OVH Community, your new community space.

Anti-DDoS cut network on server


AngelDeaD
13-04-2016, 01:25
Sorry for late response.

IP change is not even solution. (In best scenario, I will stop DDoS for MAX 2 hours)
Anti GAME DDoS, I do not know, support probably sugest me to buy it, but they did not, Maybe even that would not stop this attacks.

How ever, today I'm contacted again by tehnical support, they requested tcpdump log while attack is in progress (in other words, while my server is under this new type of DDoS attack). I already made it few days ago.
I also find the cause of attacks, so I isolate it (one client suffer, but...)
Hope they would make some success with that 1.9 Gb log of tcpdump
Mikkel
10-04-2016, 10:22
Quote Originally Posted by 24x7servermanag
May be you can ask them to change the IP address
it will not help with "change" IP address, and the DDoS attack will move with..

i will recommend you to switch over to OVH (Anti GAME)
24x7servermanag
10-04-2016, 10:02
May be you can ask them to change the IP address
AngelDeaD
09-04-2016, 15:17
Hello to me and to my viewers

TEHNICAL support told my that my server getting an new type of DDoS, Anti-DDoS detect it, but it can not stop it.
No idea what to do, my clients are angry.
AngelDeaD
03-04-2016, 15:36
Unfortunately same problem is back.

An specific DDoS type of attack, do something to network of my server, and it's spamming in /var/log/messages
eth0: link up
...
during that time no one can't access to my server, not even monitoring system, that detect Defect on my server, then support spot "black screen, no response keyboard", they just do hard reboot and REPEAT.

Only reboot is fix, for now.
AngelDeaD
30-03-2016, 00:37
I see that so many issues were fixed according to http://status.ovh.net/
In meanwhile I changed kernel (one that I haven't used before on my server, from ftp://ftp.ovh.net/made-in-ovh/bzImage/ ) since that moment I had only one DDoS attack, and everything went well, only few seconds of down time, which is great.
AngelDeaD
26-03-2016, 21:00
In last few days, my server get network cuts, when anti ddos get activated.

