You don't want to respond to each query with a query cache. You don't want, because this will increase the traffic alot and will overload your network connection.
Analyse the network traffic and do proper filtering with iptables. ----- Original Message ----- From: Chris To: Half-Life dedicated Win32 server mailing list Sent: Sunday, January 09, 2011 4:25 PM Subject: Re: [hlds] TF2 Server being DDoS/Exploited So i'm still under attack and got root access to one of my linux servers. I thought doing the iptables fix here http://www.vanillatf2.org/2011/01/fighting-dos-attacks/ would help but no luck. Anyone know of a linux version of ququery cache like: http://www.wantedgov.it/page/62-srcds-query-cache/ Thanks, Chris On Thu, Jan 6, 2011 at 2:21 AM, Kyle Sanderson <[email protected]> wrote: Just to keep this updated, he's being flooded with bad OOB packets (Which is what ServerSecure2 helps fix). QueryCache will not do anything in regards to this attack. To the best of my knowledge, only ServerSecure2 will help prevent this. However, it does have it's own downfalls such as preventing clients from querying the server using the Server Browser if enough traffic is going through (even legitimate traffic will cause this). As always, sorry for my idiocy, Kyle. On Wed, Jan 5, 2011 at 8:49 PM, Chris Oryschak <[email protected]> wrote: > Actually I was calling it a night and was going to leave the server offline, decided to bring it up just to fool around about 2hrs later and it's working flawless. > I think it just had to drop all the stale/flooded packets it was receiving. If I disable the plugin for a few minutes and bring it back online the latency will be in the 1000ms range again and won't recover > Just had to take the server down for 30mins-1hr again and it resumed itself with normal pings. > > I have it up now, going see how it goes tomorrow morning but it looks to be very good. > > Thank you very much DontWannaName and Kyle for your help! > It's much appreciated! > > Chris > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Kyle Sanderson > Sent: Wednesday, January 05, 2011 11:22 PM > To: Half-Life dedicated Win32 server mailing list > Subject: Re: [hlds] TF2 Server being DDoS/Exploited > > ServerSecure2 is causing that, which is why I fixed QueryCache. > > Cheers, > Kyle. > > On Wed, Jan 5, 2011 at 7:00 PM, Chris <[email protected]> wrote: >> Thankyou for that Kyle, >> It helps a bit by making the server respond but with ~1300ms response time. >> >> You can see when i loaded the extension in my hlsw. >> >> http://img341.imageshack.us/img341/928/hlswm.jpg >> >> Anyone have any other ideas or am i dead in the water? >> >> >> >> On Wed, Jan 5, 2011 at 9:10 PM, Kyle Sanderson <[email protected]> wrote: >>> >>> Dr!fter has compiled the extension for you. Hopefully it works! >>> >>> Cheers, >>> Kyle. >>> >>> On Wed, Jan 5, 2011 at 12:50 PM, Chris <[email protected]> wrote: >>> > I grabbed the one from the root of that thread since that one you >>> > linked wasn't compiled for windows... i see that was recently >>> > updated opposed to the one on page 1. >>> > >>> > I requested to see if he can compile it for windows for me... >>> > >>> > Will wait and see... >>> > >>> > On Wed, Jan 5, 2011 at 3:41 PM, DontWannaName! >>> > <[email protected]> >>> > wrote: >>> >> >>> >> Did you restart the server and use the version I linked to? >>> >> >>> >> Sent from my iPhone 4 >>> >> On Jan 5, 2011, at 12:07 PM, Chris <[email protected]> wrote: >>> >> >>> >> Ohh actually i'm getting this with the querycache extension. >>> >> >>> >> [03] <FAILED> file "querycache.ext.dll": The specified module >>> >> could not be found. >>> >> >>> >> >>> >> >>> >> On Wed, Jan 5, 2011 at 2:54 PM, Chris <[email protected]> wrote: >>> >>> >>> >>> Just tried it, makes the server bounce online for 1-2seconds with >>> >>> a ping of 300 then goes to 1300 then goes down for about >>> >>> 10seconds, does a loop. >>> >>> >>> >>> I tried DFENS which is a little more successful at bringing it >>> >>> up, but still goes down just as often. >>> >>> >>> >>> >>> >>> On Wed, Jan 5, 2011 at 2:36 PM, DontWannaName! >>> >>> <[email protected]> >>> >>> wrote: >>> >>>> >>> >>>> If that doesn't work you could try this one: >>> >>>> >>> >>>> https://forums.alliedmods.net/showpost.php?p=1384993&postcount=4 >>> >>>> 2 >>> >>>> >>> >>>> On Wed, Jan 5, 2011 at 11:30 AM, Chris <[email protected]> wrote: >>> >>>>> >>> >>>>> My server is under attack from a DDoS/Exploit. >>> >>>>> >>> >>>>> The server is still online and responds to simple pings no >>> >>>>> problem, but any traffic going to port 27015 is shut down. >>> >>>>> >>> >>>>> I’ve been doing research and came across a plugin called >>> >>>>> “ServerSecure2” (URL: >>> >>>>> https://forums.alliedmods.net/showthread.php?t=135679 >>> >>>>> ) >>> >>>>> >>> >>>>> Which has semi-fixed the exploit I’m being hit with. >>> >>>>> >>> >>>>> >>> >>>>> >>> >>>>> The server responds instantly for all rcon requests, no time >>> >>>>> outs in that department once I have that plugin running. >>> >>>>> >>> >>>>> But users can still not connect to the server, use HLSW to get >>> >>>>> it’s status (shows server is timing out) >>> >>>>> >>> >>>>> >>> >>>>> >>> >>>>> >>> >>>>> >>> >>>>> Anyone have any ideas/suggestions on resolving this? >>> >>>>> >>> >>>>> Note: It’s a windows rented server and I don’t have remote >>> >>>>> access to it, just FTP / Web Control Panel. >>> >>>>> >>> >>>>> >>> >>>>> >>> >>>>> Thanks, >>> >>>>> >>> >>>>> Chris >>> >>>>> >>> >>>>> _______________________________________________ >>> >>>>> To unsubscribe, edit your list preferences, or view the list >>> >>>>> archives, please visit: >>> >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >>>>> >>> >>>> >>> >>>> >>> >>>> _______________________________________________ >>> >>>> To unsubscribe, edit your list preferences, or view the list >>> >>>> archives, >>> >>>> please visit: >>> >>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >>>> >>> >>> >>> >> >>> >> _______________________________________________ >>> >> To unsubscribe, edit your list preferences, or view the list archives, >>> >> please visit: >>> >> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >> >>> >> _______________________________________________ >>> >> To unsubscribe, edit your list preferences, or view the list archives, >>> >> please visit: >>> >> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >> >>> > >>> > >>> > _______________________________________________ >>> > To unsubscribe, edit your list preferences, or view the list archives, >>> > please visit: >>> > http://list.valvesoftware.com/mailman/listinfo/hlds >>> > >>> > >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ------------------------------------------------------------------------------ _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
