Block packets with that byte size on the specified port with iptables. /Chris
Sendt fra min iPhone 4 Den 21/03/2011 kl. 15.31 skrev Andres Pozos <[email protected]>: > Still having problems with another orangebox exploit: > > Log example: > Flooded with : > > 14:52:33.609202 IP xxxxxxxxx.tde.net.25019 > xx.xxx.xx.27115: S > 4271149929:4271149929(0) win 8192 <mss 1452,nop,nop,sackOK> > > All of the with the same win size (8192) > Any advice without having to block dinamic ips? > > > Best regards >> Andres Pozos wrote: >>> Theres an old exploit used to lag orangebox servers sending packets >>> with size 0 that can be fixed with >>> http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9. >>> But since a week or so, im not only getting lag, im getting CRASHES >>> in my server and seems its the same exploit: >>> >>> Example of flood: >>> >>> 19:44:03.747611 IP xxx.dynamicIP.rima-tde.net.58723> xxx.xxx: UDP, length 0 >>> >>> Without ddosfixer, it used to lag the server but now it also crash. >>> The only way i manage to fix it was blocking the ip but its a >>> dinamic ip so its not a solution. Any advice? >> You can also filter by packet size with udp using iptables. >> >> iptables -A INPUT -p udp -m length --length 8 -j DROP >> >> (which should drop all udp packets with a zero length payload). IF you >> have a NAT to your server then you may need this on the FORWARD chain >> instead). >> >> >> >> Note we pass --length 8 to account for the mandatory udp header fields. >> (UDP headers have 4 fields, each sixteen bits long or 8 bytes). >> >> Regards >> >> D. >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
