Merhaba değerli üstadlar,
Uzun yıllardır birçok dc'de Counter-strike sunucuları barındırmaktayız. şuanda cs:go oyunununda turkiyede cok kaliteli sunucular yönetmekteydik. Fakat son haftalar değişik bir saldırı türüyle karşı karşıyayız, siz üstadların hatta dc sahiplerinin bu konuda fikrini almak istiyorum.
Sadecehosting ve DGN dc sinde bulunan sunucularımızda firewall aktif. Fakat bu firewaller bu saldırıyı tespit edememektedirler.
Saldırı şu sekilde gerceklesıyor. Sunucular aslında server tarafında aktif. a2s_info ddos saldırısı gerçekleştiği anda cs:go'nun sunucu listesinde serverlar kapalı olarak gözüküyor. ama server(bizim makine tarafında hepsi aktif gozukuyor.) oyun sunucusunun consoluna baktığımda aşağıdaki şekilde spoof ip'lerde sayısız erişim gozukmektedir.
Alıntı
RejectConnection: 95.12.157.180:52181 - Invalid cross-play platform id
RejectConnection: 88.234.72.49:54156 - Invalid cross-play platform id
RejectConnection: 88.234.72.49:54156 - Invalid cross-play platform id
RejectConnection: 88.234.72.49:54156 - Invalid cross-play platform id
RejectConnection: 212.175.247.213:54770 - Invalid cross-play platform id
RejectConnection: 212.175.247.213:54770 - Invalid cross-play platform id
RejectConnection: 212.175.247.213:54770 - Invalid cross-play platform id
RejectConnection: 78.175.72.197:52419 - Invalid cross-play platform id
RejectConnection: 78.175.72.197:52419 - Invalid cross-play platform id
RejectConnection: 78.175.72.197:52419 - Invalid cross-play platform id
RejectConnection: 78.172.4.116:50429 - Invalid cross-play platform id
RejectConnection: 78.172.4.116:50429 - Invalid cross-play platform id
RejectConnection: 78.172.4.116:50429 - Invalid cross-play platform id
RejectConnection: 78.161.137.115:52763 - Invalid cross-play platform id
RejectConnection: 78.161.137.115:52763 - Invalid cross-play platform id
RejectConnection: 78.161.137.115:52763 - Invalid cross-play platform id
RejectConnection: 78.186.45.220:53088 - Invalid cross-play platform id
RejectConnection: 78.186.45.220:53088 - Invalid cross-play platform id
RejectConnection: 78.186.45.220:53088 - Invalid cross-play platform id
RejectConnection: 88.228.124.107:50020 - Invalid cross-play platform id
RejectConnection: 88.228.124.107:50020 - Invalid cross-play platform id
RejectConnection: 88.228.124.107:50020 - Invalid cross-play platform id
RejectConnection: 78.181.33.1:50580 - Invalid cross-play platform id
RejectConnection: 78.181.33.1:50580 - Invalid cross-play platform id
RejectConnection: 78.181.33.1:50580 - Invalid cross-play platform id
RejectConnection: 78.169.45.234:51709 - Invalid cross-play platform id
RejectConnection: 78.169.45.234:51709 - Invalid cross-play platform id
RejectConnection: 78.169.45.234:51709 - Invalid cross-play platform id
RejectConnection: 88.239.250.220:51354 - Invalid cross-play platform id
RejectConnection: 88.239.250.220:51354 - Invalid cross-play platform id
RejectConnection: 88.239.250.220:51354 - Invalid cross-play platform id
RejectConnection: 88.233.228.202:54971 - Invalid cross-play platform id
RejectConnection: 88.233.228.202:54971 - Invalid cross-play platform id
RejectConnection: 88.233.228.202:54971 - Invalid cross-play platform id
RejectConnection: 81.213.180.177:54334 - Invalid cross-play platform id
RejectConnection: 81.213.180.177:54334 - Invalid cross-play platform id
RejectConnection: 81.213.180.177:54334 - Invalid cross-play platform id
RejectConnection: 88.248.230.39:53671 - Invalid cross-play platform id
RejectConnection: 88.248.230.39:53671 - Invalid cross-play platform id
RejectConnection: 88.248.230.39:53671 - Invalid cross-play platform id
RejectConnection: 78.190.209.222:51210 - Invalid cross-play platform id
RejectConnection: 78.190.209.222:51210 - Invalid cross-play platform id
RejectConnection: 78.190.209.222:51210 - Invalid cross-play platform id
RejectConnection: 212.156.44.215:54022 - Invalid cross-play platform id
RejectConnection: 212.156.44.215:54022 - Invalid cross-play platform id
RejectConnection: 212.156.44.215:54022 - Invalid cross-play platform id
RejectConnection: 88.230.67.125:52358 - Invalid cross-play platform id
RejectConnection: 88.230.67.125:52358 - Invalid cross-play platform id
RejectConnection: 88.230.67.125:52358 - Invalid cross-play platform id
RejectConnection: 95.8.89.118:54705 - Invalid cross-play platform id
RejectConnection: 95.8.89.118:54705 - Invalid cross-play platform id
RejectConnection: 95.8.89.118:54705 - Invalid cross-play platform id
RejectConnection: 88.231.201.132:52180 - Invalid cross-play platform id
RejectConnection: 88.231.201.132:52180 - Invalid cross-play platform id
RejectConnection: 88.231.201.132:52180 - Invalid cross-play platform id
RejectConnection: 95.15.126.48:50273 - Invalid cross-play platform id
RejectConnection: 95.15.126.48:50273 - Invalid cross-play platform id
RejectConnection: 95.15.126.48:50273 - Invalid cross-play platform id
RejectConnection: 95.1.16.142:51938 - Invalid cross-play platform id
RejectConnection: 95.1.16.142:51938 - Invalid cross-play platform id
RejectConnection: 95.1.16.142:51938 - Invalid cross-play platform id
RejectConnection: 88.225.103.31:54567 - Invalid cross-play platform id
RejectConnection: 88.225.103.31:54567 - Invalid cross-play platform id
RejectConnection: 88.225.103.31:54567 - Invalid cross-play platform id
RejectConnection: 78.179.183.204:53014 - Invalid cross-play platform id
RejectConnection: 78.179.183.204:53014 - Invalid cross-play platform id
RejectConnection: 78.179.183.204:53014 - Invalid cross-play platform id
RejectConnection: 78.168.83.253:53992 - Invalid cross-play platform id
RejectConnection: 78.168.83.253:53992 - Invalid cross-play platform id
RejectConnection: 78.168.83.253:53992 - Invalid cross-play platform id
RejectConnection: 78.163.13.180:51131 - Invalid cross-play platform id
RejectConnection: 78.163.13.180:51131 - Invalid cross-play platform id
RejectConnection: 78.163.13.180:51131 - Invalid cross-play platform id
IP rate limit under distributed packet load (2392 buckets, 15307 global count), rejecting 85.111.16.250:50531.
Bu saldırıyı DGN firewall tespit edemiyor, sadecehosting tarafındada durum bu şekilde. cs:go sunucuları down olarak gozukmekte. gelen saldırıyı bir log dosyasında biriktiriyorum.
console_output.log dosyasında bu ipleri yazdırıyorum sonra bu dosyadan
cat console_output.log | grep "RejectConnection" | uniq -u komutu ile saldıran ipleri süzüyorum.
acaba bu ipleri bir script ile iptables ile otomatik banlamanın bir yolu yokmudur ? bunları nasıl engelleyebiliriz.
Saygılarımla.
