Re: [hlds_linux] DoS Attack to SRCDS with TCP packets

Mon, 17 Oct 2011 13:09:40 -0700 

Additionally: set a very strict rate limiting to new connections (10new
connections every 20seconds?) and drop anything that's not "estabilished"...

Il 17/10/2011 21:15, ?????? ?????? [Nikita Bulaev] ha scritto:
> Hi, firends!
>
> Some our clients are under stupid attack by tcp packets with length 1480
> bytes.
>
> =============
> 22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], proto
> TCP (6), length 1480)
>     188.186.18.151.50325 > 188.64.170.100.27019: Flags [P.], cksum 0x3c63
> (correct), seq 39288:40728, ack 1, win 64800, length 1440
>
>         0x0000:  0025 901a fd64 0026 9806 ddc1 0800 4500  .%...d.&......E.
>         0x0010:  05c8 13d1 4000 7c06 af68 bcba 1297 bc40  ....@.|..h.....@
>         0x0020:  aa64 c495 698b c6b8 4281 3531 d72b 5018  .d..i...B.51.+P.
>         0x0030:  fd20 3c63 0000 6e65 2074 6f6f 2e20 4465  ..<c..ne.too..De
>         0x0040:  7375 6465 7375 6465 7375 7e41 2063 6174  sudesudesu~A.cat
>         0x0050:  2069 7320 6669 6e65 2074 6f6f 2e20 4465  .is.fine.too..De
>         0x0060:  7375 6465 7375 6465 7375 7e41 2063 6174  sudesudesu~A.cat
>         0x0070:  2069 7320 6669 6e65 2074 6f6f 2e20 4465  .is.fine.too..De
>         0x0080:  7375 6465 7375 6465 7375 7e41 2063 6174  sudesudesu~A.cat
>         0x0090:  2069 7320 6669 6e65 2074 6f6f 2e20 4465  .is.fine.too..De
>         0x00a0:  7375 6465 7375 6465 7375 7e41 2063 6174  sudesudesu~A.cat
>         0x00b0:  2069 7320 6669 6e65 2074 6f6f 2e20 4465  .is.fine.too..De
>         0x00c0:  7375 6465 7375 6465 7375 7e41 2063 6174  sudesudesu~A.cat
>         0x00d0:  2069 7320 6669 6e65 2074 6f6f 2e20 4465  .is.fine.too..De
>         0x00e0:  7375 6465 7375 6465 7375 7e41 2063 6174  sudesudesu~A.cat
> =================
>
> And so on...
>
> The tcpdump can be found here:
> http://188.64.170.86/bulkin/files/dos_vsplay.zip
>
> So is there a way to prevent it by Iptables?
>
> Nikita Bulaev
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Reply via email to