Anyone know of any hardware solutions to this problem? ClanAO.com
On Sep 5, 2009, at 8:09 PM, Kaspars <[email protected]> wrote: > Actually I got inspired by the word "daemon" and I realized that the > key to > the problem is a daemon... a proxy daemon... a caching proxy > daemon :) I > didn't have much time to check the incoming packet pattern, however > I'm not > sure that they all were 53 bytes long, actually the number was > something > like 33 that showed up a LOT of times in iptables logs (but I might be > wrong... and I'm sure the fault lies in drinking too much beer). > Nevertheless I went for the 100% match with the -m string and it works > really good. I'm having about 300r/s and I don't see any CPU usage > with this > method. Anyways you are free to modify the source or iptables filter > command > :) > > 2009/9/6 Nephyrin Zey <[email protected]> > >> As an alternative to using -m string, you can just filter length 53 >> packets - no packets aside from the query packet end up being that >> length. Not super elegant, but a lot less overhead. >> >> And, as I said, my daemon works differently and could be used to >> easily >> start thousands of fake servers on a single box, which would screw >> more >> things over than it would help. >> >> - Neph >> >> On 09/05/2009 05:20 PM, Kaspars wrote: >>> God dammit... this is really fucked up... sorry for my language, I >>> just >> got >>> too many beers today... >>> Anyways, I just wanted to give something to the community as Neph >>> is not >>> willing to do it. This will fix the ddos attack for *nix however >>> if you >> are >>> using it, I'm not giving any warranty :) >>> >>> Here goes: >>> first, get the source and compile: http://www.gign.lv/tmp/test.c >>> run it in the screen like ./test 21015 YOUR_EXTERNAL_TF2_SERVER_IP >>> YOUR_SERVER_PORT >>> 21015 is some random port for the udp proxy :) it must be opened in >> firewall >>> >>> then some iptables magic: >>> iptables -t nat -A PREROUTING -p udp -d YOUR_EXTERNAL_TF2_SERVER_IP >> --dport >>> YOUR_SERVER_PORT -m string --algo kmp --string 'TSource Engine >>> Query' -j >>> REDIRECT --to-port 21015 >>> >>> thats about it... >>> >>> 2009/9/6 Nephyrin Zey<[email protected]> >>> >>> >>>> The problem with my solution is the daemon would be really really >>>> abusive in the wrong hands. We dont need someone using it to easily >>>> start 100 fake servers at 255/255 slots and polluting the server >>>> list. >>>> It's not some super complex feat, but releasing an easy compiled >>>> prepackaged version is just asking for it - and the real solution >>>> needs >>>> to be valve. Plus, it's not very easy to configure and I'm not >>>> even sure >>>> windows ipsec is capable of that level of packet interception. >>>> >>>> Something on the lines of tony's plugin would be a much better >>>> solution, >>>> but you'll have to hound him about that >>>> >>>> - Neph >>>> >>>> On 09/05/2009 03:14 PM, Kenny Loggins wrote: >>>> >>>>> I don't think either you or Neph have released your plugins to the >> public >>>>> >>>> so >>>> >>>>> this solution works great for you guys. Maybe we can have some >>>>> into or >>>>> direction from you so the general public can do something about >>>>> this? >>>>> >>>>> As long as they get away with this it's going to keep happening >>>>> if a >>>>> >>>> plugin >>>> >>>>> was available to stop this it is not long "fun" or productive to >>>>> DOS >>>>> >>>> servers >>>> >>>>> anymore. >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list >>>> archives, >>>> please visit: >>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>> >>>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list >>> archives, >> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list >> archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
