7130 is the default port used by HLSW (www.hlsw.net) when querying game servers. You can block the older versions of HLSW which do excessive queries by using HLDS 3.1.1.1c1's query rate limiting cvars
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Sykes Sent: Wednesday, July 30, 2003 3:16 PM To: [EMAIL PROTECTED] Subject: [hlds_linux] hlds dos vulnerbility Hiya peeps, Just wondering if anyone here is experiancing this. Recently it has happened quite a few times - the tcpdump looks something like this : 14:06:57.443567 x.4k-gaming.netg.27024 > xxx.netbios-ssn: udp 1030 (DF) 14:06:57.443625 x.4k-gaming.netg.27024 > xxx.netbios-ssn: udp 1030 (DF) 14:06:57.443682 x.4k-gaming.netg.27024 > xxx.netbios-ssn: udp 1030 (DF) This looks like the person who is sending the packets to the games-servers : 14:06:57.494289 x.7130 > x.4k-gaming.netg.27017: udp 12 14:06:57.497716 x.7130 > x.4k-gaming.netg.27017: udp 11 14:06:57.501764 x.7130 > x.4k-gaming.netg.27017: udp 14 14:06:57.507196 x.7130 > x.4k-gaming.netg.27018: udp 5 14:06:57.510018 x.7130 > x.4k-gaming.netg.27017: udp 5 Other than say blocking the specfic UDP ports -which could cause other problems - is there any fix? It seems to cause about 400kbyte traffic from 6 games-servers! Thanks James --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.497 / Virus Database: 296 - Release Date: 04/07/2003 _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.502 / Virus Database: 300 - Release Date: 18/07/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.502 / Virus Database: 300 - Release Date: 18/07/2003 _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
