Hi, firends!
Some our clients are under stupid attack by tcp packets with length 1480
bytes.
=============
22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], proto
TCP (6), length 1480)
188.186.18.151.50325 > 188.64.170.100.27019: Flags [P.], cksum 0x3c63
(correct), seq 39288:40728, ack 1, win 64800, length 1440
0x0000: 0025 901a fd64 0026 9806 ddc1 0800 4500 .%...d.&......E.
0x0010: 05c8 13d1 4000 7c06 af68 bcba 1297 bc40 ....@.|..h.....@
0x0020: aa64 c495 698b c6b8 4281 3531 d72b 5018 .d..i...B.51.+P.
0x0030: fd20 3c63 0000 6e65 2074 6f6f 2e20 4465 ..<c..ne.too..De
0x0040: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat
0x0050: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De
0x0060: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat
0x0070: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De
0x0080: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat
0x0090: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De
0x00a0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat
0x00b0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De
0x00c0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat
0x00d0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De
0x00e0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat
=================
And so on...
The tcpdump can be found here:
http://188.64.170.86/bulkin/files/dos_vsplay.zip
So is there a way to prevent it by Iptables?
Nikita Bulaev
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
