Il 08/01/2011 01:01, frostschutz ha scritto:
On Fri, Jan 07, 2011 at 11:50:56PM +0100, Marco Padovan wrote:
I suppose those are all spoofed udp packets as they were the last time I
checked them :(
Only you can tell. (We can't look at the packets you're getting:)
Didn't took the time because they were very short spikes... will arrange
something in the next days if the thing will continue with this frequency...
The problem is that it will take days to analyze the output of half an
hour worth of log :D
it's difficult to justify these spikes as legit traffic..
10k spikes are not legit, I was thinking more along the lines
of randomly getting 40 instead of just 10-20 packets in one
particular second. A spike of 40 could be allowed, a spike
of 10000 certainly not. ;)
check from 23:21 onward
http://pastebin.com/jUjzyKY6
Since the DROP stays at 0 for several minutes that looks fine.
If it increased like 1-5 packets every other second that would
point to a too low limit.
You had 3 unlucky queries between 23:00 and 23:01 (legit spike
that got dropped), then again nothing for minutes, and then
comes the DoS that gets dropped correctly.
yeah, I'm sorry for those 3... hope they got lucky retrying a second
later ;)
I think that's okay.
I hope that too...
thanks for your precious suggestions :)
Regards
frostschutz
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
