This plugins are defending of UDP A2S Info attacks, and we are very well protected of it with Iptables.
The present problem is that second Iptables rule with hashlimit wont work =( 2011/10/19 <[email protected]> > Date: Tue, 18 Oct 2011 16:10:32 -0300 > From: Bruno Garcia <[email protected]> > To: Half-Life dedicated Linux server mailing list > <[email protected]> > Subject: Re: [hlds_linux] DoS Attack to SRCDS with TCP packets > Message-ID: > <cacipfvhaep9vjr7lhzoidehscaby2bjhrb2yiraduvntymi...@mail.gmail.com > > > Content-Type: text/plain; charset=UTF-8 > > Do you have a plugin to block DoS Attacks such as A2S_INFO Packet flood? > If not, I advice you to install DBlocker or a plugin called DAF Dos Attack > Fix. > > See: > > http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 > > > http://dblocker.didrole.com/ > > > > Hope it helps :/ > > On Tue, Oct 18, 2011 at 8:38 AM, ?????? ?????? [Nikita Bulaev] < > [email protected]> wrote: > > > Well, thank you friends! > > > > Ics - you helped a lot to find the source utility. > > > > Now I'm trying to create iptables rules, and wrote this: > > > > ================================================= > > # DROP and ban > > iptables -N REJECT_RCON_FLOOD > > iptables -A REJECT_RCON_FLOOD -j LOG --log-prefix > 'IPTABLES-RCON-FLOOD:' > > --log-level info > > iptables -A REJECT_RCON_FLOOD -j DROP > > > > iptables -A INPUT -p tcp --dport 27000:28900 -m connlimit > > --connlimit-above 1 --connlimit-mask 32 -j REJECT_RCON_FLOOD > > iptables -A INPUT -p tcp --dport 27000:28900 -m hashlimit > > --hashlimit-upto 1/sec \ > > --hashlimit-burst 1 --hashlimit-mode srcip,dstip,dstport > > --hashlimit-name rcon_flood \ > > --hashlimit-htable-gcinterval 30000 -j ACCEPT > > iptables -A INPUT -p tcp --dport 27000:28900 -j REJECT_RCON_FLOOD > > > > ================================================= > > > > One by one, as I thought, that is: > > 1) DROP more then one connections to SRCDS TCP: that is lowering an > attack > > very much > > 2) ACCEPT only one packet in second > > 3) DROP more then one packet > > > > So the problem is that packets are not droped. And I'm really confused. I > > really do not understand why. Just like the rule wont work at all! > > > > I can't block rcon at all. So the only way is to limit connections and > ban > > the source ip of an attacker. > > > > Ideas? > > > > 2011/10/18 <[email protected]> > > > > > Looks much like some-prog-that-i-wont-say-out-loud-from-4chan-sute > > > output, with just modified message. Looks like idiots have found it and > > > started using it. > > > > > > -ics > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
