What about this one:
http://code.google.com/p/querycache/
?
(it report the server as public even if it's private)
PS: thanks Arie ;)
extended the filtering to all those other packets :)
Il 25/01/2011 15:14, Chris ha scritto:
Ever notice that when you use the querycache that your server doesn't show
in the master server list and if you try to query it with steam it
retrieves no information.
HLSW works to query though.
Do you have this problem too?
On Tue, Jan 25, 2011 at 5:37 AM, Arie<nos...@ariekanarie.nl> wrote:
Most of the attacks directed at my server are exactly 30 seconds long and
designed to freeze the server long enough to drop all players. This attack
seems to be no longer effective on my server due to filtering and limiting
the amount of packets/sec.
Yesterday the season finals of ETF2L were played and the first gameservers
were attacked and brought down. For some reason my servers were able to
withstand the attack, but I'm not sure why since at least one of the
gameservers that was attacked earlier uses similar protection.
During the match both the relays and gameservers kept getting attacked but
the firewall was effective in keeping the server safe this time.
This is the current (ruby) script I use to generate the firewall rules and
set up 'querycache' to deal with A2S_INFO floods.
https://github.com/Arie/tf2scripts/blob/master/rate-limit-iptables-querycache.rb
About a week ago Ronny of nice-servers.com and I contacted Robin Walker
about the DoS attacks we were seeing then. These were the
A2S_INFO/A2S_PLAYER/A2S_RULES attacks.
Hi guys.
Our dedicated server folks are now fully up-to-speed on the issue, and
hope
to get to it soon.
Robin.
Recently we've been seeing attacks using udp packets starting with ffffff,
but unlike a normal A2S packet like ffffff54, these ones had random numbers
after. An orangebox server seems to invest some CPU time in any packet
starting with ffffff.
Below is a log of a 30-second attack.
Jan 20 22:17:50 FLOOD 27025 SRC=68.180.244.207 DST=80.84.250.224 LEN=53
TOS=00 PREC=0x00 TTL=61 ID=35101 CE PROTO=UDP SPT=2925 DPT=27025 LEN=33
----SNIP-----
Jan 20 22:18:19 FLOOD 27025 SRC=159.142.163.232 DST=80.84.250.224 LEN=53
TOS=00 PREC=0x00 TTL=61 ID=35537 CE PROTO=UDP SPT=60706 DPT=27025 LEN=33
On 25 January 2011 08:58,<gamead...@127001.org> wrote:
Our servers aren't CRASHING, but they're freezing for the 30 seconds long
enough to drop every single player
-----Original Message-----
From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
boun...@list.valvesoftware.com] On Behalf Of Marco Padovan
Sent: 24 January 2011 23:33
To: hlds_linux@list.valvesoftware.com
Subject: [hlds_linux] tf2 ddos - again - please do something
Looks like there's another kind of crafted packed around flooding tf2
servers and crashing them...
how does this new pattern looks like?
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
