These packets don't really use up processing power, but they just take over your link... Adding a rule to iptables that would drop the connections wouldn't help. Sorry.
Sergiusz Bazański xmpp: [email protected] www: http://q3k.org/ On Mon, Oct 17, 2011 at 10:30 PM, ics <[email protected]> wrote: > Looks much like some-prog-that-i-wont-say-out-loud-from-4chan-sute output, > with just modified message. Looks like idiots have found it and started > using it. > > -ics > > 17.10.2011 23:09, Marco Padovan kirjoitti: >> >> Additionally: set a very strict rate limiting to new connections (10new >> connections every 20seconds?) and drop anything that's not >> "estabilished"... >> >> Il 17/10/2011 21:15, ?????? ?????? [Nikita Bulaev] ha scritto: >>> >>> Hi, firends! >>> >>> Some our clients are under stupid attack by tcp packets with length 1480 >>> bytes. >>> >>> ============= >>> 22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], >>> proto >>> TCP (6), length 1480) >>> 188.186.18.151.50325> 188.64.170.100.27019: Flags [P.], cksum 0x3c63 >>> (correct), seq 39288:40728, ack 1, win 64800, length 1440 >>> >>> 0x0000: 0025 901a fd64 0026 9806 ddc1 0800 4500 >>> .%...d.&......E. >>> 0x0010: 05c8 13d1 4000 7c06 af68 bcba 1297 bc40 >>> ....@.|..h.....@ >>> 0x0020: aa64 c495 698b c6b8 4281 3531 d72b 5018 >>> .d..i...B.51.+P. >>> 0x0030: fd20 3c63 0000 6e65 2074 6f6f 2e20 4465 >>> ..<c..ne.too..De >>> 0x0040: 7375 6465 7375 6465 7375 7e41 2063 6174 >>> sudesudesu~A.cat >>> 0x0050: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >>> .is.fine.too..De >>> 0x0060: 7375 6465 7375 6465 7375 7e41 2063 6174 >>> sudesudesu~A.cat >>> 0x0070: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >>> .is.fine.too..De >>> 0x0080: 7375 6465 7375 6465 7375 7e41 2063 6174 >>> sudesudesu~A.cat >>> 0x0090: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >>> .is.fine.too..De >>> 0x00a0: 7375 6465 7375 6465 7375 7e41 2063 6174 >>> sudesudesu~A.cat >>> 0x00b0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >>> .is.fine.too..De >>> 0x00c0: 7375 6465 7375 6465 7375 7e41 2063 6174 >>> sudesudesu~A.cat >>> 0x00d0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >>> .is.fine.too..De >>> 0x00e0: 7375 6465 7375 6465 7375 7e41 2063 6174 >>> sudesudesu~A.cat >>> ================= >>> >>> And so on... >>> >>> The tcpdump can be found here: >>> http://188.64.170.86/bulkin/files/dos_vsplay.zip >>> >>> So is there a way to prevent it by Iptables? >>> >>> Nikita Bulaev >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
