On Fri, Jan 07, 2011 at 11:50:56PM +0100, Marco Padovan wrote: > I suppose those are all spoofed udp packets as they were the last time I > checked them :(
Only you can tell. (We can't look at the packets you're getting:) > it's difficult to justify these spikes as legit traffic.. >10k spikes are not legit, I was thinking more along the lines of randomly getting 40 instead of just 10-20 packets in one particular second. A spike of 40 could be allowed, a spike of 10000 certainly not. ;) > check from 23:21 onward > http://pastebin.com/jUjzyKY6 Since the DROP stays at 0 for several minutes that looks fine. If it increased like 1-5 packets every other second that would point to a too low limit. You had 3 unlucky queries between 23:00 and 23:01 (legit spike that got dropped), then again nothing for minutes, and then comes the DoS that gets dropped correctly. I think that's okay. Regards frostschutz _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
