The nuke exploit works as follows: Connect to a server via TCP (rcon, does anything else use TCP? I have no idea.) on its port. Send a million garbage packets ??? Profit
The server goes insane handling them. Solution: Limit incoming TCP packets to ~1/second from any given IP on that port, *OR* Block TCP access to the server's port except from trusted people. Linux IPtables rules: iptables -A INPUT -p tcp --dport 27015 -m hashlimit --hashlimit-mode srcip,dstip,dstport --hashlimit 1/sec --hashlimit-burst 1 --hashlimit-name TF_PACKET_LIMIT -j ACCEPT iptables -A INPUT -p tcp --dport 27015 -j DROP /etc/init.d/iptables save /etc/init.d/iptables start (Note: you probably shouldn't enable iptables blindly if you don't know what you're doing) Windows: Block TCP to 27015 except for trusted people. Or something. Someone who admins window servers will need to guide you! - Neph (sv_benchmark_force_start fix coming in a few minutes) _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
