If you used the version I posted it should not have set your sv_max_queries_sec_global so high.
You are supposed to lower that number until it becomes playable and raise the window. On Sun, Sep 1, 2013 at 8:03 PM, Violent Crimes < [email protected]> wrote: > 23:02:46 "sv_max_queries_window" = "1" ( def. "30" ) > - Window over which to average queries per second averages. > > Also he is spoofing the ip. > > > > On 9/1/2013 10:57 PM, Nomaan Ahmad wrote: > >> Maybe he meant sv_max_queries_window >> >> >> On 2 September 2013 03:37, Violent Crimes >> <violentcrimes@convictgaming.**com <[email protected]> >> >wrote: >> >> "sv_max_queries_sec_global and sv_max_queries_sec_global" did you mean >>> something else? >>> >>> "sv_max_queries_sec_global" = "99999999" ( def. "3000" ) >>> - Maximum queries per second to respond to from anywhere. >>> >>> >>> >>> >>> >>> >>> On 9/1/2013 10:28 PM, Bottiger wrote: >>> >>> I'm not sure what you mean by older version. Serversecure3 is the newest >>>> version and has never been publicly released in compiled form. I have >>>> checked the source code and it handles both types of attacks when >>>> combined >>>> with those 2 convars. >>>> >>>> Given that the original serversecure worked, I have no reason to believe >>>> the newest version doesn't work. But since we only host on Linux where >>>> we >>>> can easily implement the same logic in iptables, we can't test it. >>>> >>>> >>>> On Sun, Sep 1, 2013 at 5:11 PM, Violent Crimes < >>>> violentcrimes@convictgaming.****com >>>> <violentcrimes@convictgaming.**com<[email protected]> >>>> >> >>>> wrote: >>>> >>>> Older version doesn't work >>>> >>>>> >>>>> >>>>> On 9/1/2013 6:25 PM, Bottiger wrote: >>>>> >>>>> It should be noted that you probably won't be able to prevent a2sinfo >>>>> >>>>>> spam >>>>>> from occasionally dropping your server from the browser, but your >>>>>> server >>>>>> should be playable. >>>>>> >>>>>> That problem can only be solved when Valve makes another version of >>>>>> a2sinfo >>>>>> that requires a challenge. I recommend that they do so and phase out >>>>>> the >>>>>> old a2sinfo by creating a sv_max_queries_sec_info_old and setting it >>>>>> to >>>>>> a >>>>>> very low number. >>>>>> >>>>>> >>>>>> On Sun, Sep 1, 2013 at 3:16 PM, Bottiger <[email protected]> >>>>>> wrote: >>>>>> >>>>>> Looks like a mixture of a2sinfo spam and that splitpacket spam. If >>>>>> you >>>>>> >>>>>> look at the dump you can see they keep sending >>>>>>> \xFF\xFF\xFF\xFFTSource >>>>>>> Engine Query\x00 and \xFE\xFF\xFF\xFFTSource Engine Query\x00 >>>>>>> >>>>>>> Here's a version of serversecure3 vsp that doesn't change >>>>>>> sv_max_queries_sec_global and sv_max_queries_sec_global. Try tweaking >>>>>>> those >>>>>>> convars and see if it helps. >>>>>>> >>>>>>> https://mega.co.nz/#!gkYHjTYD!******A_NvDATFev2VvaGp21dSnCXk_****<https://mega.co.nz/#!gkYHjTYD!****A_NvDATFev2VvaGp21dSnCXk_**> >>>>>>> <https://mega.co.nz/#!**gkYHjTYD!**A_**NvDATFev2VvaGp21dSnCXk_**<https://mega.co.nz/#!gkYHjTYD!**A_NvDATFev2VvaGp21dSnCXk_**> >>>>>>> > >>>>>>> DEooveB-OSnIOWbOno<https://**m**ega.co.nz/#!gkYHjTYD!A_**<http://mega.co.nz/#!gkYHjTYD!A_**> >>>>>>> NvDATFev2VvaGp21dSnCXk_****DEooveB-OSnIOWbOno<https://** >>>>>>> mega.co.nz/#!gkYHjTYD!A_**NvDATFev2VvaGp21dSnCXk_** >>>>>>> DEooveB-OSnIOWbOno<https://mega.co.nz/#!gkYHjTYD!A_NvDATFev2VvaGp21dSnCXk_DEooveB-OSnIOWbOno> >>>>>>> > >>>>>>> On Sun, Sep 1, 2013 at 2:25 PM, Violent Crimes < >>>>>>> violentcrimes@convictgaming.