s 194.97.114.3 -p udp --dport 2010 -j ACCEPT
iptables -A INPUT -s 185.5.248.64/32 -p tcp -m tcp --dport 10011 -j ACCEPT
iptables -A INPUT -s 176.102.53.174/32 -p tcp -m tcp --dport 10011 -j ACCEPT
iptables -A INPUT -s 198.50.27.173/32 -p tcp -m tcp --dport 10011 -j ACCEPT
iptables -A INPUT -s 151.80.148.48/32 -p tcp -m tcp --dport 10011 -j ACCEPT



# Planet TeamSpeak
iptables -A INPUT -s 151.80.148.48/32 -p tcp -m tcp --dport 10011 -j ACCEPT
iptables -A INPUT -s 46.164.191.174/32 -p tcp -m tcp --dport 10011 -j ACCEPT
iptables -A INPUT -s 37.59.113.89/32 -p tcp -m tcp --dport 10011 -j ACCEPT
iptables -A INPUT -s 167.114.184.17/32 -p tcp -m tcp --dport 10011 -j ACCEPT

iptables -A INPUT -s 37.46.252.201/32 -p tcp -m tcp --dport 10011 -j ACCEPT // MY HOME IP
iptables -A INPUT -p tcp -m tcp --dport 10011 -j DROP
 

Attachments

  • 1a.jpg
    1a.jpg
    190.9 KB · Views: 51
Top