Botnet Attacks on BYOND Hosts.

BYOND Forums

Announcements · BYOND Help · Bug Reports · Feature Requests · Beta Testers · Beta Bugs · Developer Help · Design Philosophy · Demos & Libraries · Tutorials & Snippets · Art & Sound · Classified Ads · Game Updates · Contests & Events · Linux Talk · On Topic · Off Topic

ID:184843 Jun 23 2006, 6:30 am
Chrisman767	Alright, my friend regularily hosts the game Space Station 13, recently someone started use a "Botnet" and attacking his server and PC whenever he hosts. He is quite worried and I am wondering what can be done to stop the vicious attacks on his PC.

Jun 23 2006, 7:06 am
Sarm	This makes me curious and if anyone knows, I'd like to second this question. I recently started hosting SS13 in the afternoons and I'd like to avoid a similat situation should one occur.

Jun 23 2006, 10:10 am

In response to Sarm

digitalmouse

at the moment, the only defense is a good monitoring behaviour - tracking/watching what is happening to the system via various system logs - and using that info to thwart the attackers.

if the OS is *nix based, a solid firewall that rejects everything but the port your game is running on (plus the ports BYOND uses to communicate to the hub) might ward them off if it's just a bunch of script-kiddies.

my question is: is this 'botnet' attacking the entire machine? or just coming into the game and causing trouble?

for the later i suspect it's just a bunch of kids logging in on multiple keys - for which a decent ban system should help. i hear Crispy has a good ban library.

for the former, consider learning about honeypots. they can be very good for monitoring your system, but usually require a real good understanding of networking techniques (both good and bad), and a solid familiarity of what your operating system is doing at any given moment.

some good reading: http://www.honeynet.org/papers/bots/
http://en.wikipedia.org/wiki/Botnet (particularly the section 'Preventive measures'
http://lowkeysoft.com/proxy/ - analysis of a zombie net. interesting read.
http://www.simplicita.com/ - anti-zombie software apparently
http://en.wikipedia.org/wiki/Intrusion_prevention_system - possible solution (note: many of those vendors offer trail-period downloads, might be enough to get them off your back for a while)

Jun 23 2006, 4:06 pm

In response to Sarm

Shades

Yeah as Mouse said, you just need to watch your server carefully and make sure you catch the kids.

One of my friends had a guy who ran a mud and some kid kept attacking his server. Well the guy got his IP address and tracked him to his ISP. He e-mailed the ISP and complained about it. Turns out the ISP was in China and these sorts of things were actully illegal. The kid attacking the server ended up getting 5 years in jail. Interpole even ended up sending the guy who ran the mud a offical letter and stuff.

Anyways, the point is, you can track them and you could always call up or e-mail their ISP and complain. It won't be anything like the above, but you could still get their internet possibly revoked.

Jun 23 2006, 5:58 pm In response to Shades
Kujila	Interpol? I thought that was only on Lupin III ~Kujila

Jun 23 2006, 6:01 pm In response to Shades
Scoobert	I had a little problem with spam, a legal threat stopped that, you can see the whole ordeal here

Jun 23 2006, 8:24 pm In response to Scoobert
Tazor07	SUE THEM, SUE THEM ALL!

Jun 23 2006, 11:27 pm In response to Kujila
Crispy	Nope, Interpol is a real organisation. http://en.wikipedia.org/wiki/Interpol