Well in my case, it was 0 bytes for minutes, never more than 0.. And it did not crash the server, it just makes it timeout.
Best regards James Edwards a écrit : > http://forums.srcds.com/showthread.php?tid=12516&action=newpost > > Just a heads up, the UDP packet floods aren't necessarily only 0 bytes. I > posted my firewall rules above. These rules also log the (apparent) attacker > and then I explicitly block them in the firewall rules. > > Jim > > Sent via BlackBerry by AT&T > > > > -----Original Message----- > From: Kveri <[email protected]> > Date: Fri, 16 Oct 2009 19:14:40 > To: Half-Life dedicated Linux server mailing > list<[email protected]> > Subject: Re: [hlds_linux] HL2 engine new exploit (empty UDP query)? > > or > > iptables -I INPUT -p udp --dport 27015 -m length --length 0 -j DROP > > would be better :). > > Kveri > > On 16.10.2009, at 19:04, Russell Jones wrote: > > >> Interesting. >> >> We faced people spamming RCON before, which was fixed by just >> blacklisting the offender's IP addresses in APF. >> >> I wonder if there's an iptables chain you could use to immediately >> drop >> packets that have a 0 length? >> >> >> >> J.Miribel wrote: >> >>> Hello, >>> >>> It seems there is a new exploit allowing people to spam a HL2 >>> server is >>> out.. In fact it spams the serveur with empty UDP queries.. >>> It does not crash the server but if you look at the server with >>> HLSW the >>> ping skyrockets to 1000 (instead of.. 10). Impossible to connect to >>> the >>> server neither. >>> >>> We just added his IP in our ACL to fix my issue, but not everyone >>> has L3 >>> switches out there.. >>> >>> Any one faced that problem before ? Is there a workaround other than >>> filtering the attacker's IP ? >>> >>> Oh and yeah I left the guy's IP public.. ;) >>> >>> Here are my tcpdump: >>> 18:45:56.661173 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.662657 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.663906 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.665371 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.666848 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.668084 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.669294 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.670544 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.672015 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.673282 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.674463 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.675939 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.677175 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.678408 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.679886 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.681135 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.682617 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.683843 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.685315 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.686565 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.687801 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.689245 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.690471 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.691715 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.693198 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.694425 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.695662 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.696898 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.698630 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.699870 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.701090 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.702568 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.703805 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.705042 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.706513 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.707756 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.708980 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.710258 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.711696 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.712892 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.714203 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.715881 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.717085 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.718396 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.719806 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.721030 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.722343 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> 18:45:56.723501 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > >>> XXX.XXX.XXX.XXX.27015: UDP, length 0 >>> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list >>> archives, please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>> >>> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> -- >> Tato sprava bola prehladana na vyskyt virusov >> a nebezpecneho obsahu antivirovym systemom >> a zda sa byt cista. >> >> > > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
