Provider thinks that Plutonium Servers are a DDOS attack?

Topic created · 4 Posts · 103 Views
  • Does anyone have a Provider for their Servers and encounter Messages from their Provider that seemingly there is a DDOS for your Servers?

    Since I switched around way to often thinking it was the providers fault. But as of now 3 different Providers told me that a DDOS strike occured over multible IPs (all IPs from our Player base which were all InGame as the "DDOS" takes place) over our Server Ports send X amount of packets resulting in 300 Mbit/s traffic. This behaviour causing my Servers to be blocked cause they are the Source.

    Since I setup multiple VPS Systems Providers Servers and new configs for them leaving nearly no space for thinking that is something wrong with the Provider nor Servers nor Configs, I think it has something to do with Plutoniums end.

    Thats why I am asking If others have experienced the same. (I host 23 Servers)

    Attachments:

    netcup notification:

    A few minutes ago a massive attack on your product v2202111132827168457 took place. We therefore route the affected IP address 202.61.238.83 via our free DDoS filter. This filters all packets that cause the DDoS. In this way, the services of your server that are not attacked can still be reached. Due to the filtering, the packet runtimes may be somewhat longer.
    
    We check at regular intervals whether the attacks have subsided. As soon as this has happened, we will route the IP address 202.61.238.83 directly to your server again.
    
    Here you will find extracts from the log that describe the attack:
    Start: 2021-11-22T14: 59: 24 + 00: 00
    Destination: 202.61.238.83
    Direction: Incoming
    Bandwidth: 301.199920654 Mbit / s
    Packets per second: 856 026 pps
    
    
    The following attack types were recognized:
    This alert was generated due to fast flood detection. The "UDP" host alert signature has been triggered at router "bbr01.anx25.fra.de". (expected rate: 100.00 Kpps, observed rate: 250.01 Kpps)
    
    
    
    The following pattern were detected:
    Protocol: UDP
    Destination Port: 4991
    Source Networks: 107.XXX.XXX.12 / 32
    Source Port: 1024-65535
    Traffic Data: 88739163 pps
    
    Protocol: UDP
    Destination Port: 4991
    Source Networks: 45.XXX.XXX.36 / 32
    Source Port: 1024-65535
    Traffic Data: 83525773 pps
    
    
    
    Following Combinations are now ratelimited:
    SRC: 107.XXX.XXX.12 / 32 SRCPORT: 1024-65535 DSTPORT: 4991 PROTO: UDP
    SRC: 45.XXX.XXX.36 / 32 SRCPORT: 1024-65535 DSTPORT: 4991 PROTO: UDP
    

    contabos notification:

    we will contact you to inform you that your server at Contabo is currently the target of a very large network attack. The attack was recognized by our network and is automatically blocked to ensure the availability of your server.
    
    The following IP address is affected by this attack:
    
    XX.XX.XXX.XX
    
    Please note that the filter measures in rare cases also result in data packets that are not part of the attack being discarded by our network. In these few cases, the availability of certain services on your server may be restricted. This measure remains active for the duration of the attack.
    
    If you are in contact with the attacker, do not inform him under any circumstances about this measure. Otherwise a long-term blocking of your server cannot be ruled out.
    
    Please do not hesitate to contact us if you have any further questions or if we can be of assistance with this matter.
    
  • @THS-Shiniri i honestly see no way even 23 full pluto servers could generate 300Mbit/s of traffic..

  • You need to carefully read, you are being attacked and not the attacker.
    107.189.8.12 and 45.61.187.36 are known to try to DDoS multiple Plutonium game server, they don't have a lot of bandwidth (the highest I got in multiple attacks was 252 mbit/s which is not even enough for my residential connection; LOL) and just flood the server with too many shit packets it needs to look at. Simply block them off in your firewall.

    That's what happens when you attract "professional" and "competitive" Tekno Server "Hoster"

  • @Xerxes hmm okay then i try to Block those ips in Windows i guess?

    Protocol: UDP
    Destination Port: 4991
    Source Networks: 107.189.8.12/32
    Source Port: 1024-65535
    Traffic Data: 88739163 pps

    Protocol: UDP
    Destination Port: 4991
    Source Networks: 45.61.187.36/32
    Source Port: 1024-65535
    Traffic Data: 83525773 pps

    Protocol: UDP
    Destination Port: 4986
    Source Networks: 84.248.25.159/32
    Source Port: 4976
    Traffic Data: 24985 pps

    Protocol: UDP
    Destination Port: 4986
    Source Networks: 85.76.111.226/32
    Source Port: 39010
    Traffic Data: 13926 pps

    Protocol: UDP
    Destination Port: 4993
    Source Networks: 79.109.161.224/32
    Source Port: 4976
    Traffic Data: 5324 pps

Log in to reply