I'm getting high cpu usage because, due to how our system works, we had
to filter ALL the ports... even the ports where other gameservers type
(call of duty, mumble voice server and all the other) were running...
I'm just talking of only 20mbits/sec dataflow... but appear to be enough
to put some load on the server that I would prefer to not have...
As for now I'm giving a try to:
http://code.google.com/p/querycache/
and, on another machine, will try:
iptables -I INPUT 10 -p udp -m udp --dport $i -m string --algo bm
--hex-string '|ffffffff54|' --to 33 -m limit --limit 10/s -j ACCEPT
as that tag should be only at the beginning of the packet... right?
I have yet to understand the exact size of the attack packets...
filtering out directly by size would be even better and faster instead
of a string comparison
Il 06/01/2011 12:02, Arie ha scritto:
Ronny and me wrote that blogpost on vanillatf2. During our tests the filter
seemed effective and not causing too much CPU usage even when sending
multiple megabytes worth of packets per second, so I'm curious why you say
it's not going to work for you.
It would of course be better if the gameserver itself would use
sv_max_queries_sec_global properly. Right now this setting doesn't help
against these attacks.
On 5 January 2011 23:42, Marco Padovan<evolutioncr...@gmail.com> wrote:
I'm hosting many tf2 servers and lately we are getting a lot of denial of
services...
basically we got our machservers spammed with query requests till the point
they time out (the machine is running properly, it's just the gameserver
slowly dieing)
an effective way to stop this kind of behaviour is:
http://www.vanillatf2.org/2011/01/fighting-dos-attacks/
but that cannot be handled properly on boxes as busy as ours...
basically with just little effort anybody is able to take down a single
gameserver spamming it with query requests :(
What can we do to stop that?
Is there a decent plugin/official fix to get rid of this problem instead of
doing packet inspection via iptables on boxes handling 10000+
packets/second?
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
