Jump to content

Recommended Posts

Posted

 If you are on Windoze Systems 2k3, 2k8 or 2k8R2.

These commands will help you to get your server back online.

BTW I see your server online.

 

Step 1 :

 

Windows Server 2008

 

netsh advfirewall firewall add rule name="Remote Desktop Protocol" program=System profile=public,private,domain dir=in localport=3389 protocol=tcp action=allow

 

 

Windows Server 2003

 

netsh firewall set portopening protocol=TCP port=3389 name="Remote Desktop Protocol" mode=ENABLE

 

 

 

Step 2 :

First thing to do is enable windows firewall.

 

netsh advfirewall set domainprofile state on
netsh advfirewall set privateprofile state on
netsh advfirewall set publicprofile state on
netsh advfirewall set allprofiles state on

 

 

 

Step 3 :

The first DOS attack to block is all incoming ICMP Packets. (If you like to ping your server then don't follow this step.)

 

Windows Server 2008

 

netsh advfirewall firewall add rule name="All ICMP V4" protocol=icmpv4:any,any dir=in action=block

 

 

Windows Server 2003

 

netsh firewall set icmpsetting type=ALL mode=disable

 

 

Windows Server 2008

Block all IGMP Requests : http://en.wikipedia.org/wiki/Interne...ement_Protocol

 

netsh advfirewall firewall add rule name="All IGMP" protocol=2 dir=in action=block

 

 

Block all GRE Requests : http://en.wikipedia.org/wiki/Generic..._Encapsulation

 

netsh advfirewall firewall add rule name="All GRE" protocol=47 dir=in action=block

 

Block all VRRP Requests : http://en.wikipedia.org/wiki/Virtual...dancy_Protocol

netsh advfirewall firewall add rule name="All VRRP" protocol=112 dir=in action=block

 

 

Block all PGM Requests : http://en.wikipedia.org/wiki/Pragmat...eral_Multicast

 

netsh advfirewall firewall add rule name="All PGM" protocol=113 dir=in action=block/code]




And what is this doing? Could you explain me via pm?  Server is online!
Posted

Can't via PM but I will explain here and I want to help you and other server owners with Windows OS servers..

 

With that cmds you can block a variety of ports from your system, GRPE, ICMP, etc. (like in LINUX systems with iPTables firewall)

With that commands you can activate your Advanced Firewall from Windows and configure it from SHELL console, or directly from RUN/ cmd /Advanced Firewall.

 

 

[iMPORTANT NOTICE]!!!

Search more on google about netsh commands for your server. Trust me this is the only way to stop minor attacks from shi3t skiddies like DoS. (Denial of Service).

DDoS (Distributed Denial of Service) can't be stopped with software configuration only with an external machine/firewall (for a good externa protection you can put another computer in front of your server), or a CISCO router  or any router with protection.

 

Good Luck with your server.

 

 

ALL SERVERS CAN BE CONFIGURED ANTI-DoS (NOT DDoS) from software BUT ONLY FROM COMMANDS!!!

YOU NEED TO USE NETSH COMMANDS FOR WINDOWS SERVERS AND COMMANDS FOR LINUX/UNIX SERVERS.

 

YOU CANT CONFIGURE WINDOWS OR LINUX BY MOUSE CLICKS :P

HAVE FUN AND GOOD LUCK!

Posted

Can't via PM but I will explain here and I want to help you and other server owners with Windows OS servers..

 

With that cmds you can block a variety of ports from your system, GRPE, ICMP, etc. (like in LINUX systems with iPTables firewall)

With that commands you can activate your Advanced Firewall from Windows and configure it from SHELL console, or directly from RUN/ cmd /Advanced Firewall.

 

 

[iMPORTANT NOTICE]!!!

Search more on google about netsh commands for your server. Trust me this is the only way to stop minor attacks from shi3t skiddies like DoS. (Denial of Service).

DDoS (Distributed Denial of Service) can't be stopped with an external machine/firewall (for a good externa protection you can put another computer in front of your server), or a CISCO router  or any router with protection.

 

Good Luck with your server.

 

I doubt if server side configuration is gonna work, nevermind I hope it does

Posted

"

ALL SERVERS CAN BE CONFIGURED ANTI-DoS (NOT DDoS) from software BUT ONLY FROM COMMANDS!!!

YOU NEED TO USE NETSH COMMANDS FOR WINDOWS SERVERS AND COMMANDS FOR LINUX/UNIX SERVERS.

 

YOU CANT CONFIGURE WINDOWS OR LINUX BY MOUSE CLICKS :P

HAVE FUN AND GOOD LUCK!

