Thanks John. Could you guide/send me the Iptables?
My server is on port 27115 and the attack comes in on port 28960 - But it wont work block the port (Have tried) "IP rate limit sustained 79085 distributed packets at 2636.2 pps (1246 buckets). IP rate limit under distributed packet load (1205 buckets, 15001 global count), rejecting 8.59.18.221:28960. IP rate limit sustained 78411 distributed packets at 2613.7 pps (943 buckets). IP rate limit under distributed packet load (1210 buckets, 15001 global count), rejecting 154.112.126.3:28960. IP rate limit sustained 104375 distributed packets at 3479.2 pps (968 buckets). IP rate limit under distributed packet load (1152 buckets, 15001 global count), rejecting 84.3.222.161:28960. IP rate limit sustained 78941 distributed packets at 2631.4 pps (795 buckets). IP rate limit under distributed packet load (1176 buckets, 16663 global count), rejecting 88.131.51.148:28960." 2017-03-23 22:27 GMT+01:00 John <lists.va...@nuclearfallout.net>: > On 3/23/2017 1:34 PM, Mathias wrote: > >> My server's getting flood with VSE DDoS Attack. My server have DDoS >> Protection but it wont take it. any other DDoS Attack does it takes so what >> can i do? i'm on Linux Ubuntu 16.04. >> >> Here is server logs - http://pastebin.com/Q2dbcEMt >> >> I also got how the script works (VSE DDoS Attack) - Found on a forum via >> Google >> >> Any idea to stop it with Iptables? Packet limit? >> > > The term "VSE" ("Valve Source Exploit") that the attackers like to use is > a misnomer because there isn't an exploit involved. These attacks just > flood a server with spoofed queries and/or connection attempts from random > sources, and Source can't handle the volume. > > Currently the most effective general-purpose way to deal with these is to > whitelist real player IPs and rate-limit queries and connection attempts > from all other sources (down to around 1000/s). This can be done with > iptables using a combination of the ipset, hashlimit, and bpf/u32/string > modules. > > Ideally, the game would be redesigned to using TCP for queries and the > very first part of the connection, offloading the first-contact tasks to > the OS, which has established methods for combating high-rate spoofed TCP > SYN floods. Internally, it could then straight drop all UDP packets that > don't correspond to a currently connected player. > > -John > > _______________________________________________ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
