Top Mud Sites Forum - View Single Post

Terloch · 01-28-2003, 03:57 PM

Of late I have a former player/staff member who is using tintin to connect to the mud, but not anything else. Now, you are probably thinking, "Big freaking deal! So what?" Well, when it's done over 140,000 times and it overloads the descriptor flow, it's a big deal.

This is what's happening. he connects, gets the color prompt, and then (I'm assuming) starts another session up with a trigger to start it all over again.

The user is using two accounts, one is a DSL through Qwest (who is a pain in the ass to talk to), and the other is a mud server, Tamarisk in Canada. I've sent emails to Qwest to their abuse email, and got diddly squat in response. We have also sent logs and emails to Tamarisk, but since our "mud logs" aren't "server logs" they apparently arent' reliable enough.

This is causing our descriptors to not be available when people try to legitimately log in, and is making some HUGE log files which is filling up our space.

Our host (Betterbox) has banned the first two sockets from connecting to the shell at all on any ports, but now this morning there's a new IP (big shock right?) on another class B that Qwest owns. Sure, we could ban all the Qwest ranges, there's only 6 Class B ranges, so around 500,000 users would be banned, but that's insane.

I've left messages with the FBI's office that handles DOS attacks, but not heard anything back, and I've filed incident reports with them as well, but let's be honest, we're a game running 60 players, not a website with a million users, so are they really going to do squat?

Any ideas from ANYONE out there what we might be able to do?

Thanks,

Terloch

01-28-2003, 03:57 PM	#1
Terloch Member Join Date: Apr 2002 Location: Chicago, Illinois Posts: 152	Of late I have a former player/staff member who is using tintin to connect to the mud, but not anything else. Now, you are probably thinking, "Big freaking deal! So what?" Well, when it's done over 140,000 times and it overloads the descriptor flow, it's a big deal. This is what's happening. he connects, gets the color prompt, and then (I'm assuming) starts another session up with a trigger to start it all over again. The user is using two accounts, one is a DSL through Qwest (who is a pain in the ass to talk to), and the other is a mud server, Tamarisk in Canada. I've sent emails to Qwest to their abuse email, and got diddly squat in response. We have also sent logs and emails to Tamarisk, but since our "mud logs" aren't "server logs" they apparently arent' reliable enough. This is causing our descriptors to not be available when people try to legitimately log in, and is making some HUGE log files which is filling up our space. Our host (Betterbox) has banned the first two sockets from connecting to the shell at all on any ports, but now this morning there's a new IP (big shock right?) on another class B that Qwest owns. Sure, we could ban all the Qwest ranges, there's only 6 Class B ranges, so around 500,000 users would be banned, but that's insane. I've left messages with the FBI's office that handles DOS attacks, but not heard anything back, and I've filed incident reports with them as well, but let's be honest, we're a game running 60 players, not a website with a million users, so are they really going to do squat? Any ideas from ANYONE out there what we might be able to do? Thanks, Terloch