Unrelevant, really. Please do not take this here as I may get my ass kicked because of it.
> From: sai...@specialattack.net > To: hlds_linux@list.valvesoftware.com > Date: Tue, 27 Nov 2012 14:25:56 +0100 > Subject: Re: [hlds_linux] Incoming DoS attack > > The what, on the what? > ________________________________________ > From: hlds_linux-boun...@list.valvesoftware.com > [hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Marco Padovan > [e...@evcz.tk] > Sent: 27 November 2012 14:25 > To: hlds_linux@list.valvesoftware.com > Subject: Re: [hlds_linux] Incoming DoS attack > > Hi, > > are you the Mike on WHT? > > I was the one replying in there :D > > Il 27/11/2012 13.54, Michael Johansen ha scritto: > > My face when, I just analyzed my own tcpdump and I had over ~150 Mbit/s > > traffic on UDP, where as my SYN stood for about 50k pps. > >> From: sai...@specialattack.net > >> To: hlds_linux@list.valvesoftware.com > >> Date: Tue, 27 Nov 2012 11:29:01 +0100 > >> Subject: Re: [hlds_linux] Incoming DoS attack > >> > >> We have no control over the upstream network. All I can do is filter the > >> packets at the machine, but that wouldn't prevent the link from still > >> being overloaded. > >> > >> Currently a null-route is in place to stop the attack at the network > >> boarder. > >> > >> Saint K. > >> ________________________________________ > >> From: hlds_linux-boun...@list.valvesoftware.com > >> [hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Michael Johansen > >> [michs...@live.no] > >> Sent: 27 November 2012 11:26 > >> To: hlds_linux@list.valvesoftware.com > >> Subject: Re: [hlds_linux] Incoming DoS attack > >> > >> Just took a look at the tcpdump, doesn't look like the attacks I'm having. > >> I may be stupid now, but wouldn't it work just by blocking packets with > >> the size of 50? > >> > >>> From: sai...@specialattack.net > >>> To: hlds_linux@list.valvesoftware.com > >>> Date: Tue, 27 Nov 2012 11:19:08 +0100 > >>> Subject: Re: [hlds_linux] Incoming DoS attack > >>> > >>> The IP's in the dump originate from China, but as it's UDP it could very > >>> well be spoofed. > >>> > >>> Looking at the payload in the packets, each new packet only has 1 > >>> character change from the previous packet. > >>> > >>> Bruteforce, or perhaps signature scanning evasion? > >>> > >>> Saint K. > >>> ________________________________________ > >>> From: hlds_linux-boun...@list.valvesoftware.com > >>> [hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Michael Johansen > >>> [michs...@live.no] > >>> Sent: 27 November 2012 11:15 > >>> To: hlds_linux@list.valvesoftware.com > >>> Subject: Re: [hlds_linux] Incoming DoS attack > >>> > >>> I haven't looked at the tcpdump, but I have been getting attacks too, > >>> they're SYN floods, 300 - 400 mbps in size and always coming from > >>> local/reserved (0.x) ip's. All started soem time after we set up our mvm > >>> serves. > >>>> From: sai...@specialattack.net > >>>> To: hlds_linux@list.valvesoftware.com > >>>> Date: Tue, 27 Nov 2012 10:56:28 +0100 > >>>> Subject: [hlds_linux] Incoming DoS attack > >>>> > >>>> Hi, > >>>> > >>>> We've been having DoS attacks aimed at one of our MvM servers. > >>>> > >>>> Anyone have any idea what they're attempting to do here? It is just to > >>>> make the server unreachable, or are the actually trying to exploit srcds > >>>> somehow? > >>>> > >>>> Here's a tcpdump made for about 30 seconds during the attack (which is > >>>> still ongoing); > >>>> > >>>> http://www.specialattack.net/downloads/dump.rar > >>>> > >>>> Saint K. > >>>> _______________________________________________ > >>>> To unsubscribe, edit your list preferences, or view the list archives, > >>>> please visit: > >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > >>> _______________________________________________ > >>> To unsubscribe, edit your list preferences, or view the list archives, > >>> please visit: > >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > >>> > >>> _______________________________________________ > >>> To unsubscribe, edit your list preferences, or view the list archives, > >>> please visit: > >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
