From: [email protected]
To: [email protected]
Date: Mon, 2 Sep 2013 06:07:49 -0400
Subject: Re: [hlds_linux] NET_GetLong attacks
Rating limiting the a2s queries will still make the server appear
offline,
if you read your log that you posted, it gives you the size, and the
acceptable size, you should be able to tailor a rule to fit your needs.
Log:
NET_GetLong: Split packet from 157.208.132.148:54712 with invalid split
size (number 99/ count 114) where size 8293 is out of valid range [564 -
1248 ]
NET_GetLong: Split packet from 61.52.31.78:45086 with invalid split size
(number 99/ count 114) where size 8293 is out of valid range [564 -
1248 ]
Size: 8293
Valid Size: 564-1248
Rule:
iptables -A INPUT -i eth0 -p udp --dport 27015 -m length --length 8293 -j
DROP
Make sure you also update the destination port if it's different. (I just
tried this rule on my machine and it's working.)
----- Original Message -----
From: "Michael Johansen" <[email protected]>
To: "Half-Life dedicated Linux server mailing list"
<[email protected]>
Sent: Monday, September 02, 2013 5:12 AM
Subject: Re: [hlds_linux] NET_GetLong attacks
> I've tried that, and it doesn't work. For now the solution is to run
> Query
> Cache to make the server playable, it will still disappear from the
> serverbrowser though. Is there a solution to that? Somehow
> rate-limiting
> A2S queries?
>
>> From: [email protected]
>> To: [email protected]
>> Date: Mon, 2 Sep 2013 04:10:15 -0400
>> Subject: Re: [hlds_linux] NET_GetLong attacks
>>
>> Yes, it was mentioned on the other thread titled "steam server ports."
>>
>> http://forums.alliedmods.net/showthread.php?t=151551
>>
>> The 4th section from the top is dealing with attacks like this.
>>
>> ----- Original Message -----
>> From: "Michael Johansen" <[email protected]>
>> To: "Half-Life dedicated Linux server mailing list"
>> <[email protected]>
>> Sent: Monday, September 02, 2013 2:38 AM
>> Subject: Re: [hlds_linux] NET_GetLong attacks
>>
>>
>> > Is it possible to stop this attack using iptables? Usually using the
>> > "Valve-way" of stopping the attacks won't work very well.
>> >> Date: Sun, 1 Sep 2013 23:45:23 -0400
>> >> From: [email protected]
>> >> To: [email protected]
>> >> Subject: Re: [hlds_linux] NET_GetLong attacks
>> >>
>> >> That might have worked with the other filtering we are doing. If it
>> >> does
>> >> I will send you the money. Send me a private email with your steam
>> >> user.
>> >>
>> >>
>> >> On 9/1/2013 11:11 PM, Bottiger wrote:
>> >> > If you used the version I posted it should not have set your
>> >> > sv_max_queries_sec_global
>> >> > so high.
>> >> >
>> >> > You are supposed to lower that number until it becomes playable
>> >> > and
>> >> > raise
>> >> > the window.
>> >> >
>> >> >
>> >
>> > _______________________________________________
>> > To unsubscribe, edit your list preferences, or view the list
>> > archives,
>> > please visit:
>> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>>
>>
>> _______________________________________________
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