******com <violentcrimes@convictgaming.* >>>>>>> ***com<violentcrimes@**convictgaming.com<[email protected]> >>>>>>> > >>>>>>> wrote: >>>>>>> >>>>>>> >>>>>>> http://vps.convictgaming.com/********sample.zip<http://vps.convictgaming.com/******sample.zip> >>>>>>> <http://vps.**convictgaming.com/****sample.**zip<http://vps.convictgaming.com/****sample.zip> >>>>>>> > >>>>>>> <http://vps.**convictgaming.**com/**sample.zip<http://convictgaming.com/**sample.zip> >>>>>>> <http://vps.**convictgaming.com/**sample.zip<http://vps.convictgaming.com/**sample.zip> >>>>>>> **> >>>>>>> **> >>>>>>> >>>>>>> <http://vps.**convictgaming.****com/sample.zip<http://** >>>>>>>> convictgaming.com/sample.zip <http://convictgaming.com/sample.zip>> >>>>>>>> <http://vps.**convictgaming.**com/sample.zip<http://convictgaming.com/sample.zip> >>>>>>>> <http://vps.**convictgaming.com/sample.zip<http://vps.convictgaming.com/sample.zip> >>>>>>>> > >>>>>>>> >>>>>>>> >>>>>>>> On 9/1/2013 5:12 PM, Bottiger wrote: >>>>>>>> >>>>>>>> It would be helpful if you recorded the attack. >>>>>>>> >>>>>>>> >>>>>>>> http://www.winpcap.org/********windump/install/default.htm<http://www.winpcap.org/******windump/install/default.htm> >>>>>>>>> <ht**tp://www.winpcap.org/******windump/install/default.htm<http://www.winpcap.org/****windump/install/default.htm> >>>>>>>>> > >>>>>>>>> <ht**tp://www.winpcap.org/******windump/install/default.htm<http://www.winpcap.org/****windump/install/default.htm> >>>>>>>>> <ht**tp://www.winpcap.org/****windump/install/default.htm<http://www.winpcap.org/**windump/install/default.htm> >>>>>>>>> > >>>>>>>>> <ht**tp://www.winpcap.org/****windump/**install/default.htm<http://www.winpcap.org/**windump/**install/default.htm> >>>>>>>>> <**http://www.winpcap.org/**windump/**install/default.htm<http://www.winpcap.org/windump/**install/default.htm> >>>>>>>>> > >>>>>>>>> <**http://www.winpcap.org/****windump/install/default.htm<http://www.winpcap.org/**windump/install/default.htm> >>>>>>>>> <ht**tp://www.winpcap.org/windump/**install/default.htm<http://www.winpcap.org/windump/install/default.htm> >>>>>>>>> > >>>>>>>>> >>>>>>>>> On Sun, Sep 1, 2013 at 1:12 PM, Violent Crimes < >>>>>>>>> violentcrimes@convictgaming.********com >>>>>>>>> <violentcrimes@convictgaming.* >>>>>>>>> ***com<violentcrimes@**convict**gaming.com<http://convictgaming.com> >>>>>>>>> <violentcrimes@**convictgaming.com<[email protected]> >>>>>>>>> > >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> I am having the same issue took down 6 boxes over 50 servers. >>>>>>>>> >>>>>>>>> On 9/1/2013 4:09 PM, Michael Johansen wrote: >>>>>>>>> >>>>>>>>>> They should, yeah. But until then, I need to find a way to >>>>>>>>>> block >>>>>>>>>> the >>>>>>>>>> >>>>>>>>>> attack. >>>>>>>>>> >>>>>>>>>>> Date: Sun, 1 Sep 2013 23:06:19 +0300 >>>>>>>>>>> >>>>>>>>>>> From: [email protected] >>>>>>>>>>> >>>>>>>>>>> To: [email protected].** >>>>>>>>>>>> ********com<hlds_linux@list.** >>>>>>>>>>>> valvesoftware.com <hlds_linux@list.****valvesoftwa**re.com< >>>>>>>>>>>> http://**valvesoftware.com <http://valvesoftware.com>> >>>>>>>>>>>> <hlds_linux@list.