Now you got me confused. I thought that after your explanations about the DDoS against UA we were back on topic about the DDoS risk having to do with HL servers which are completely unrelated.
You don't even need to set up a netfilter firewall to protect a Linux machine against a SYN flood. The Linux kernel has syn-cookies support build in. All you need is aI think this is easily handled on Linux than win32. In fact, you may want to look at this site: http://www.netfilter.org/
# echo 1 > /proc/sys/net/ipv4/tcp_syncookies
(Solaris has syn-cookies support, too, AFAIK.)
I don't want to take sides or comment on that but I usually can't resist from giving people a link to http://grcsucks.com when I see a refernce to grc.com. :)The SYN attacks typically come in blocks at a time. See an example log here: http://grc.com/dos/drdos.htm
Huh? Now you're back to HLDS again. Valve could not build in something similar since HLDS uses UDP, not TCP. Apples, oranges. What we have here is a classic bandwidth flood. The best idea I've seen so far is the one with the small, simple handshake to establish if the client is really asking for an info packet.I suppose Valve could build into HLDS something similar, but it's still something better handled on the server side, IMO anyway.
No, it is up to your upstream provider to discard packets with an alien IP source address. That is the only way to effectively prevent the majority of DDoS attacks.Oh, and regarding flooding the router first, if this happens, it'll be up to your upstream provider to implement this anti-SYN type of filtering.
Florian.
--
Want to produce professional emails and Usenet postings?
http://www.netmeister.org/news/learn2quote.html
_______________________________________________
hlds_apps mailing list
[EMAIL PROTECTED]
http://list.valvesoftware.com/mailman/listinfo/hlds_apps
