Ronny and me wrote that blogpost on vanillatf2. During our tests the filter seemed effective and not causing too much CPU usage even when sending multiple megabytes worth of packets per second, so I'm curious why you say it's not going to work for you.
It would of course be better if the gameserver itself would use sv_max_queries_sec_global properly. Right now this setting doesn't help against these attacks. On 5 January 2011 23:42, Marco Padovan <evolutioncr...@gmail.com> wrote: > I'm hosting many tf2 servers and lately we are getting a lot of denial of > services... > > basically we got our machservers spammed with query requests till the point > they time out (the machine is running properly, it's just the gameserver > slowly dieing) > > an effective way to stop this kind of behaviour is: > http://www.vanillatf2.org/2011/01/fighting-dos-attacks/ > > but that cannot be handled properly on boxes as busy as ours... > > basically with just little effort anybody is able to take down a single > gameserver spamming it with query requests :( > > What can we do to stop that? > Is there a decent plugin/official fix to get rid of this problem instead of > doing packet inspection via iptables on boxes handling 10000+ > packets/second? > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
