Are you sure it was from SRCDS servers and not just from boxes running both Quake3 and SRCDS? I know Quake3 protocol (servers) allows for an unlimited number of queries, so it's very easy to slam an IP with several gbps of queries in a short amount of time. There really is no easy way to block the reflected attack that I know of. Either get a DDoS protected host or block all Quake3 based servers.
> From: [email protected] > Date: Sun, 25 Mar 2012 21:36:48 +1300 > To: [email protected] > Subject: Re: [hlds] srcds reflected DDoS > > I had the same problem a while ago, > > The answer is. No they have not. > It almost killed my community :/ attacks everynight. > > Just get your host to block port 80 UDP, shouldnt need it open :) > > > On 25/03/2012, at 8:44 PM, Harry Strongburg wrote: > > > I thought srcds was changed in the last few months so it'd be much > > harder to do a reflection attack using it / not even worth their time to > > do so? I just got hit by one from a lot of srcds servers. I took an IP > > dump and did a quick search, and almost all of the hosts were srcds > > servers. Some of them were COD4, but most of the traffic was coming from > > srcds servers. It was only a ~300 MB/s attack, from ~2.4k hosts, > > directed at UDP Port 80. > > > > It was pretty trivial to block it (they didn't even direct it at my own > > srcds for some reason, I guess they wanted to take my httpd offline but > > don't realize all udp to port 80 is blocked?)... but I thought this > > issue was patched up in srcds?
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
