Do you have a plugin to block DoS Attacks such as A2S_INFO Packet flood? If not, I advice you to install DBlocker or a plugin called DAF Dos Attack Fix.
See: http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 http://dblocker.didrole.com/ Hope it helps :/ On Tue, Oct 18, 2011 at 8:38 AM, Никита Булаев [Nikita Bulaev] < [email protected]> wrote: > Well, thank you friends! > > Ics - you helped a lot to find the source utility. > > Now I'm trying to create iptables rules, and wrote this: > > ================================================= > # DROP and ban > iptables -N REJECT_RCON_FLOOD > iptables -A REJECT_RCON_FLOOD -j LOG --log-prefix 'IPTABLES-RCON-FLOOD:' > --log-level info > iptables -A REJECT_RCON_FLOOD -j DROP > > iptables -A INPUT -p tcp --dport 27000:28900 -m connlimit > --connlimit-above 1 --connlimit-mask 32 -j REJECT_RCON_FLOOD > iptables -A INPUT -p tcp --dport 27000:28900 -m hashlimit > --hashlimit-upto 1/sec \ > --hashlimit-burst 1 --hashlimit-mode srcip,dstip,dstport > --hashlimit-name rcon_flood \ > --hashlimit-htable-gcinterval 30000 -j ACCEPT > iptables -A INPUT -p tcp --dport 27000:28900 -j REJECT_RCON_FLOOD > > ================================================= > > One by one, as I thought, that is: > 1) DROP more then one connections to SRCDS TCP: that is lowering an attack > very much > 2) ACCEPT only one packet in second > 3) DROP more then one packet > > So the problem is that packets are not droped. And I'm really confused. I > really do not understand why. Just like the rule wont work at all! > > I can't block rcon at all. So the only way is to limit connections and ban > the source ip of an attacker. > > Ideas? > > 2011/10/18 <[email protected]> > > > Looks much like some-prog-that-i-wont-say-out-loud-from-4chan-sute > > output, with just modified message. Looks like idiots have found it and > > started using it. > > > > -ics > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
