Maybe he meant sv_max_queries_window
On 2 September 2013 03:37, Violent Crimes <[email protected]>wrote: > "sv_max_queries_sec_global and sv_max_queries_sec_global" did you mean > something else? > > "sv_max_queries_sec_global" = "99999999" ( def. "3000" ) > - Maximum queries per second to respond to from anywhere. > > > > > > > On 9/1/2013 10:28 PM, Bottiger wrote: > >> I'm not sure what you mean by older version. Serversecure3 is the newest >> version and has never been publicly released in compiled form. I have >> checked the source code and it handles both types of attacks when combined >> with those 2 convars. >> >> Given that the original serversecure worked, I have no reason to believe >> the newest version doesn't work. But since we only host on Linux where we >> can easily implement the same logic in iptables, we can't test it. >> >> >> On Sun, Sep 1, 2013 at 5:11 PM, Violent Crimes < >> violentcrimes@convictgaming.**com <[email protected]>> >> wrote: >> >> Older version doesn't work >>> >>> >>> >>> On 9/1/2013 6:25 PM, Bottiger wrote: >>> >>> It should be noted that you probably won't be able to prevent a2sinfo >>>> spam >>>> from occasionally dropping your server from the browser, but your server >>>> should be playable. >>>> >>>> That problem can only be solved when Valve makes another version of >>>> a2sinfo >>>> that requires a challenge. I recommend that they do so and phase out the >>>> old a2sinfo by creating a sv_max_queries_sec_info_old and setting it to >>>> a >>>> very low number. >>>> >>>> >>>> On Sun, Sep 1, 2013 at 3:16 PM, Bottiger <[email protected]> wrote: >>>> >>>> Looks like a mixture of a2sinfo spam and that splitpacket spam. If you >>>> >>>>> look at the dump you can see they keep sending \xFF\xFF\xFF\xFFTSource >>>>> Engine Query\x00 and \xFE\xFF\xFF\xFFTSource Engine Query\x00 >>>>> >>>>> Here's a version of serversecure3 vsp that doesn't change >>>>> sv_max_queries_sec_global and sv_max_queries_sec_global. Try tweaking >>>>> those >>>>> convars and see if it helps. >>>>> >>>>> https://mega.co.nz/#!gkYHjTYD!****A_NvDATFev2VvaGp21dSnCXk_**<https://mega.co.nz/#!gkYHjTYD!**A_NvDATFev2VvaGp21dSnCXk_**> >>>>> DEooveB-OSnIOWbOno<https://**mega.co.nz/#!gkYHjTYD!A_** >>>>> NvDATFev2VvaGp21dSnCXk_**DEooveB-OSnIOWbOno<https://mega.co.nz/#!gkYHjTYD!A_NvDATFev2VvaGp21dSnCXk_DEooveB-OSnIOWbOno> >>>>> > >>>>> >>>>> On Sun, Sep 1, 2013 at 2:25 PM, Violent Crimes < >>>>> violentcrimes@convictgaming.****com >>>>> <violentcrimes@convictgaming.**com<[email protected]> >>>>> >> >>>>> wrote: >>>>> >>>>> >>>>> http://vps.convictgaming.com/******sample.zip<http://vps.convictgaming.com/****sample.zip> >>>>> <http://vps.**convictgaming.com/**sample.zip<http://vps.convictgaming.com/**sample.zip> >>>>> **> >>>>> >>>>>> <http://vps.**convictgaming.**com/sample.zip<http://convictgaming.com/sample.zip> >>>>>> <http://vps.**convictgaming.com/sample.zip<http://vps.convictgaming.com/sample.zip> >>>>>> > >>>>>> >>>>>> >>>>>> >>>>>> On 9/1/2013 5:12 PM, Bottiger wrote: >>>>>> >>>>>> It would be helpful if you recorded the attack. >>>>>> >>>>>>> http://www.winpcap.org/******windump/install/default.htm<http://www.winpcap.org/****windump/install/default.htm> >>>>>>> <ht**tp://www.winpcap.org/****windump/install/default.htm<http://www.winpcap.org/**windump/install/default.htm> >>>>>>> > >>>>>>> <ht**tp://www.winpcap.org/**windump/**install/default.htm<http://www.winpcap.org/windump/**install/default.htm> >>>>>>> <**http://www.winpcap.org/**windump/install/default.htm<http://www.winpcap.org/windump/install/default.htm> >>>>>>> > >>>>>>> >>>>>>> >>>>>>> On Sun, Sep 1, 2013 at 1:12 PM, Violent Crimes < >>>>>>> violentcrimes@convictgaming.