**valvesoftwa**re.com<http://valvesoftware.com> >>>>>>>>>>>> <hlds_linux@list.**valvesoftware.com<[email protected]> >>>>>>>>>>>> > >>>>>>>>>>>> Subject: Re: [hlds_linux] NET_GetLong attacks >>>>>>>>>>>> >>>>>>>>>>>> I've seen the same thing once. The attack rises CPU usage and >>>>>>>>>>>> causes >>>>>>>>>>>> lag >>>>>>>>>>>> due to that. I only monitored while someone tried it, did cause >>>>>>>>>>>> some >>>>>>>>>>>> harm but not too much. Perhaps the attacker was unexperienced at >>>>>>>>>>>> that >>>>>>>>>>>> time. >>>>>>>>>>>> >>>>>>>>>>>> I guess Valve should look into this. >>>>>>>>>>>> >>>>>>>>>>>> -ics >>>>>>>>>>>> >>>>>>>>>>>> Michael Johansen kirjoitti: >>>>>>>>>>>> >>>>>>>>>>>> Hi. >>>>>>>>>>>> >>>>>>>>>>>> For the past two days we've been hit by a skid trying to show >>>>>>>>>>>> off >>>>>>>>>>>> >>>>>>>>>>>>> by >>>>>>>>>>>>> taking our servers down by sending them malformed packets and >>>>>>>>>>>>> faked >>>>>>>>>>>>> Source >>>>>>>>>>>>> Engine Queries. The messages look like this: >>>>>>>>>>>>> http://pastie.org/** >>>>>>>>>>>>> private/********kknzt5acoom8enl5bouwxq<http://******** >>>>>>>>>>>>> pastie.org/private/** >>>>>>>>>>>>> >>>>>>>>>>>>> kknzt5acoom8enl5bouwxq<http://******pastie.org/private/** >>>>>>>>>>>>> kknzt5acoom8enl5bouwxq<http://****pastie.org/private/** >>>>>>>>>>>>> kknzt5acoom8enl5bouwxq<http://**pastie.org/private/** >>>>>>>>>>>>> kknzt5acoom8enl5bouwxq<http://pastie.org/private/kknzt5acoom8enl5bouwxq> >>>>>>>>>>>>> > >>>>>>>>>>>>> We have tried blocking the attack using iptables without >>>>>>>>>>>>> success. >>>>>>>>>>>>> The >>>>>>>>>>>>> length of the packets varies, the source address and port >>>>>>>>>>>>> varies, >>>>>>>>>>>>> everything varies. What can we do to stop this? >>>>>>>>>>>>> >>>>>>>>>>>>> ______________________________**********_________________ >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>>>>>>> archives, >>>>>>>>>>>>> please visit: >>>>>>>>>>>>> https://list.valvesoftware.**********com/cgi-bin/mailman/** >>>>>>>>>>>>> listinfo/** >>>>>>>>>>>>> *** >>>>>>>>>>>>> *hlds_linux<https://list.******val**vesoftware.com/cgi-bin/*** >>>>>>>>>>>>> *** <http://vesoftware.com/cgi-bin/****>< >>>>>>>>>>>>> http://valvesoftware.com/cgi-****bin/**<http://valvesoftware.com/cgi-**bin/**> >>>>>>>>>>>>> <http://valvesoftware.**com/cgi-bin/**<http://valvesoftware.com/cgi-bin/**> >>>>>>>>>>>>> > >>>>>>>>>>>>> mailman/listinfo/hlds_linux<****ht**tps://list.valvesoftware.* >>>>>>>>>>>>> *** >>>>>>>>>>>>> com/** >>>>>>>>>>>>> <http://list.valvesoftware.**com/**<http://list.valvesoftware.com/**> >>>>>>>>>>>>> > >>>>>>>>>>>>> cgi-bin/mailman/listinfo/hlds_******linux<https://list.** >>>>>>>>>>>>> valvesoftware.com/cgi-bin/****mailman/listinfo/hlds_linux<http://valvesoftware.com/cgi-bin/**mailman/listinfo/hlds_linux> >>>>>>>>>>>>> <ht**tps://list.valvesoftware.com/** >>>>>>>>>>>>> cgi-bin/mailman/listinfo/hlds_**linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>>>>>>>>>> > >>>>>>>>>>>>> ______________________________**********_________________ >>>>>>>>>>>>> >>>>>>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>>>>>>> >>>>>>>>>>>> archives, >>>>>>>>>>>> please visit: >>>>>>>>>>>> >>>>>>>>>>>> https://list.valvesoftware.**********com/cgi-bin/mailman/** >>>>>>>>>>>> listinfo/***** >>>>>>>>>>>> *hlds_linux<https://list.