Ever notice that when you use the querycache that your server doesn't show in the master server list and if you try to query it with steam it retrieves no information.
HLSW works to query though. Do you have this problem too? On Tue, Jan 25, 2011 at 5:37 AM, Arie <nos...@ariekanarie.nl> wrote: > Most of the attacks directed at my server are exactly 30 seconds long and > designed to freeze the server long enough to drop all players. This attack > seems to be no longer effective on my server due to filtering and limiting > the amount of packets/sec. > > Yesterday the season finals of ETF2L were played and the first gameservers > were attacked and brought down. For some reason my servers were able to > withstand the attack, but I'm not sure why since at least one of the > gameservers that was attacked earlier uses similar protection. > During the match both the relays and gameservers kept getting attacked but > the firewall was effective in keeping the server safe this time. > > This is the current (ruby) script I use to generate the firewall rules and > set up 'querycache' to deal with A2S_INFO floods. > > https://github.com/Arie/tf2scripts/blob/master/rate-limit-iptables-querycache.rb > > About a week ago Ronny of nice-servers.com and I contacted Robin Walker > about the DoS attacks we were seeing then. These were the > A2S_INFO/A2S_PLAYER/A2S_RULES attacks. > > Hi guys. > > Our dedicated server folks are now fully up-to-speed on the issue, and > hope > > to get to it soon. > > > > Robin. > > > > Recently we've been seeing attacks using udp packets starting with ffffff, > but unlike a normal A2S packet like ffffff54, these ones had random numbers > after. An orangebox server seems to invest some CPU time in any packet > starting with ffffff. > > > Below is a log of a 30-second attack. > > Jan 20 22:17:50 FLOOD 27025 SRC=68.180.244.207 DST=80.84.250.224 LEN=53 > TOS=00 PREC=0x00 TTL=61 ID=35101 CE PROTO=UDP SPT=2925 DPT=27025 LEN=33 > ----SNIP----- > Jan 20 22:18:19 FLOOD 27025 SRC=159.142.163.232 DST=80.84.250.224 LEN=53 > TOS=00 PREC=0x00 TTL=61 ID=35537 CE PROTO=UDP SPT=60706 DPT=27025 LEN=33 > > > > On 25 January 2011 08:58, <gamead...@127001.org> wrote: > > > Our servers aren't CRASHING, but they're freezing for the 30 seconds long > > enough to drop every single player > > > > > -----Original Message----- > > > From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux- > > > boun...@list.valvesoftware.com] On Behalf Of Marco Padovan > > > Sent: 24 January 2011 23:33 > > > To: hlds_linux@list.valvesoftware.com > > > Subject: [hlds_linux] tf2 ddos - again - please do something > > > > > > Looks like there's another kind of crafted packed around flooding tf2 > > > servers and crashing them... > > > > > > how does this new pattern looks like? > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list archives, > > > please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
