[hlds_linux] IP Tables rules against DDOS attacts
Hy In an older mail from this list (thath i can#39;t find right now), there was a mail thath cointain some IP tables rules agains DDOS attact. If somebody can find it or still has it please send it to me (szoke(at)synhosting.eu). Thanks in advance. ps. Valve could you do something about this? Nearly a 5 year old can find a porgram on the internet to lagg a SRCDS server :/ GreetingsSzoke ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] IP Tables rules against DDOS attacts
which kind of attacks are we talking about? please share some packet samples Il 25/06/2011 13:26, molnár lászló ha scritto: Hy In an older mail from this list (thath i can#39;t find right now), there was a mail thath cointain some IP tables rules agains DDOS attact. If somebody can find it or still has it please send it to me (szoke(at)synhosting.eu). Thanks in advance. ps. Valve could you do something about this? Nearly a 5 year old can find a porgram on the internet to lagg a SRCDS server :/ GreetingsSzoke ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] IP Tables rules against DDOS attacts
I guess hes talking about UDP-flooding. You can block the exact size of the packets in iptables (i think its 24 46 bytes on the ports. /Chris Sent from my iPhone 4 Den 25/06/2011 kl. 14.01 skrev Marco Padovan e...@evcz.tk: which kind of attacks are we talking about? please share some packet samples Il 25/06/2011 13:26, molnár lászló ha scritto: Hy In an older mail from this list (thath i can#39;t find right now), there was a mail thath cointain some IP tables rules agains DDOS attact. If somebody can find it or still has it please send it to me (szoke(at)synhosting.eu). Thanks in advance. ps. Valve could you do something about this? Nearly a 5 year old can find a porgram on the internet to lagg a SRCDS server :/ GreetingsSzoke ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] IP Tables rules against DDOS attacts
Hy! Thanks for the answer.I am not so good at this tings so could you please specify what information do you need, and how can i get it? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] IP Tables rules against DDOS attacts
This is our rule to drop zero-length UDP packets: #Ban zero-length UDP /sbin/iptables -A INPUT -p udp -m length --length 28 -j DROP There are more sophisticated flooding attacks, but blocking that one is a good start -Original Message- From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux- boun...@list.valvesoftware.com] On Behalf Of molnár lászló Sent: 25 June 2011 13:58 To: hlds_linux@list.valvesoftware.com Subject: [hlds_linux] IP Tables rules against DDOS attacts Hy! Thanks for the answer.I am not so good at this tings so could you please specify what information do you need, and how can i get it? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] IP Tables rules against DDOS attacts
install tcpdump on your box and run it on the server while it's being ddossed: tcpdump -nnvvXS dst port 27005 (supposing the server under attack is listening on 27005) Il 25/06/2011 14:58, molnár lászló ha scritto: Hy! Thanks for the answer.I am not so good at this tings so could you please specify what information do you need, and how can i get it? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] IP Tables rules against DDOS attacts
Very good tutorial: https://forums.alliedmods.net/showthread.php?t=151551 -Oryginalna wiadomość- From: molnár lászló Sent: Saturday, June 25, 2011 1:26 PM To: hlds_linux@list.valvesoftware.com Subject: [hlds_linux] IP Tables rules against DDOS attacts Hy In an older mail from this list (thath i can#39;t find right now), there was a mail thath cointain some IP tables rules agains DDOS attact. If somebody can find it or still has it please send it to me (szoke(at)synhosting.eu). Thanks in advance. ps. Valve could you do something about this? Nearly a 5 year old can find a porgram on the internet to lagg a SRCDS server :/ GreetingsSzoke ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] IP Tables rules against DDOS attacts
Hi: For 0 size udp flood you only need http://www.sourceop.com/modules.php?name=Downloadsd_op=viewdownloadcid=9 (dont know if work with last update) And for rcon exploits, block the tcp query port, for example: IPTABLES -A INPUT -p tcp --dport 27015-j DROP Best regards ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] IP Tables rules against DDOS attacts
You can also rate-limit in iptables since a new module was introduced not too long ago. I use it for SSH and a few other ports as well. Here's an example for those that care. The below will rate limit ssh connections to no more than 4 every 60 seconds. Anything over that, iptables drops for a period of 10 or 15 minutes I believe. (Will have to check on the duration of the block). iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT R's, max On Sat, Jun 25, 2011 at 8:22 AM, Andres Pozos javato...@yahoo.es wrote: Hi: For 0 size udp flood you only need http://www.sourceop.com/** modules.php?name=Downloadsd_**op=viewdownloadcid=9http://www.sourceop.com/modules.php?name=Downloadsd_op=viewdownloadcid=9(dont know if work with last update) And for rcon exploits, block the tcp query port, for example: IPTABLES -A INPUT -p tcp --dport 27015-j DROP Best regards __**_ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/**mailman/listinfo/hlds_linuxhttp://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux