Re: [hlds_linux] tf2 denial of service - please do something!

[Marco Padovan]

With 1000ports protected and 4 rules for each port on simple testserver 
(xeon 3430):

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
    7 root     -76   0     0    0    0 S 29.5  0.0 204:01.74 sirq-net-rx/0
   21 root     -76   0     0    0    0 S  8.3  0.0   9:02.45 sirq-net-rx/1
15408 ***   20   0  620m 506m  18m S  6.6  6.3 114:34.22 srcds_linux
12249 ***   22   2  363m 291m 3420 R  4.6  3.6   3:35.13 cod4_lnxded
 8495 ***   20   0 83864  19m 2104 S  3.6  0.2 545:31.54 hlds_i686
 8649 ***   20   0  173m  61m 7416 S  3.0  0.8 516:10.89 srcds_linux

29.5% + 8.3% of cpu usage just to correct an engine defect is too much...

currently, on that test box, there are like 10 servers protected... the 
rest are servers that does not need protection (cod, voice and so on)... 
and the traffic flow is very very very low!

Monitoring eth0...    (press CTRL-C to stop)

   rx:      632 kbit/s   777 p/s          tx:      308 kbit/s   220 p/s

:(

Il 06/01/2011 12:02, Arie ha scritto:
Ronny and me wrote that blogpost on vanillatf2. During our tests the filter
seemed effective and not causing too much CPU usage even when sending
multiple megabytes worth of packets per second, so I'm curious why you say
it's not going to work for you.

It would of course be better if the gameserver itself would use
sv_max_queries_sec_global properly. Right now this setting doesn't help
against these attacks.



On 5 January 2011 23:42, Marco Padovan<evolutioncr...@gmail.com>  wrote:

I'm hosting many tf2 servers and lately we are getting a lot of denial of
services...

basically we got our machservers spammed with query requests till the point
they time out (the machine is running properly, it's just the gameserver
slowly dieing)

an effective way to stop this kind of behaviour is:
http://www.vanillatf2.org/2011/01/fighting-dos-attacks/

but that cannot be handled properly on boxes as busy as ours...

basically with just little effort anybody is able to take down a single
gameserver spamming it with query requests :(

What can we do to stop that?
Is there a decent plugin/official fix to get rid of this problem instead of
doing packet inspection via iptables on boxes handling 10000+
packets/second?
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux