How low?
On Sun, Sep 1, 2013 at 6:25 PM, Bottiger <[email protected]> wrote: > It should be noted that you probably won't be able to prevent a2sinfo spam > from occasionally dropping your server from the browser, but your server > should be playable. > > That problem can only be solved when Valve makes another version of a2sinfo > that requires a challenge. I recommend that they do so and phase out the > old a2sinfo by creating a sv_max_queries_sec_info_old and setting it to a > very low number. > > > On Sun, Sep 1, 2013 at 3:16 PM, Bottiger <[email protected]> wrote: > > > Looks like a mixture of a2sinfo spam and that splitpacket spam. If you > > look at the dump you can see they keep sending \xFF\xFF\xFF\xFFTSource > > Engine Query\x00 and \xFE\xFF\xFF\xFFTSource Engine Query\x00 > > > > Here's a version of serversecure3 vsp that doesn't change > > sv_max_queries_sec_global and sv_max_queries_sec_global. Try tweaking > those > > convars and see if it helps. > > > > > https://mega.co.nz/#!gkYHjTYD!A_NvDATFev2VvaGp21dSnCXk_DEooveB-OSnIOWbOno > > > > On Sun, Sep 1, 2013 at 2:25 PM, Violent Crimes < > > [email protected]> wrote: > > > >> http://vps.convictgaming.com/**sample.zip< > http://vps.convictgaming.com/sample.zip> > >> > >> > >> > >> On 9/1/2013 5:12 PM, Bottiger wrote: > >> > >>> It would be helpful if you recorded the attack. > >>> > >>> http://www.winpcap.org/**windump/install/default.htm< > http://www.winpcap.org/windump/install/default.htm> > >>> > >>> > >>> On Sun, Sep 1, 2013 at 1:12 PM, Violent Crimes < > >>> violentcrimes@convictgaming.**com <[email protected]>> > >>> wrote: > >>> > >>> I am having the same issue took down 6 boxes over 50 servers. > >>>> > >>>> > >>>> On 9/1/2013 4:09 PM, Michael Johansen wrote: > >>>> > >>>> They should, yeah. But until then, I need to find a way to block the > >>>>> attack. > >>>>> > >>>>> Date: Sun, 1 Sep 2013 23:06:19 +0300 > >>>>> > >>>>>> From: [email protected] > >>>>>> To: [email protected].****com<hlds_linux@list.** > >>>>>> valvesoftware.com <[email protected]>> > >>>>>> > >>>>>> Subject: Re: [hlds_linux] NET_GetLong attacks > >>>>>> > >>>>>> I've seen the same thing once. The attack rises CPU usage and causes > >>>>>> lag > >>>>>> due to that. I only monitored while someone tried it, did cause some > >>>>>> harm but not too much. Perhaps the attacker was unexperienced at > that > >>>>>> time. > >>>>>> > >>>>>> I guess Valve should look into this. > >>>>>> > >>>>>> -ics > >>>>>> > >>>>>> Michael Johansen kirjoitti: > >>>>>> > >>>>>> Hi. > >>>>>>> For the past two days we've been hit by a skid trying to show off > by > >>>>>>> taking our servers down by sending them malformed packets and faked > >>>>>>> Source > >>>>>>> Engine Queries. The messages look like this:http://pastie.org/** > >>>>>>> private/**kknzt5acoom8enl5bouwxq<http://**pastie.org/private/** > >>>>>>> kknzt5acoom8enl5bouwxq< > http://pastie.org/private/kknzt5acoom8enl5bouwxq> > >>>>>>> > > >>>>>>> > >>>>>>> We have tried blocking the attack using iptables without success. > The > >>>>>>> length of the packets varies, the source address and port varies, > >>>>>>> everything varies. What can we do to stop this? > >>>>>>> > >>>>>>> ______________________________****_________________ > >>>>>>> > >>>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>>> archives, > >>>>>>> please visit: > >>>>>>> https://list.valvesoftware.****com/cgi-bin/mailman/listinfo/*** > >>>>>>> *hlds_linux<https://list.**valvesoftware.com/cgi-bin/** > >>>>>>> mailman/listinfo/hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>>>>>> > > >>>>>>> > >>>>>>> ______________________________****_________________ > >>>>>> > >>>>>> To unsubscribe, edit your list preferences, or view the list > archives, > >>>>>> please visit: > >>>>>> https://list.valvesoftware.****com/cgi-bin/mailman/listinfo/*** > >>>>>> *hlds_linux<https://list.**valvesoftware.com/cgi-bin/** > >>>>>> mailman/listinfo/hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>>>>> > > >>>>>> > >>>>>> ______________________________****_________________ > >>>>> > >>>>> To unsubscribe, edit your list preferences, or view the list > archives, > >>>>> please visit: > >>>>> https://list.valvesoftware.****com/cgi-bin/mailman/listinfo/*** > >>>>> *hlds_linux<https://list.**valvesoftware.com/cgi-bin/** > >>>>> mailman/listinfo/hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>>>> > > >>>>> > >>>>> > >>>>> ______________________________****_________________ > >>>> > >>>> To unsubscribe, edit your list preferences, or view the list archives, > >>>> please visit: > >>>> https://list.valvesoftware.****com/cgi-bin/mailman/listinfo/*** > >>>> *hlds_linux<https://list.**valvesoftware.com/cgi-bin/** > >>>> mailman/listinfo/hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>>> > > >>>> > >>>> ______________________________**_________________ > >>> To unsubscribe, edit your list preferences, or view the list archives, > >>> please visit: > >>> https://list.valvesoftware. > **com/cgi-bin/mailman/listinfo/**hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>> > >>> > >> > >> ______________________________**_________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >> > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
