Hi my server when down today for several minutes and during that time I get these kinds of logs, alot of them(See below)
During that time I also see a spike in network traffic inbound more than usual by about 3x. I can only suspect that it's an attack. What can be done about it?
Testing
-
- Posts: 90
- Joined: 13 Aug 2016, 04:28
Testing
Last edited by trianglehead on 05 Jan 2021, 21:17, edited 1 time in total.
Re: Server Attacks
Hi,
this looks like a DDoS attack, but if it was only for a few minutes it might have been something else too. Maybe just some kind of flood attack that didn't find what it was looking for. It's difficult to say without more details (e.g. traffic analysis)
To actively shield from a persisting attack coming from all sorts of IP addresses you would need a front-facing firewall that discards frequent UDP packets, or a reverse proxy service such as CloudFlare.
Cheers
this looks like a DDoS attack, but if it was only for a few minutes it might have been something else too. Maybe just some kind of flood attack that didn't find what it was looking for. It's difficult to say without more details (e.g. traffic analysis)
To actively shield from a persisting attack coming from all sorts of IP addresses you would need a front-facing firewall that discards frequent UDP packets, or a reverse proxy service such as CloudFlare.
Cheers
-
- Posts: 90
- Joined: 13 Aug 2016, 04:28
Re: Server Attacks
It happened again and this time for 2 hours. Can you please give me more information on the methods you suggested?
Re: Server Attacks
Hi,
do you need UDP to be active?
Also can you send us the log files relative to the two hour attack you have mentioned?
You can zip the relevant log files and send it to our support@... email box with a reference to this discussion.
(If the zip file > 50MB, try cutting the log messages before and after the attack)
Thanks
do you need UDP to be active?
Also can you send us the log files relative to the two hour attack you have mentioned?
You can zip the relevant log files and send it to our support@... email box with a reference to this discussion.
(If the zip file > 50MB, try cutting the log messages before and after the attack)
Thanks
-
- Posts: 90
- Joined: 13 Aug 2016, 04:28
Re: Server Attacks
Hi. There is literally nothing to see before or after the attack. The flooding comes in and everything else just stopped working as it's overwhelmed. Once the flooding stopped everything went back to normal and there are no unusual logs.
I could just use TCP instead, but that can also suffer the same thing right?
I could just use TCP instead, but that can also suffer the same thing right?
Re: Server Attacks
I could just use TCP instead
It depends.
TCP may be too heavy if you're sending lots of updates per second. UDP can handle 30+ updates/sec over the internet, while TCP is usually not suitable beyond 20-25 pps (packets per second).
but that can also suffer the same thing right?
Every protocol can be attacked, but in your case it seems only UDP is being under attack, so switching might help, if it's feasible.
Otherwise you should talk to your hosting provider, explaining you had a UDP flood attack and ask if they can help with a firewall protection.
Cheers
-
- Posts: 90
- Joined: 13 Aug 2016, 04:28
Re: Server Attacks
Lapo wrote:I could just use TCP instead
It depends.
TCP may be too heavy if you're sending lots of updates per second. UDP can handle 30+ updates/sec over the internet, while TCP is usually not suitable beyond 20-25 pps (packets per second).
Can you elaborate on this more?
Cheers
Re: Testing
TCP is not suitable for packet rates > 20-25pps over the internet.
UDP can reach higher packet rates because it is a lighter protocol, since it doesn't re-transmit lost packets and it doesn't respects the order in which packets were sent.
If you're not familiar with the differences between the two I'd recommend an article like this:
https://www.guru99.com/tcp-vs-udp-under ... rence.html
cheers
UDP can reach higher packet rates because it is a lighter protocol, since it doesn't re-transmit lost packets and it doesn't respects the order in which packets were sent.
If you're not familiar with the differences between the two I'd recommend an article like this:
https://www.guru99.com/tcp-vs-udp-under ... rence.html
cheers
-
- Posts: 1
- Joined: 18 Feb 2021, 15:34
Re: Testing
We use TCP for those programs and applications that demand reliability and security, plus where we can compromise with the performance a little bit. and We use UDP when we need speed.
Who is online
Users browsing this forum: No registered users and 73 guests