Afaik his reply is the only suitable reply. Every packet has the same payload.
Not sure how advanced the FW's are in your network, but you could match on bit pattern and drop all the offending traffic. Saint K. ________________________________________ From: [email protected] [[email protected]] On Behalf Of Ivan Ivanov [[email protected]] Sent: 23 May 2012 13:12 To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] [hlds] HLDS ddos attacks [spoofed IPs] Hello, Thanks for the *only* reply :) This didn't help though. They're still able to flood the IP/port. -------- Оригинално писмо -------- От: Marco Padovan [email protected] Относно: Re: [hlds_linux] [hlds] HLDS ddos attacks [spoofed IPs] До: [email protected] Изпратено на: Вторник, 2012, Май 22 02:30:29 EEST Seeing that dump looks like you can profile it by ttl , id and packet content.. you can eventually ratelimit the A2S_PLAYER ( https://developer.valvesoftware.com/wiki/Server_queries) packets to a very low number like they did here: http://forums.srcds.com/viewtopic/16140 Il 21/05/2012 22:44, Ivan Ivanov ha scritto: > Ok. Here you go: http://pastebin.com/TDTufV1s > > > > > > > > -------- Оригинално писмо -------- > > От: Mart-Jan Reeuwijk [email protected] > > Относно: Re: [hlds_linux] [hlds] HLDS ddos attacks [spoofed IPs] > > До: Half-Life dedicated Linux server mailing list > > > Изпратено на: Събота, 2012, Май 19 16:51:06 EEST > > > /facepalm > > > > please use things like pastebin sites to put such data on, and link people to > that.. > > > > > > > >> ________________________________ >> From: Ivan Ivanov [email protected] > >> To: Half-Life dedicated Linux server mailing list >> [email protected] > >> Sent: Saturday, 19 May 2012, 9:39 >> Subject: Re: [hlds_linux] [hlds] HLDS ddos attacks [spoofed IPs] >> Here's part of the tcpdump: >> 02:11:17.138473 IP (tos 0x0, ttl 27, id 19245, offset 0, flags [DF], proto >> UDP (17), length 37) 59.31.122.64.27005 > my.ip.27015: [no cksum] UDP, >> length 7 > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
