tcpdump of an attack on one of my servers:
18:01:58.350565 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18
0x0000: 4500 002e 1dc1 0000 7711 6a89 5bc0 a579 E.......w.j.[..y
0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 ......i....(3BE!
0x0020: 6f64 7936 5341 4d50 4245 2164 6969 ody6SAMPBE!dii
18:01:58.351470 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18
0x0000: 4500 002e 1dc3 0000 7711 6a87 5bc0 a579 E.......w.j.[..y
0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 ......i....(3BE!
0x0020: 6f64 7936 5341 4d50 4245 2164 6969 ody6SAMPBE!dii
18:01:58.352542 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 0
0x0000: 4500 001c 1dc4 0000 7711 6a98 5bc0 a579 E.......w.j.[..y
0x0010: xxxx xxxx 04f3 6987 0008 d5ee 0000 0000 ......i.........
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..............
18:01:58.353050 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18
0x0000: 4500 002e 1dc5 0000 7711 6a85 5bc0 a579 E.......w.j.[..y
0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 ......i....(3BE!
0x0020: 6f64 7936 5341 4d50 4245 2164 6969 ody6SAMPBE!dii
18:01:58.353988 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18
0x0000: 4500 002e 1dc7 0000 7711 6a83 5bc0 a579 E.......w.j.[..y
0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 ......i....(3BE!
0x0020: 6f64 7936 5341 4d50 4245 2164 6969 ody6SAMPBE!dii
18:01:58.354937 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18
0x0000: 4500 002e 1dc9 0000 7711 6a81 5bc0 a579 E.......w.j.[..y
0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 ......i....(3BE!
0x0020: 6f64 7936 5341 4d50 4245 2164 6969 ody6SAMPBE!dii
18:01:58.355887 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 0
0x0000: 4500 001c 1dca 0000 7711 6a92 5bc0 a579 E.......w.j.[..y
0x0010: xxxx xxxx 04f3 6987 0008 d5ee 0000 0000 ......i.........
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..............
Low bandwidth (~250 packets per second) but was severly lagging the
game, all clients dropping with no steam logon. Iptables killed it but
there is something seriously wrong with srcds if it can't just ignore
those packets.
On 2012-01-28 17:31, voice wrote:
Bleh, attached an image and now its pending approval, lesson learned.
Instead have a link: http://projectshadow.randomsonicnet.org/srcds/dos.png
The thing to see there is the constant stream from port 65098 to the
server's port. All UDP traffic in IPTraf gets thrown into that bottom
window.
Regards,
Chris
On Sat, Jan 28, 2012 at 10:17 AM, Harry Cann<[email protected]>wrote:
We get the same on our linux TF2 servers!
----- Reply message -----
From: "Michael Johansen"<[email protected]>
To:<[email protected]>
Subject: [hlds_linux] No Steam Logon - massive lag
Date: Sat, Jan 28, 2012 3:25 pm
Hi guys,
I'm running 6 TF2 servers which are quite popular. Anyhow, my server
laggs, badly sometimes, and right after the spike a lot of players d/c with
the "No Steam Logon" message. This is not related to a machine or any
plugins I am running. This has happened a lot of times now, and I'm sick of
it. What is wrong and why is it happening? Me and a friend were playing on
two of our servers when we both lag out (red message in the top right
corner) and then it stops and returns to normal, but half of the players
are now gone.
Help?
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