"

 

When a stranger knocks on your door and ring the door bell a few time a week. Yes you can call to Police ..

 

That's true .. but DDoS or DoS it's illegal. That skiddies will be banned by some datacenters and reported to their shity internet providers and banned and restricted also.

^^

 

 

Posted

"

ALL SERVERS CAN BE CONFIGURED ANTI-DoS (NOT DDoS) from software BUT ONLY FROM COMMANDS!!!

YOU NEED TO USE NETSH COMMANDS FOR WINDOWS SERVERS AND COMMANDS FOR LINUX/UNIX SERVERS.

 

YOU CANT CONFIGURE WINDOWS OR LINUX BY MOUSE CLICKS :P

HAVE FUN AND GOOD LUCK!

"

 

When a stranger knocks on your door and ring the door bell a few time a week. Yes you can call to Police ..

 

That's true .. but DDoS or DoS it's illegal. That skiddies will be banned by some datacenters and reported to their shity internet providers and banned and restricted also.

^^

 

 

 

get real, DoSSers dont attack you with their pc or with their dedicated, they are registered in a company which spreads viruses in links and makes the infected pcs slaves to their ddos network.

 

During a ddos attack thousands of slave pcs from arround the world are ddosing your server

Posted

Noone will spend money to DDoS your fresh L2 private server. Maybe only a noob/skiddie.

 

I know, but no real DDoS from here only some skiddies from MXC forum (other server owners) :P

You can stop by simply add a router like CISCO with basic protection (a cheap one 150-200$) or any router with basic protection for IP filtering.

Or final solution is to NULL Route, a blackhole to 127.0.0.1 ;)

 

Or LoL just restart your server and change your dedicated IP (ask your hosting company).

 

And you're done.

Posted

Noone will spend money to DDoS your fresh L2 private server. Maybe only a noob/skiddie.

 

I know, but no real DDoS from here only some skiddies from MXC forum (other server owners) :P

You can stop by simply add a router like CISCO with basic protection (a cheap one 150-200$) or any router with basic protection for IP filtering.

Or final solution is to NULL Route, a blackhole to 127.0.0.1 ;)

 

Or LoL just restart your server and change your dedicated IP (ask your hosting company).

 

And you're done.

Well,i've already paid the dedicated for 3 months so server won't close.

I've opened donations. (Not Items++ etc stupid things) so if player donate i will buy a ddos protection. if not, i will speak with my host company if i can buy a cisco rooter and send it to them.

Posted

What IP's or what info did you see when you use NETSTAT on your server ?

Use Cports or TCPView (both are free programs, use google).

 

 

or

You can verify it with following command:

# netstat -nr

 

type following command at shell:

# route add 00.00.00.0 gw 127.0.0.1 lo

(Where 00.00.00.0 is attacker IP).

 

 

or

# route -n

 

You can also use reject target

# route add -host IP-ADDRESS reject

# route add -host 00.00.00.0 reject

 

To confirm the null routing status, use ip command as follows:

# ip route get 64.1.2.3

 

Drop entire subnet 192.00.00.0/24:

# route add -net 192.00.00.0/24 gw 127.0.0.1 lo

 

 

You can also use ip command to null route network or ip, enter:

# ip route add blackhole 192.00.00.0/29

# route -n

 

 

Good LucK!

 

 

Posted

 

 

What IP's or what info did you see when you use NETSTAT on your server ?

Use Cports or TCPView (both are free programs, use google).

 

i didn't used netstat,im too busy working on server balance right now.

or

You can verify it with following command:

# netstat -nr

 

type following command at shell:

# route add 00.00.00.0 gw 127.0.0.1 lo

(Where 00.00.00.0 is attacker IP).

 

 

or

# route -n

 

You can also use reject target

# route add -host IP-ADDRESS reject

# route add -host 00.00.00.0 reject

 

To confirm the null routing status, use ip command as follows:

# ip route get 64.1.2.3

 

Drop entire subnet 192.00.00.0/24:

# route add -net 192.00.00.0/24 gw 127.0.0.1 lo

 

 

You can also use ip command to null route network or ip, enter:

# ip route add blackhole 192.00.00.0/29

# route -n

 

 

Good LucK!

 

 

Posted

Well,2shay brah.If u attack other servers,u are gettin attacked.Dont tell me u wasnt expectin dis.

 

What goes around comes around.

Posted

Well,2shay brah.If u attack other servers,u are gettin attacked.Dont tell me u wasnt expectin dis.

 

What goes around comes around.

I didn't attacked any server,that's the bad with my case. But im thinking to start so mutch power got dirty with the time :)

 

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.




×
×
  • Create New...