I tried that too, and the servers stopped showing in both server browser and
SourceBans. It looks like the only way to stop this is with a plugin or
extension on the servers.
> From: [email protected]
> To: [email protected]
> Date: Mon, 2 Sep 2013 06:35:04 -0400
> Subject: Re: [hlds_linux] NET_GetLong attacks
>
> Modify the packet size in the rule I gave you to match what tcpdump is
> showing then, see if that works.
>
>
> ----- Original Message -----
> From: "Michael Johansen" <[email protected]>
> To: "Half-Life dedicated Linux server mailing list"
> <[email protected]>
> Sent: Monday, September 02, 2013 6:32 AM
> Subject: Re: [hlds_linux] NET_GetLong attacks
>
>
> >I don't know how SRCDS find that range, but tcpdump claims the packet is 53
> >bytes. And I'll have to take back what I said that the server lag was
> >gone - it still lags badly whenever the attack hits. The cache takes quite
> >a bit of it, but it still lags.
> >
> >> From: [email protected]
> >> To: [email protected]
> >> Date: Mon, 2 Sep 2013 06:07:49 -0400
> >> Subject: Re: [hlds_linux] NET_GetLong attacks
> >>
> >> Rating limiting the a2s queries will still make the server appear
> >> offline,
> >> if you read your log that you posted, it gives you the size, and the
> >> acceptable size, you should be able to tailor a rule to fit your needs.
> >>
> >> Log:
> >> NET_GetLong: Split packet from 157.208.132.148:54712 with invalid split
> >> size (number 99/ count 114) where size 8293 is out of valid range [564 -
> >> 1248 ]
> >> NET_GetLong: Split packet from 61.52.31.78:45086 with invalid split size
> >> (number 99/ count 114) where size 8293 is out of valid range [564 -
> >> 1248 ]
> >>
> >> Size: 8293
> >> Valid Size: 564-1248
> >>
> >> Rule:
> >> iptables -A INPUT -i eth0 -p udp --dport 27015 -m length --length 8293 -j
> >> DROP
> >>
> >> Make sure you also update the destination port if it's different. (I just
> >> tried this rule on my machine and it's working.)
> >>
> >>
> >> ----- Original Message -----
> >> From: "Michael Johansen" <[email protected]>
> >> To: "Half-Life dedicated Linux server mailing list"
> >> <[email protected]>
> >> Sent: Monday, September 02, 2013 5:12 AM
> >> Subject: Re: [hlds_linux] NET_GetLong attacks
> >>
> >>
> >> > I've tried that, and it doesn't work. For now the solution is to run
> >> > Query
> >> > Cache to make the server playable, it will still disappear from the
> >> > serverbrowser though. Is there a solution to that? Somehow
> >> > rate-limiting
> >> > A2S queries?
> >> >
> >> >> From: [email protected]
> >> >> To: [email protected]
> >> >> Date: Mon, 2 Sep 2013 04:10:15 -0400
> >> >> Subject: Re: [hlds_linux] NET_GetLong attacks
> >> >>
> >> >> Yes, it was mentioned on the other thread titled "steam server ports."
> >> >>
> >> >> http://forums.alliedmods.net/showthread.php?t=151551
> >> >>
> >> >> The 4th section from the top is dealing with attacks like this.
> >> >>
> >> >> ----- Original Message -----
> >> >> From: "Michael Johansen" <[email protected]>
> >> >> To: "Half-Life dedicated Linux server mailing list"
> >> >> <[email protected]>
> >> >> Sent: Monday, September 02, 2013 2:38 AM
> >> >> Subject: Re: [hlds_linux] NET_GetLong attacks
> >> >>
> >> >>
> >> >> > Is it possible to stop this attack using iptables? Usually using the
> >> >> > "Valve-way" of stopping the attacks won't work very well.
> >> >> >> Date: Sun, 1 Sep 2013 23:45:23 -0400
> >> >> >> From: [email protected]
> >> >> >> To: [email protected]
> >> >> >> Subject: Re: [hlds_linux] NET_GetLong attacks
> >> >> >>
> >> >> >> That might have worked with the other filtering we are doing. If it
> >> >> >> does
> >> >> >> I will send you the money. Send me a private email with your steam
> >> >> >> user.
> >> >> >>
> >> >> >>
> >> >> >> On 9/1/2013 11:11 PM, Bottiger wrote:
> >> >> >> > If you used the version I posted it should not have set your
> >> >> >> > sv_max_queries_sec_global
> >> >> >> > so high.
> >> >> >> >
> >> >> >> > You are supposed to lower that number until it becomes playable
> >> >> >> > and
> >> >> >> > raise
> >> >> >> > the window.
> >> >> >> >
> >> >> >> >
> >> >> >
> >> >> > _______________________________________________
> >> >> > To unsubscribe, edit your list preferences, or view the list
> >> >> > archives,
> >> >> > please visit:
> >> >> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> To unsubscribe, edit your list preferences, or view the list archives,
> >> >> please visit:
> >> >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> >> >
> >> > _______________________________________________
> >> > To unsubscribe, edit your list preferences, or view the list archives,
> >> > please visit:
> >> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> >>
> >>
> >> _______________________________________________
> >> To unsubscribe, edit your list preferences, or view the list archives,
> >> please visit:
> >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> >
> > _______________________________________________
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> >
>
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives, please
> visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