******com <violentcrimes@convictgaming.* >>>>>>> ***com<violentcrimes@**convictgaming.com<[email protected]> >>>>>>> > >>>>>>> wrote: >>>>>>> >>>>>>> I am having the same issue took down 6 boxes over 50 servers. >>>>>>> >>>>>>> On 9/1/2013 4:09 PM, Michael Johansen wrote: >>>>>>>> >>>>>>>> They should, yeah. But until then, I need to find a way to block >>>>>>>> the >>>>>>>> >>>>>>>> attack. >>>>>>>>> >>>>>>>>> Date: Sun, 1 Sep 2013 23:06:19 +0300 >>>>>>>>> >>>>>>>>> From: [email protected] >>>>>>>>> >>>>>>>>>> To: [email protected].********com<hlds_linux@list.** >>>>>>>>>> valvesoftware.com >>>>>>>>>> <hlds_linux@list.**valvesoftwa**re.com<http://valvesoftware.com> >>>>>>>>>> <hlds_linux@list.**valvesoftware.com<[email protected]> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>> Subject: Re: [hlds_linux] NET_GetLong attacks >>>>>>>>>> >>>>>>>>>> I've seen the same thing once. The attack rises CPU usage and >>>>>>>>>> causes >>>>>>>>>> lag >>>>>>>>>> due to that. I only monitored while someone tried it, did cause >>>>>>>>>> some >>>>>>>>>> harm but not too much. Perhaps the attacker was unexperienced at >>>>>>>>>> that >>>>>>>>>> time. >>>>>>>>>> >>>>>>>>>> I guess Valve should look into this. >>>>>>>>>> >>>>>>>>>> -ics >>>>>>>>>> >>>>>>>>>> Michael Johansen kirjoitti: >>>>>>>>>> >>>>>>>>>> Hi. >>>>>>>>>> >>>>>>>>>> For the past two days we've been hit by a skid trying to show off >>>>>>>>>>> by >>>>>>>>>>> taking our servers down by sending them malformed packets and >>>>>>>>>>> faked >>>>>>>>>>> Source >>>>>>>>>>> Engine Queries. The messages look like this:http://pastie.org/** >>>>>>>>>>> private/******kknzt5acoom8enl5bouwxq<http://****** >>>>>>>>>>> pastie.org/private/** >>>>>>>>>>> >>>>>>>>>>> kknzt5acoom8enl5bouwxq<http://****pastie.org/private/** >>>>>>>>>>> kknzt5acoom8enl5bouwxq<http://**pastie.org/private/** >>>>>>>>>>> kknzt5acoom8enl5bouwxq<http://pastie.org/private/kknzt5acoom8enl5bouwxq> >>>>>>>>>>> > >>>>>>>>>>> We have tried blocking the attack using iptables without success. >>>>>>>>>>> The >>>>>>>>>>> length of the packets varies, the source address and port varies, >>>>>>>>>>> everything varies. What can we do to stop this? >>>>>>>>>>> >>>>>>>>>>> ______________________________********_________________ >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>>>>> archives, >>>>>>>>>>> please visit: >>>>>>>>>>> https://list.valvesoftware.********com/cgi-bin/mailman/** >>>>>>>>>>> listinfo/** >>>>>>>>>>> *** >>>>>>>>>>> *hlds_linux<https://list.****val**vesoftware.com/cgi-bin/****< >>>>>>>>>>> http://valvesoftware.com/cgi-**bin/**<http://valvesoftware.com/cgi-bin/**> >>>>>>>>>>> > >>>>>>>>>>> mailman/listinfo/hlds_linux<**ht**tps://list.valvesoftware.** >>>>>>>>>>> com/** <http://list.valvesoftware.com/**> >>>>>>>>>>> cgi-bin/mailman/listinfo/hlds_****linux<https://list.** >>>>>>>>>>> valvesoftware.com/cgi-bin/**mailman/listinfo/hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>>>>>>>> > >>>>>>>>>>> ______________________________********_________________ >>>>>>>>>>> >>>>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>>>> archives, >>>>>>>>>> please visit: >>>>>>>>>> >>>>>>>>>> https://list.valvesoftware.********com/cgi-bin/mailman/** >>>>>>>>>> listinfo/***** >>>>>>>>>> *hlds_linux<https://list.****val**vesoftware.com/cgi-bin/****< >>>>>>>>>> http://valvesoftware.com/cgi-**bin/**<http://valvesoftware.com/cgi-bin/**> >>>>>>>>>> > >>>>>>>>>> mailman/listinfo/hlds_linux<**ht**tps://list.valvesoftware.** >>>>>>>>>> com/** <http://list.valvesoftware.com/**> >>>>>>>>>> cgi-bin/mailman/listinfo/hlds_****linux<https://list.** >>>>>>>>>> valvesoftware.com/cgi-bin/**mailman/listinfo/hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>>>>>>> > >>>>>>>>>> ______________________________********_________________ >>>>>>>>>> >>>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>>> archives, >>>>>>>>> please visit: >>>>>>>>> >>>>>>>>> https://list.valvesoftware.********com/cgi-bin/mailman/** >>>>>>>>> listinfo/***** >>>>>>>>> *hlds_linux<https://list.****val**vesoftware.com/cgi-bin/****< >>>>>>>>> http://valvesoftware.com/cgi-**bin/**<http://valvesoftware.com/cgi-bin/**> >>>>>>>>> > >>>>>>>>> mailman/listinfo/hlds_linux<**ht**tps://list.valvesoftware.** >>>>>>>>> com/** <http://list.valvesoftware.com/**> >>>>>>>>> cgi-bin/mailman/listinfo/hlds_****linux<https://list.** >>>>>>>>> valvesoftware.com/cgi-bin/**mailman/listinfo/hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>>>>>> > >>>>>>>>> ______________________________********_________________ >>>>>>>>> >>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>> archives, >>>>>>>> please visit: >>>>>>>> >>>>>>>> https://list.valvesoftware.********com/cgi-bin/mailman/** >>>>>>>> listinfo/***** >>>>>>>> *hlds_linux<https://list.****val**vesoftware.com/cgi-bin/****< >>>>>>>> http://valvesoftware.com/cgi-**bin/**<http://valvesoftware.com/cgi-bin/**> >>>>>>>> > >>>>>>>> mailman/listinfo/hlds_linux<**ht**tps://list.valvesoftware.**com/**<http://list.valvesoftware.com/**> >>>>>>>> cgi-bin/mailman/listinfo/hlds_****linux<https://list.** >>>>>>>> valvesoftware.com/cgi-bin/**mailman/listinfo/hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>>>>> > >>>>>>>> ______________________________******_________________ >>>>>>>> >>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>> archives, >>>>>>> please visit: >>>>>>> https://list.valvesoftware.******com/cgi-bin/mailman/listinfo/***** >>>>>>> *hlds_linux<https://list.**val**vesoftware.com/cgi-bin/**<http://valvesoftware.com/cgi-bin/**> >>>>>>> mailman/listinfo/hlds_linux<ht**tps://list.valvesoftware.com/** >>>>>>> cgi-bin/mailman/listinfo/hlds_**linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>>>> > >>>>>>> >>>>>>> ______________________________******_________________ >>>>>>> >>>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>>> please visit: >>>>>> https://list.valvesoftware.******com/cgi-bin/mailman/listinfo/***** >>>>>> *hlds_linux<https://list.**val**vesoftware.com/cgi-bin/**<http://valvesoftware.com/cgi-bin/**> >>>>>> mailman/listinfo/hlds_linux<ht**tps://list.valvesoftware.com/** >>>>>> cgi-bin/mailman/listinfo/hlds_**linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>>> > >>>>>> >>>>>> ______________________________****_________________ >>>>> >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> https://list.valvesoftware.****com/cgi-bin/mailman/listinfo/*** >>>> *hlds_linux<https://list.**valvesoftware.com/cgi-bin/** >>>> mailman/listinfo/hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>> > >>>> >>>> >>>> ______________________________****_________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> https://list.valvesoftware.****com/cgi-bin/mailman/listinfo/*** >>> *hlds_linux<https://list.**valvesoftware.com/cgi-bin/** >>> mailman/listinfo/hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>> > >>> >>> ______________________________**_________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >> >> > > ______________________________**_________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
