someone is flooding my hub port

Which hub software is the best? Where can I find script XXX? Discuss it here...(no, this is not for advertising your hub...)

Moderator: Moderators

Locked
siicis
Posts: 3
Joined: 2004-09-25 07:40

someone is flooding my hub port

Post by siicis » 2004-09-25 08:04

problem ir like this: someone connects to my hub with huge amount of ports (aproximetly 1000 and using ports from 2000 to 3000) . then he makes huge search query. I can`t ban him becuse he is leaving and connecting to hub very fast (one connection/leaving in 1 second). in result: ptokax can`t serve all users and disconecting them + my firewall takes 100% of my cpu and computer crashes...
I`m using PtokaX DC Hub 0.3.3.0 build 15.11 [debug] with winXP and sygate firewall.
I think flooder uses some flooding soft..
can anyone help me with this?

GargoyleMT
DC++ Contributor
Posts: 3212
Joined: 2003-01-07 21:46
Location: .pa.us

Post by GargoyleMT » 2004-09-26 20:21

Get a decent firewall that can log IPs. Find which IP/range he's coming from and ban it at the firewall.

siicis
Posts: 3
Joined: 2004-09-25 07:40

Post by siicis » 2004-09-28 12:41

The problem is - he have different ip adresses. I can`t ban him in firewall becuse every time he have diferent ip`s.

GargoyleMT
DC++ Contributor
Posts: 3212
Joined: 2003-01-07 21:46
Location: .pa.us

Post by GargoyleMT » 2004-09-28 13:35

So the IPs are completely unrelated, not even in the same range?
Post some, just obscure the last octet.

siicis
Posts: 3
Joined: 2004-09-25 07:40

Post by siicis » 2004-09-29 08:29

They are in diferent ip ranges. here ir last 4 attacks: 81.198.155.159 81.198.159.23 81.198.159.67 81.198.244.17 I can`t ban ip range 81.198 becuse it is used but many hubusers. What can I do?
dchub://hubs.valsts.lv

GargoyleMT
DC++ Contributor
Posts: 3212
Joined: 2003-01-07 21:46
Location: .pa.us

Post by GargoyleMT » 2004-09-29 11:27

If you can't ban that range, you have to put up with the attacks. Or see if there's another hub that lets you restrict searches within xx seconds of joining. There may even be a Ptokax script to do that.

MMN-o
Posts: 5
Joined: 2004-10-11 12:05
Location: Umeå, Sweden
Contact:

Post by MMN-o » 2004-10-12 14:59

Decent firewalls (pf and iptables to my limited knowledge) have full support for limiting packet recieving. Anything that goes above the limit is dropped (not even a reset-reply is sent).
Wouldn't surprise me if any Windows firewalls have that support as well.

Oh. And http://ripe.net/ -> whois db -> search for one of the IPs.
And mail the abuse services for that IP. Packet flooding (in any form) is illegal according to most ISP contracts. And you don't have to mention that you're running a Direct Connect hub.

Locked