Re: [hlds_linux] HL2 engine new exploit (empty UDP query)?

Kveri Fri, 16 Oct 2009 10:15:42 -0700

or

iptables -I INPUT -p udp --dport 27015 -m length --length 0 -j DROP


would be better :).

Kveri

On 16.10.2009, at 19:04, Russell Jones wrote:

> Interesting.
>
> We faced people spamming RCON before, which was fixed by just
> blacklisting the offender's IP addresses in APF.
>
> I wonder if there's an iptables chain you could use to immediately  
> drop
> packets that have a 0 length?
>
>
>
> J.Miribel wrote:
>> Hello,
>>
>> It seems there is a new exploit allowing people to spam a HL2  
>> server is
>> out.. In fact it spams the serveur with empty UDP queries..
>> It does not crash the server but if you look at the server with  
>> HLSW the
>> ping skyrockets to 1000 (instead of.. 10). Impossible to connect to  
>> the
>> server neither.
>>
>> We just added his IP in our ACL to fix my issue, but not everyone  
>> has L3
>> switches out there..
>>
>> Any one faced that problem before ? Is there a workaround other than
>> filtering the attacker's IP ?
>>
>> Oh and yeah I left the guy's IP public.. ;)
>>
>> Here are my tcpdump:
>> 18:45:56.661173 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.662657 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.663906 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.665371 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.666848 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.668084 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.669294 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.670544 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.672015 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.673282 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.674463 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.675939 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.677175 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.678408 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.679886 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.681135 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.682617 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.683843 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.685315 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.686565 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.687801 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.689245 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.690471 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.691715 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.693198 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.694425 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.695662 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.696898 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.698630 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.699870 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.701090 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.702568 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.703805 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.705042 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.706513 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.707756 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.708980 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.710258 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.711696 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.712892 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.714203 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.715881 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.717085 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.718396 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.719806 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.721030 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.722343 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>> 18:45:56.723501 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 >
>> XXX.XXX.XXX.XXX.27015: UDP, length 0
>>
>>
>> _______________________________________________
>> To unsubscribe, edit your list preferences, or view the list  
>> archives, please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list  
> archives, please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
> -- 
> Tato sprava bola prehladana na vyskyt virusov
> a nebezpecneho obsahu antivirovym systemom
> a zda sa byt cista.
>


-- 
Tato sprava bola prehladana na vyskyt virusov
a nebezpecneho obsahu antivirovym systemom
a zda sa byt cista.


_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] HL2 engine new exploit (empty UDP query)?

Reply via email to