At least it helps if the game engine is damaged by the packets contents. Pure bandwidth attacks are hard to mitigate, though.
Regards Oskar Levin [email protected] -----Ursprungligt meddelande----- Från: [email protected] [mailto:[email protected]] För ics Skickat: den 17 oktober 2011 23:05 Till: Half-Life dedicated Linux server mailing list Ämne: Re: [hlds_linux] DoS Attack to SRCDS with TCP packets Bloking tcp is useless too as that software which is used has option to UDP on drop down menu too. I guess it won't hurt to try though if the user is stupid. -ics 17.10.2011 23:58, Andre Pozos kirjoitti: > games servers use udp protocol, tcp is only useed for rcon so block > any tcp packet and only allow your client ips to make tcp queries. > >> Hi, firends! >> >> Some our clients are under stupid attack by tcp packets with length >> 1480 bytes. >> >> ============= >> 22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], >> proto TCP (6), length 1480) >> 188.186.18.151.50325> 188.64.170.100.27019: Flags [P.], cksum >> 0x3c63 >> (correct), seq 39288:40728, ack 1, win 64800, length 1440 >> >> 0x0000: 0025 901a fd64 0026 9806 ddc1 0800 4500 >> .%...d.&......E. >> 0x0010: 05c8 13d1 4000 7c06 af68 bcba 1297 bc40 >> ....@.|..h.....@ >> 0x0020: aa64 c495 698b c6b8 4281 3531 d72b 5018 >> .d..i...B.51.+P. >> 0x0030: fd20 3c63 0000 6e65 2074 6f6f 2e20 4465 >> ..<c..ne.too..De >> 0x0040: 7375 6465 7375 6465 7375 7e41 2063 6174 >> sudesudesu~A.cat >> 0x0050: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >> .is.fine.too..De >> 0x0060: 7375 6465 7375 6465 7375 7e41 2063 6174 >> sudesudesu~A.cat >> 0x0070: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >> .is.fine.too..De >> 0x0080: 7375 6465 7375 6465 7375 7e41 2063 6174 >> sudesudesu~A.cat >> 0x0090: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >> .is.fine.too..De >> 0x00a0: 7375 6465 7375 6465 7375 7e41 2063 6174 >> sudesudesu~A.cat >> 0x00b0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >> .is.fine.too..De >> 0x00c0: 7375 6465 7375 6465 7375 7e41 2063 6174 >> sudesudesu~A.cat >> 0x00d0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >> .is.fine.too..De >> 0x00e0: 7375 6465 7375 6465 7375 7e41 2063 6174 >> sudesudesu~A.cat ================= >> >> And so on... >> >> The tcpdump can be found here: >> http://188.64.170.86/bulkin/files/dos_vsplay.zip >> >> So is there a way to prevent it by Iptables? >> >> Nikita Bulaev >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
