Hello Everyone, I've searched the web on this but can't find the specific answers I'm looking for so I'm coming to my fellow server operators for a little guidance. I'm hoping some of you have seen or experienced what I'm writing about below.
I still love and use HLSW to watch the logs of my servers constantly. More and more often now I'm seeing messages similar to the ones below flooding my console (the IP addresses and ports change but the messages are the same): 11:55:44 L 01/18/2016 - 11:55:44: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits 11:55:44 L 01/18/2016 - 11:55:44: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits 11:55:44 L 01/18/2016 - 11:55:44: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits 11:55:45 L 01/18/2016 - 11:55:45: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits 11:55:45 L 01/18/2016 - 11:55:45: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits 11:55:45 L 01/18/2016 - 11:55:45: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits 11:55:45 L 01/18/2016 - 11:55:45: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits 11:55:45 L 01/18/2016 - 11:55:45: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits 11:55:46 L 01/18/2016 - 11:55:46: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits My initial research says that these are attacks on my servers but I'm no so sure that's correct. I'm running my TF2 and CSS servers on my own Windows 2008 Dedicated server and when I see these messages, I immediately add them to a Windows Firewall rule I have to block any and all traffic from these IPs before the server even sees it. What's interesting is that I still see these messages even though they get added to the firewall's block list. Eventually they stop but a litle while later, I get messages like it from other IPs. Sometimes I can go a day or two without any, and other days I get as many as 15 IPs doing this. I want to note that I don't see any significant performance hits on the servers when this occurs but I'd like to know more about these messages as they specifically relate to a game server. Based upon the content of the message, I assume these mean something bad is being blocked. What I find even more interesting is that many of the offending IPs that are doing this are the specific IP addresses and ports from other game servers, In the case of the one above, it belongs to a CS 1.6 server in Russia. Why would another game server box be attempting to connect to my servers on the same port it's being hosted on? This problem has grown in frequency over the past few months. Prior to that, I don't remember seeing these messages at all in console. Can anyone give me some background on what these mean and what they're about? Also, any idea why they Windows Firewall doesn't block their traffic completely when I add them to the scope of the Firewall wall so they don't appear in the console logs? Thanks for reading and Happy Monday, Mike Vail
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
