The tricky part on the DDoS via UDP is that you can multiply your traffic. You send a small udp packet (50 bytes inc. overhead) to the game server and get a packet of 1kb in return. That is a multiplication factor of 20.
The answer of a A2S_INFO or PLAYER response is too small that it makes sense to use it for DDoS and therefore you don't need to protect these services. Timo > Steve, there are server cvars to limit the number of queries a second your > server replies to. Use them :) > > As for the server query protocol changes, I'm a bit miffed. > > If the motivation for the change is to help avoid the query mechanism > become > a DDOS tool then leaving the A2S_INFO query without protection seems > silly. > > Also, changing the A2S_INFO query to "0xFFFFFFFFFFFFFFF 'T' "Source Engine > Query" '\0'" also seems silly, can't we have a smaller string (or even > better, a new character instead of T) to reduce the packet data size on > client machines that query lots of servers (i.e. for server browsers)? > > Kris. > > ----Original Message---- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Steve > Tilson Sent: 25 February 2005 17:08 To: hlds_apps@list.valvesoftware.com > Subject: Re: [SPAM] RE: [hlds_apps] Server query protocol > > > And we all very much appreciate your efforts. > > > > I am forming up a open source project for .NET rcon classes/tools. > > I think the more complicated and safer protocol is preferred. > > We can do the work to implement the protocol if the dedicated servers > > will also deploy supporting this protocol. > > > > One comment about HLSW... > > We frequently find ourselves firewall blocking IP addresses that use > > HLSW. > > The tool was fine when it was an admin tool. > > When the tool began competing with the all-seeing-eye for a game > > launcher things got out of control. > > > > The issue with HLSW is it can be used as a dos tool itself by > > setting the number of servers per second very high, having the target > > server as the only server in the list, and setting it to auto-update. > > The result is a constant stream of status queries that effectively > > renders the server unplayable. > > > > Stiil a great tool but it would be really great if you could govern > > the queries against single servers to once per 30 seconds or so. > > > > Regards, > > Steve Tilson > > > > > > > _______________________________________________ > hlds_apps mailing list > hlds_apps@list.valvesoftware.com > http://list.valvesoftware.com/mailman/listinfo/hlds_apps > _______________________________________________ hlds_apps mailing list hlds_apps@list.valvesoftware.com http://list.valvesoftware.com/mailman/listinfo/hlds_apps
