games servers use udp protocol, tcp is only useed for rcon so block any
tcp packet and only allow your client ips to make tcp queries.
Hi, firends!
Some our clients are under stupid attack by tcp packets with length 1480
bytes.
=============
22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], proto
TCP (6), length 1480)
188.186.18.151.50325> 188.64.170.100.27019: Flags [P.], cksum 0x3c63
(correct), seq 39288:40728, ack 1, win 64800, length 1440
0x0000: 0025 901a fd64 0026 9806 ddc1 0800 4500 .%...d.&......E.
0x0010: 05c8 13d1 4000 7c06 af68 bcba 1297 bc40 ....@.|..h.....@
0x0020: aa64 c495 698b c6b8 4281 3531 d72b 5018 .d..i...B.51.+P.
0x0030: fd20 3c63 0000 6e65 2074 6f6f 2e20 4465 ..<c..ne.too..De
0x0040: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat
0x0050: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De
0x0060: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat
0x0070: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De
0x0080: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat
0x0090: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De
0x00a0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat
0x00b0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De
0x00c0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat
0x00d0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De
0x00e0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat
=================
And so on...
The tcpdump can be found here:
http://188.64.170.86/bulkin/files/dos_vsplay.zip
So is there a way to prevent it by Iptables?
Nikita Bulaev
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
