> > Michael Johansen ✆ [email protected] > via<http://support.google.com/mail/bin/answer.py?hl=en&ctx=mail&answer=1311182> > valvesoftware.com > Jan 28 (2 days ago) > > to hlds_linux > Hi, > How would I find that IP? I've got root access on both the machines. > Problem is, everyone lagged out on TWO machines, which is in separate > datacenters and even in different countrys! >
if an attacker is pin-pointing you directly, all he would have to do is attack both. On Sun, Jan 29, 2012 at 12:53 PM, Joe Brown <[email protected]>wrote: > > Run tcpdump for a little: > > > /usr/sbin/tcpdump -i eth0 -w traffic03.cap > > Control+C when you get enough data, download traffic03.cap to your > computer, and load it up in wireshark. > > > From: [email protected] > > To: [email protected] > > Date: Sun, 29 Jan 2012 17:34:17 +0100 > > Subject: Re: [hlds_linux] No Steam Logon - massive lag > > > > > > Tbh I have no idea how to find out what this is, how do I even use > tcpdump to output that info? All I get from it is "encrypted" like with > some weird chars that Notepad++ can't open.Help please. > > > > > Date: Sat, 28 Jan 2012 23:57:31 +0100 > > > From: [email protected] > > > To: [email protected] > > > Subject: Re: [hlds_linux] No Steam Logon - massive lag > > > > > > tcpdump of an attack on one of my servers: > > > > > > 18:01:58.350565 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18 > > > 0x0000: 4500 002e 1dc1 0000 7711 6a89 5bc0 a579 > E.......w.j.[..y > > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 > ......i....(3BE! > > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969 > ody6SAMPBE!dii > > > 18:01:58.351470 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18 > > > 0x0000: 4500 002e 1dc3 0000 7711 6a87 5bc0 a579 > E.......w.j.[..y > > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 > ......i....(3BE! > > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969 > ody6SAMPBE!dii > > > 18:01:58.352542 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 0 > > > 0x0000: 4500 001c 1dc4 0000 7711 6a98 5bc0 a579 > E.......w.j.[..y > > > 0x0010: xxxx xxxx 04f3 6987 0008 d5ee 0000 0000 > ......i......... > > > 0x0020: 0000 0000 0000 0000 0000 0000 0000 > .............. > > > 18:01:58.353050 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18 > > > 0x0000: 4500 002e 1dc5 0000 7711 6a85 5bc0 a579 > E.......w.j.[..y > > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 > ......i....(3BE! > > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969 > ody6SAMPBE!dii > > > 18:01:58.353988 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18 > > > 0x0000: 4500 002e 1dc7 0000 7711 6a83 5bc0 a579 > E.......w.j.[..y > > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 > ......i....(3BE! > > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969 > ody6SAMPBE!dii > > > 18:01:58.354937 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18 > > > 0x0000: 4500 002e 1dc9 0000 7711 6a81 5bc0 a579 > E.......w.j.[..y > > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 > ......i....(3BE! > > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969 > ody6SAMPBE!dii > > > 18:01:58.355887 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 0 > > > 0x0000: 4500 001c 1dca 0000 7711 6a92 5bc0 a579 > E.......w.j.[..y > > > 0x0010: xxxx xxxx 04f3 6987 0008 d5ee 0000 0000 > ......i......... > > > 0x0020: 0000 0000 0000 0000 0000 0000 0000 > .............. > > > > > > Low bandwidth (~250 packets per second) but was severly lagging the > > > game, all clients dropping with no steam logon. Iptables killed it but > > > there is something seriously wrong with srcds if it can't just ignore > > > those packets. > > > > > > On 2012-01-28 17:31, voice wrote: > > > > Bleh, attached an image and now its pending approval, lesson learned. > > > > Instead have a link: > http://projectshadow.randomsonicnet.org/srcds/dos.png > > > > > > > > The thing to see there is the constant stream from port 65098 to the > > > > server's port. All UDP traffic in IPTraf gets thrown into that bottom > > > > window. > > > > > > > > Regards, > > > > Chris > > > > > > > > On Sat, Jan 28, 2012 at 10:17 AM, Harry Cann<[email protected] > >wrote: > > > > > > > >> We get the same on our linux TF2 servers! > > > >> > > > >> ----- Reply message ----- > > > >> From: "Michael Johansen"<[email protected]> > > > >> To:<[email protected]> > > > >> Subject: [hlds_linux] No Steam Logon - massive lag > > > >> Date: Sat, Jan 28, 2012 3:25 pm > > > >> > > > >> > > > >> > > > >> Hi guys, > > > >> I'm running 6 TF2 servers which are quite popular. Anyhow, my server > > > >> laggs, badly sometimes, and right after the spike a lot of players > d/c with > > > >> the "No Steam Logon" message. This is not related to a machine or > any > > > >> plugins I am running. This has happened a lot of times now, and I'm > sick of > > > >> it. What is wrong and why is it happening? Me and a friend were > playing on > > > >> two of our servers when we both lag out (red message in the top > right > > > >> corner) and then it stops and returns to normal, but half of the > players > > > >> are now gone. > > > >> Help? > > > >> _______________________________________________ > > > >> To unsubscribe, edit your list preferences, or view the list > archives, > > > >> please visit: > > > >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > > >> _______________________________________________ > > > >> To unsubscribe, edit your list preferences, or view the list > archives, > > > >> please visit: > > > >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > > >> > > > > _______________________________________________ > > > > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > > > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > > > > > > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
