I don't know how SRCDS find that range, but tcpdump claims the packet is 53 bytes. And I'll have to take back what I said that the server lag was gone - it still lags badly whenever the attack hits. The cache takes quite a bit of it, but it still lags.
> From: [email protected] > To: [email protected] > Date: Mon, 2 Sep 2013 06:07:49 -0400 > Subject: Re: [hlds_linux] NET_GetLong attacks > > Rating limiting the a2s queries will still make the server appear offline, > if you read your log that you posted, it gives you the size, and the > acceptable size, you should be able to tailor a rule to fit your needs. > > Log: > NET_GetLong: Split packet from 157.208.132.148:54712 with invalid split > size (number 99/ count 114) where size 8293 is out of valid range [564 - > 1248 ] > NET_GetLong: Split packet from 61.52.31.78:45086 with invalid split size > (number 99/ count 114) where size 8293 is out of valid range [564 - 1248 ] > > Size: 8293 > Valid Size: 564-1248 > > Rule: > iptables -A INPUT -i eth0 -p udp --dport 27015 -m length --length 8293 -j > DROP > > Make sure you also update the destination port if it's different. (I just > tried this rule on my machine and it's working.) > > > ----- Original Message ----- > From: "Michael Johansen" <[email protected]> > To: "Half-Life dedicated Linux server mailing list" > <[email protected]> > Sent: Monday, September 02, 2013 5:12 AM > Subject: Re: [hlds_linux] NET_GetLong attacks > > > > I've tried that, and it doesn't work. For now the solution is to run Query > > Cache to make the server playable, it will still disappear from the > > serverbrowser though. Is there a solution to that? Somehow rate-limiting > > A2S queries? > > > >> From: [email protected] > >> To: [email protected] > >> Date: Mon, 2 Sep 2013 04:10:15 -0400 > >> Subject: Re: [hlds_linux] NET_GetLong attacks > >> > >> Yes, it was mentioned on the other thread titled "steam server ports." > >> > >> http://forums.alliedmods.net/showthread.php?t=151551 > >> > >> The 4th section from the top is dealing with attacks like this. > >> > >> ----- Original Message ----- > >> From: "Michael Johansen" <[email protected]> > >> To: "Half-Life dedicated Linux server mailing list" > >> <[email protected]> > >> Sent: Monday, September 02, 2013 2:38 AM > >> Subject: Re: [hlds_linux] NET_GetLong attacks > >> > >> > >> > Is it possible to stop this attack using iptables? Usually using the > >> > "Valve-way" of stopping the attacks won't work very well. > >> >> Date: Sun, 1 Sep 2013 23:45:23 -0400 > >> >> From: [email protected] > >> >> To: [email protected] > >> >> Subject: Re: [hlds_linux] NET_GetLong attacks > >> >> > >> >> That might have worked with the other filtering we are doing. If it > >> >> does > >> >> I will send you the money. Send me a private email with your steam > >> >> user. > >> >> > >> >> > >> >> On 9/1/2013 11:11 PM, Bottiger wrote: > >> >> > If you used the version I posted it should not have set your > >> >> > sv_max_queries_sec_global > >> >> > so high. > >> >> > > >> >> > You are supposed to lower that number until it becomes playable and > >> >> > raise > >> >> > the window. > >> >> > > >> >> > > >> > > >> > _______________________________________________ > >> > To unsubscribe, edit your list preferences, or view the list archives, > >> > please visit: > >> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > >> > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
