On Sun, Mar 25, 2012 at 12:20:37PM -0400, Joe Brown wrote: > Are you sure it was from SRCDS servers and not just from boxes running > both Quake3 and SRCDS? I know Quake3 protocol (servers) allows for an > unlimited number of queries, so it's very easy to slam an IP with > several gbps of queries in a short amount of time. There really is no > easy way to block the reflected attack that I know of. Either get a > DDoS protected host or block all Quake3 based servers.
I am pretty sure they are only running srcds. I only did a quick search though. In either case my issue here isn't blocking it since I run Linux on my firewall, it's just seeing if Valve is ever going to work more to "fix it at the source". Stricter rate limiting, required TCP handshake before sending any data to the "connecting" IP, etc. Just those are some quick ways I'd guess would work, but I'm not sure how practical they'd be. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
