In case you indeed use Windows, you can use IPSec to block packets from
selected IPs. It is possible to write a server plugin that automatically
adds an IP filter using the netsh tool when there is a flood coming from a
certain IP. A seperate tool would run daily to remove any expired filters
(usually a blocking for 24 hours is sufficient). I built such a system but
actually for the zero-length packet exploit - I never had issues with people
spamming the info query. But I have no idea what the effect would be at such
high data rates.
The good thing is, as soon as someone starts flooding you, the server will
appear dead to them for the next 24 hours, so the attackers might actually
think the server has crashed and move on or celebrate their success.
----- Original Message -----
From: "Adam Piatek" <[email protected]>
To: <[email protected]>
Sent: Thursday, November 04, 2010 03:12
Subject: [hlds] TSource Engine Query Issue
Hello all,
With regards to this thread:
http://list.valvesoftware.com/mailman/private/hlds/2010-October/067454.html
We have seen a very massive increase in attacks lately due to this, pretty
much random servers on random days. The spoofed attacks are coming at
about
2.5-3.5mbps constant for periods of 10-72 hours in the form of the TSource
Engine Query packet to destination ips. So far none of the available
plugins/patches or addons can seem to mitigate this issue. All have been
tested multiple times.
We maintain popular public servers, and obviously this is malicious in
nature and kills the server immediately. Has anyone found a decent
solution
to this issue? If not...keeping light on the subject as it is still an
ongoing problem.
Thanks!
--
Adam N Piatek
https://www.GaloreGameServers.Com
[email protected]
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
