----- Original Message ----- From: "Simon Garner" Sent: Thursday, January 23, 2003 11:01 AM Subject: Re: [hlds_apps] Re: hlds_apps digest, Vol 1 #138 - 3 msgs
> Stan Bubrouski <[EMAIL PROTECTED]> wrote: > > > > You really missed botman's point...if the SOURCE is spoofed then how > > can you set rate limits? They call it a DDOS attack because you use > > more than one server to flood the victim. Using one server would > > simply be ineffective. > > > > Yes, but all the packets would be spoofed with the same source IP -- the > IP of the victim. > > -Simon Not entirely true. In the past several days (and still continuing), UA has been under constant dDoS attacks (SYN flooding) with all packets completely spoofed. Analyzing the packets, pretty much everything is spoofed, especially the source. The UA website is back online only after we were able to launch multiple mirror sites (Texas, Boston, and in the Netherlands). The Texas mirror was the first to go up and was quickly dDoS, which resulted in their provider blocking the IP used, bringing that mirror down. They later analyzed the traffic and discovered that there were 1200+ simultaneous SYN flood connections which were dynamically changing with each packet. They ended up creating a filter (IPChains I believe) on their Linux server, which took care of the IP blocks that were used in the attack. Anyway, none of the upstream providers cared to do any extensive back-tracing of the packet flow (only way to trace this because you can't go by the data in the packets themselves), so the dDoS culprit gets away clean. BTW, the 2 IPs currently under attack (1 in CA and the other in TX) are both from Time Warner. Just wanted to clarify a few things here on this. In any event, I think that the server or the firewall should already be configured for anti-dDoS attacks rather than having every software, including HLDS, handle it themselves. Why add the fat? HoundDawg UnitedAdmins.com _______________________________________________ hlds_apps mailing list [EMAIL PROTECTED] http://list.valvesoftware.com/mailman/listinfo/hlds_apps