******val**vesoftware.com/cgi-bin/**** >>>>>>>>>>>> ** <http://vesoftware.com/cgi-bin/****>< >>>>>>>>>>>> http://valvesoftware.com/cgi-****bin/**<http://valvesoftware.com/cgi-**bin/**> >>>>>>>>>>>> <http://valvesoftware.**com/cgi-bin/**<http://valvesoftware.com/cgi-bin/**> >>>>>>>>>>>> > >>>>>>>>>>>> mailman/listinfo/hlds_linux<****ht**tps://list.valvesoftware.** >>>>>>>>>>>> ** >>>>>>>>>>>> com/** >>>>>>>>>>>> <http://list.valvesoftware.**com/**<http://list.valvesoftware.com/**> >>>>>>>>>>>> > >>>>>>>>>>>> cgi-bin/mailman/listinfo/hlds_******linux<https://list.** >>>>>>>>>>>> valvesoftware.com/cgi-bin/****mailman/listinfo/hlds_linux<http://valvesoftware.com/cgi-bin/**mailman/listinfo/hlds_linux> >>>>>>>>>>>> <ht**tps://list.valvesoftware.com/** >>>>>>>>>>>> cgi-bin/mailman/listinfo/hlds_**linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>>>>>>>>> > >>>>>>>>>>>> ______________________________**********_________________ >>>>>>>>>>>> >>>>>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>>>>>> >>>>>>>>>>> archives, >>>>>>>>>>> please visit: >>>>>>>>>>> >>>>>>>>>>> https://list.valvesoftware.**********com/cgi-bin/mailman/** >>>>>>>>>>> listinfo/***** >>>>>>>>>>> *hlds_linux<https://list.******val**vesoftware.com/cgi-bin/**** >>>>>>>>>>> ** <http://vesoftware.com/cgi-bin/****>< >>>>>>>>>>> http://valvesoftware.com/cgi-****bin/**<http://valvesoftware.com/cgi-**bin/**> >>>>>>>>>>> <http://valvesoftware.**com/cgi-bin/**<http://valvesoftware.com/cgi-bin/**> >>>>>>>>>>> > >>>>>>>>>>> mailman/listinfo/hlds_linux<****ht**tps://list.valvesoftware.*** >>>>>>>>>>> * >>>>>>>>>>> com/** >>>>>>>>>>> <http://list.valvesoftware.**com/**<http://list.valvesoftware.com/**> >>>>>>>>>>> > >>>>>>>>>>> cgi-bin/mailman/listinfo/hlds_******linux<https://list.** >>>>>>>>>>> valvesoftware.com/cgi-bin/****mailman/listinfo/hlds_linux<http://valvesoftware.com/cgi-bin/**mailman/listinfo/hlds_linux> >>>>>>>>>>> <ht**tps://list.valvesoftware.com/** >>>>>>>>>>> cgi-bin/mailman/listinfo/hlds_**linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>>>>>>>> > >>>>>>>>>>> ______________________________**********_________________ >>>>>>>>>>> >>>>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>>>>> >>>>>>>>>> archives, >>>>>>>>>> please visit: >>>>>>>>>> >>>>>>>>>> https://list.valvesoftware.**********com/cgi-bin/mailman/** >>>>>>>>>> listinfo/***** >>>>>>>>>> *hlds_linux<https://list.******val**vesoftware.com/cgi-bin/******<http://vesoftware.com/cgi-bin/****> >>>>>>>>>> < >>>>>>>>>> http://valvesoftware.com/cgi-****bin/**<http://valvesoftware.com/cgi-**bin/**> >>>>>>>>>> <http://valvesoftware.**com/cgi-bin/**<http://valvesoftware.com/cgi-bin/**> >>>>>>>>>> > >>>>>>>>>> mailman/listinfo/hlds_linux<****ht**tps://list.valvesoftware.*** >>>>>>>>>> *com/**<http://list.**valvesoftware.com/**<http://list.valvesoftware.com/**> >>>>>>>>>> > >>>>>>>>>> cgi-bin/mailman/listinfo/hlds_******linux<https://list.** >>>>>>>>>> valvesoftware.com/cgi-bin/****mailman/listinfo/hlds_linux<http://valvesoftware.com/cgi-bin/**mailman/listinfo/hlds_linux> >>>>>>>>>> <ht**tps://list.valvesoftware.com/** >>>>>>>>>> cgi-bin/mailman/listinfo/hlds_**linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>>>>>>> > >>>>>>>>>> ______________________________********_________________ >>>>>>>>>> >>>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>>>> >>>>>>>>> archives, >>>>>>>>> please visit: >>>>>>>>> https://list.valvesoftware.