Yeah they're spoofing addresses and it is a UDP flood. I found a way to completely limit it using iptables although players to my server need to be added to an IP whitelist in order to join (which is fine by me giving the nature of my server).
I think the attacker saw that my server had 35 players on even when they were attacking and finally gave up :D! On Sun, Oct 24, 2010 at 11:21 PM, Kyle Sanderson <[email protected]>wrote: > If the protocol wasn't UDP and there was at least some handshaking > that would be a great idea. People are just spoofing addresses though, > so there would be no actual proof that they did anything. You would > never be able to figure out who was actually doing it as well, unless > if you asked your service provider to look at all of the hops and go > from there. Good luck with the co-ordination. > > At this present time, we are all pretty much hooped. It is starting to > sound like we could use another ETF2L tournament just to get some more > exploits fixed. > Kyle. > > On Sun, Oct 24, 2010 at 3:02 PM, Don P <[email protected]> wrote: > > Grab the ip flooding yours and complain to that persons ISP, send them > the > > log, drop a hint that that persons activity is against their TOS > > > > On Sun, Oct 24, 2010 at 3:44 PM, Kyle Sanderson <[email protected]> > wrote: > > > >> Those cvars don't do a darn thing against this flood Ronny. > >> > >> The only addon that I've seen to help prevent this attack was > >> ServerSecure2. However, since it doesn't answer a2s_info queries right > >> away, things such as HLSW will cease to function. Your server will > >> also look very unattractive to players as your ping in the server > >> browser will be inflated. > >> Kyle. > >> > >> On Sun, Oct 24, 2010 at 2:02 AM, Ronny Schedel <[email protected]> > >> wrote: > >> > sv_max_queries_sec > >> > sv_max_queries_sec_global > >> > sv_max_queries_window > >> > > >> > are your friends. If the default settings kill your server, lower the > >> values > >> > until you get decent hardware. > >> > > >> > > >> >> Malicious users can continuously spam the TSource Engine Query USP > >> packet > >> >> to > >> >> any given server, causing the server to crash under the pressure. > >> >> > >> >> I've been subject to this spam and I believe Valve should do > something > >> in > >> >> order to prevent this packet from being spammed. If I block the > packet > >> >> then > >> >> legitimate users cannot see my game, if I let it go, my game is > >> >> unplayable. > >> >> _______________________________________________ > >> >> To unsubscribe, edit your list preferences, or view the list > archives, > >> >> please visit: > >> >> http://list.valvesoftware.com/mailman/listinfo/hlds > >> >> > >> > > >> > > >> > _______________________________________________ > >> > To unsubscribe, edit your list preferences, or view the list archives, > >> > please visit: > >> > http://list.valvesoftware.com/mailman/listinfo/hlds > >> > > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds > >> > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
