Re: [hlds_linux] DoS Attack to SRCDS with TCP packets

Mon, 17 Oct 2011 12:34:10 -0700 

You're better off having your ISP/Host block this upstream on a firewall or
router. Doing this with iptables can be very resource intensive, and may
cause performance issues for your clients.

On Mon, Oct 17, 2011 at 3:15 PM, Никита Булаев [Nikita Bulaev] <
[email protected]> wrote:

> Hi, firends!
>
> Some our clients are under stupid attack by tcp packets with length 1480
> bytes.
>
> =============
> 22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], proto
> TCP (6), length 1480)
>    188.186.18.151.50325 > 188.64.170.100.27019: Flags [P.], cksum 0x3c63
> (correct), seq 39288:40728, ack 1, win 64800, length 1440
>
>        0x0000:  0025 901a fd64 0026 9806 ddc1 0800 4500  .%...d.&......E.
>        0x0010:  05c8 13d1 4000 7c06 af68 bcba 1297 bc40  ....@.|..h.....@
>        0x0020:  aa64 c495 698b c6b8 4281 3531 d72b 5018  .d..i...B.51.+P.
>        0x0030:  fd20 3c63 0000 6e65 2074 6f6f 2e20 4465  ..<c..ne.too..De
>        0x0040:  7375 6465 7375 6465 7375 7e41 2063 6174  sudesudesu~A.cat
>        0x0050:  2069 7320 6669 6e65 2074 6f6f 2e20 4465  .is.fine.too..De
>        0x0060:  7375 6465 7375 6465 7375 7e41 2063 6174  sudesudesu~A.cat
>        0x0070:  2069 7320 6669 6e65 2074 6f6f 2e20 4465  .is.fine.too..De
>        0x0080:  7375 6465 7375 6465 7375 7e41 2063 6174  sudesudesu~A.cat
>        0x0090:  2069 7320 6669 6e65 2074 6f6f 2e20 4465  .is.fine.too..De
>        0x00a0:  7375 6465 7375 6465 7375 7e41 2063 6174  sudesudesu~A.cat
>        0x00b0:  2069 7320 6669 6e65 2074 6f6f 2e20 4465  .is.fine.too..De
>        0x00c0:  7375 6465 7375 6465 7375 7e41 2063 6174  sudesudesu~A.cat
>        0x00d0:  2069 7320 6669 6e65 2074 6f6f 2e20 4465  .is.fine.too..De
>        0x00e0:  7375 6465 7375 6465 7375 7e41 2063 6174  sudesudesu~A.cat
> =================
>
> And so on...
>
> The tcpdump can be found here:
> http://188.64.170.86/bulkin/files/dos_vsplay.zip
>
> So is there a way to prevent it by Iptables?
>
> Nikita Bulaev
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Reply via email to