I have seen you changed your code, the first version was not working for me. The stdlib is still not included, this leads to some warnings. You have defined the response size, but you use the 1000 byte msg.size instead, I don't know if this could be a problem, I don't think so.
Anyways, I have coded my own proxy in PHP, because yours wasn't working. As I can see, the firewall rule also redirect some packets which are 9 bytes and the A2S_PLAYER request. I have adjusted my proxy to send all malformed packets to the server, otherwise you reply with a wrong response. > Hi, > > If you are on the hlds windows mailing list, then you probably already > know > about A2S_INFO DDOS attacks. I have mistakenly posted a *fix* on the list > for *nix servers which I should have posted here. > > In short: > If your server gets ddosed with A2S_INFO packets, it will get really > laggy. > Setting sv_max_queries_sec to a low value will make the server disappear > from the server browser list. I'm providing you with a UDP Caching Proxy > which will query the server with A2S_INFO requests not more than once in a > five seconds and respond to the client with the cached data. > > Setup: > 1. Get the source from http://www.gign.lv/tmp/querycache.c > 2. Compile with gcc querycache.c -o querycache > 3. Open an UDP port in firewall for the proxy server, lets say 21015 > 4. Make sure you have iptables NAT, REDIRECT and string match support > compiled into kernel or as modules > 5. execute: iptables -t nat -A PREROUTING -p udp -d > YOUR_EXTERNAL_TF2_SERVER_IP --dport YOUR_SERVER_PORT -m string --algo kmp > --string 'TSource Engine Query' -j REDIRECT --to-port 21015 > 6. Run querycache (probably under screen, so you can detach from it) > > I've been ddosed with about 300req/sec and it works good, however I don't > give any warranty that it will work for you. > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