********com/cgi-bin/mailman/** >>>>>>>>> listinfo/***** >>>>>>>>> *hlds_linux<https://list.****val**vesoftware.com/cgi-bin/****< >>>>>>>>> http://valvesoftware.com/cgi-**bin/**<http://valvesoftware.com/cgi-bin/**> >>>>>>>>> > >>>>>>>>> mailman/listinfo/hlds_linux<**ht**tps://list.valvesoftware.** >>>>>>>>> com/** <http://list.valvesoftware.com/**> >>>>>>>>> cgi-bin/mailman/listinfo/hlds_****linux<https://list.** >>>>>>>>> valvesoftware.com/cgi-bin/**mailman/listinfo/hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>>>>>> > >>>>>>>>> ______________________________********_________________ >>>>>>>>> >>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>> archives, >>>>>>>> please visit: >>>>>>>> https://list.valvesoftware.********com/cgi-bin/mailman/** >>>>>>>> listinfo/***** >>>>>>>> *hlds_linux<https://list.****val**vesoftware.com/cgi-bin/****< >>>>>>>> http://valvesoftware.com/cgi-**bin/**<http://valvesoftware.com/cgi-bin/**> >>>>>>>> > >>>>>>>> mailman/listinfo/hlds_linux<**ht**tps://list.valvesoftware.**com/**<http://list.valvesoftware.com/**> >>>>>>>> cgi-bin/mailman/listinfo/hlds_****linux<https://list.** >>>>>>>> valvesoftware.com/cgi-bin/**mailman/listinfo/hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>>>>> > >>>>>>>> ______________________________******_________________ >>>>>>>> >>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>> archives, >>>>>> please visit: >>>>>> https://list.valvesoftware.******com/cgi-bin/mailman/listinfo/***** >>>>>> *hlds_linux<https://list.**val**vesoftware.com/cgi-bin/**<http://valvesoftware.com/cgi-bin/**> >>>>>> mailman/listinfo/hlds_linux<ht**tps://list.valvesoftware.com/** >>>>>> cgi-bin/mailman/listinfo/hlds_**linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>>> > >>>>>> >>>>>> ______________________________******_________________ >>>>>> >>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>> please visit: >>>>> https://list.valvesoftware.******com/cgi-bin/mailman/listinfo/***** >>>>> *hlds_linux<https://list.**val**vesoftware.com/cgi-bin/**<http://valvesoftware.com/cgi-bin/**> >>>>> mailman/listinfo/hlds_linux<ht**tps://list.valvesoftware.com/** >>>>> cgi-bin/mailman/listinfo/hlds_**linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>>> > >>>>> ______________________________****_________________ >>>>> >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> https://list.valvesoftware.****com/cgi-bin/mailman/listinfo/*** >>>> *hlds_linux<https://list.**valvesoftware.com/cgi-bin/** >>>> mailman/listinfo/hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>>> > >>>> >>>> >>>> ______________________________****_________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> https://list.valvesoftware.****com/cgi-bin/mailman/listinfo/*** >>> *hlds_linux<https://list.**valvesoftware.com/cgi-bin/** >>> mailman/listinfo/hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >>> > >>> >>> ______________________________**_________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >> >> > > ______________________________**_________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