Code:
Mar 26 00:03:22 kernel: ------------[ cut here ]------------
Mar 26 00:03:22 kernel: WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:264 dev_watchdog+0x246/0x250()
Mar 26 00:03:22 kernel: NETDEV WATCHDOG: eth0 (r8169): transmit queue 0 timed out
Mar 26 00:03:22 kernel: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.14.32-xxxx-std-ipv6-64-hz1000 #1
Mar 26 00:03:22 kernel: Hardware name: System manufacturer System Product Name/P8H77-M PRO, BIOS 1401 08/20/2013
Mar 26 00:03:22 kernel: 0000000000000009 ffff88081fa03db8 ffffffff81e4b49d 0000000000000007
Mar 26 00:03:22 kernel: ffff88081fa03e08 ffff88081fa03df8 ffffffff810e47cd ffff88081fa03e68
Mar 26 00:03:22 kernel: 0000000000000000 ffff8807f0572000 0000000000000001 0000000000000000
Mar 26 00:03:22 kernel: Call Trace:
Mar 26 00:03:22 kernel:   [] dump_stack+0x46/0x58
Mar 26 00:03:22 kernel: [] warn_slowpath_common+0x7d/0xb0
Mar 26 00:03:22 kernel: [] warn_slowpath_fmt+0x41/0x50
Mar 26 00:03:22 kernel: [] dev_watchdog+0x246/0x250
Mar 26 00:03:22 kernel: [] ? pfifo_fast_enqueue+0xa0/0xa0
Mar 26 00:03:22 kernel: [] call_timer_fn.isra.25+0x27/0x80
Mar 26 00:03:22 kernel: [] run_timer_softirq+0x166/0x1f0
Mar 26 00:03:22 kernel: [] __do_softirq+0xdc/0x1f0
Mar 26 00:03:22 kernel: [] irq_exit+0x95/0xa0
Mar 26 00:03:22 kernel: [] smp_apic_timer_interrupt+0x45/0x60
Mar 26 00:03:22 kernel: [] apic_timer_interrupt+0x6a/0x70
Mar 26 00:03:22 kernel:   [] ? ktime_get+0x4d/0xd0
Mar 26 00:03:22 kernel: [] ? cpuidle_enter_state+0x56/0xd0
Mar 26 00:03:22 kernel: [] ? cpuidle_enter_state+0x52/0xd0
Mar 26 00:03:22 kernel: [] cpuidle_idle_call+0x98/0x130
Mar 26 00:03:22 kernel: [] arch_cpu_idle+0x9/0x20
Mar 26 00:03:22 kernel: [] cpu_startup_entry+0xda/0x1c0
Mar 26 00:03:22 kernel: [] rest_init+0x72/0x80
Mar 26 00:03:22 kernel: [] start_kernel+0x41b/0x428
Mar 26 00:03:22 kernel: [] ? repair_env_string+0x5e/0x5e
Mar 26 00:03:22 kernel: [] x86_64_start_reservations+0x2a/0x2c
Mar 26 00:03:22 kernel: [] x86_64_start_kernel+0xce/0xd2
Mar 26 00:03:22 kernel: ---[ end trace 8b71accaa356f13a ]---
Mar 26 00:03:22 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 00:03:52 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 00:04:22 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 00:04:46 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 00:05:10 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 00:08:28 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 00:29:51 kernel: net_ratelimit: 48 callbacks suppressed
Mar 26 00:29:56 kernel: net_ratelimit: 52 callbacks suppressed
Mar 26 00:48:16 kernel: net_ratelimit: 23 callbacks suppressed
Mar 26 00:48:16 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 00:49:28 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 00:51:16 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 00:51:52 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 00:53:22 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 02:37:16 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 06:25:04 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="3798" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Mar 26 11:51:07 kernel: hlds_i686[3182]: segfault at 0 ip 00000000f703337e sp 00000000ffa3f5c0 error 4 in engine_i686.so[f7033000+7000]
Mar 26 19:38:22 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:38:34 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:38:46 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:38:58 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:39:10 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:39:22 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:39:34 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:39:46 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:39:58 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:40:10 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:40:22 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:40:34 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:40:46 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:40:58 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:41:10 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:41:22 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:41:34 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:41:46 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:41:58 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:42:10 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:42:22 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:42:34 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:42:46 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:42:58 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:43:10 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:43:22 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:43:46 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:44:58 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:46:10 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:47:10 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:48:10 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:48:52 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:49:40 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:50:40 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:51:40 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:52:40 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:53:34 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:54:34 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:55:28 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:56:28 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:57:22 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:58:10 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 19:59:04 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:00:04 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:00:58 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:01:58 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:02:52 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:03:52 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:04:52 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:05:52 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:06:46 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:07:46 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:08:40 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:09:40 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:10:40 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:11:40 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:12:28 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:13:22 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:14:16 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:15:10 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:16:10 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:17:04 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:18:04 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:18:57 kernel: hlds_i686[27857]: segfault at 0 ip 00000000f709f37e sp 00000000fffd0040 error 4 in engine_i686.so[f709f000+7000]
Mar 26 20:19:04 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:20:04 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:21:04 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:21:58 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:22:58 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:23:52 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:24:52 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:25:52 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:26:46 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:27:46 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:28:46 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:29:40 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:30:40 kernel: r8169 0000:03:00.0 eth0: link up
Mar 26 20:31:40 kernel: r8169 0000:03:00.0 eth0: link up
SYS-SSD-4 server.
NIC: vv25808-sys
service: ns3000606.ip-37-59-46.eu

So far, I tried with differnt kernels from: ftp://ftp.ovh.net/made-in-ovh/bzImage/
but no luck. Problem is still here, with almost every activation of Anti-DDoS.