Andres Pozos wrote: > Theres an old exploit used to lag orangebox servers sending packets > with size 0 that can be fixed with > http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9. > But since a week or so, im not only getting lag, im getting CRASHES > in my server and seems its the same exploit: > > Example of flood: > > 19:44:03.747611 IP xxx.dynamicIP.rima-tde.net.58723 > xxx.xxx: UDP, length 0 > > Without ddosfixer, it used to lag the server but now it also crash. > The only way i manage to fix it was blocking the ip but its a > dinamic ip so its not a solution. Any advice?
[I replied yesterday, but used the wrong sender address, so resent now] You can also filter by packet size with udp using iptables. iptables -A INPUT -p udp -m length --length 8 -j DROP (which should drop all udp packets with a zero length payload). IF you have a NAT to your server then you may need this on the FORWARD chain instead). Note we pass --length 8 to account for the mandatory udp header fields. (UDP headers have 4 fields, each sixteen bits long or 8 bytes). Regards D. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
