Hi
before it i just block 0:32 byte packages ("connect" flood bug)
but someone dropdown my servers by make them do a lot of IO operations
it helps, but not good enough
/Srcds Hardening guide on Alliedmodders
It`s outdated for today ddos bugs
Run a tcpdump and post that here.
have one, a lot of packages from one IP with different length, drop link to dump later
tcpdump -i any -c 30000 -w dump1.pcap
better
tcpdump -i any -C 100 -W 50 -w dump1.pcap
it will rollover dump in 50 files by 100mb
does someone use iptables & fail2ban combination?
04.10.2015, 21:31, "Calvin J" <[email protected]>:
Hi,,
Nobody can help you with the information you have provided. Run a tcpdump and post that here. Though, chances are unlikely that you're going to be able to block this with IPTables unless it's small. (If the attack is exceeding the line speed, run the tcpdump over IPMI.)
Also, you should dump those firewall rules in the meantime as they're likely causing you more harm than good. I assume you followed that IPTables/Srcds Hardening guide on Alliedmodders. And while some of those rules may be useful, it's extremely unlikely that you needed to copy and paste everything in that thread.
Example usage of tcpdump.
tcpdump -i any -c 30000 -w dump1.pcap
On 10/4/2015 5:12 AM, Левинчук Федор wrote:Hi everyoneneed your helpi have this in iptablesi have 128 tik serversmaybe some params in iptable are wrong or missingbut somehow attacker ddos my MM serverscan someone give advice?thx in advance
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
