On 2012-01-31 16:31, Michael Johansen wrote:
The rcon exploit is not being used here, and since I don't know so much about iptables I just left it open.
iptables -A INPUT -i eth0 -p tcp -d SERVERIP --dport 27015 -j DROP
Well, I've been reading a lot about this issue since no-body wants to help, and out of the threads i've read 28 and 46 are the most used sizes for these attacks.
iptables -A INPUT ! --fragment -p udp -d SERVERIP --dport 27015 -m u32 --u32 "0 >> 22 & 0x3C @ 8 = 0x33424521 && 0 >> 22 & 0x3C @ 12 = 0x6f647936" -j DROP iptables -A INPUT -p udp -d SERVERIP --dport 27015 -m length --length 28 -j DROP
this blocks one very specific program used to attack the servers - may not be necesary now but iptables should be able to drop them in less cpu cycles than srcds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
