On 3/23/2017 1:34 PM, Mathias wrote:
My server's getting flood with VSE DDoS Attack. My server have DDoS
Protection but it wont take it. any other DDoS Attack does it takes so
what can i do? i'm on Linux Ubuntu 16.04.
Here is server logs - http://pastebin.com/Q2dbcEMt
I also got how the script works (VSE DDoS Attack) - Found on a forum
via Google
Any idea to stop it with Iptables? Packet limit?
The term "VSE" ("Valve Source Exploit") that the attackers like to use
is a misnomer because there isn't an exploit involved. These attacks
just flood a server with spoofed queries and/or connection attempts from
random sources, and Source can't handle the volume.
Currently the most effective general-purpose way to deal with these is
to whitelist real player IPs and rate-limit queries and connection
attempts from all other sources (down to around 1000/s). This can be
done with iptables using a combination of the ipset, hashlimit, and
bpf/u32/string modules.
Ideally, the game would be redesigned to using TCP for queries and the
very first part of the connection, offloading the first-contact tasks to
the OS, which has established methods for combating high-rate spoofed
TCP SYN floods. Internally, it could then straight drop all UDP packets
that don't correspond to a currently connected player.
-John
_______________________________________________
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
