Right officials won't do a thing since he hasn't caused thousands in damage. If anything, get his IP address, everyone who's been attacked by him gather all their proof, and report him to his ISP.
On Mon, Sep 2, 2013 at 1:19 PM, ElitePowered . <[email protected]>wrote: > How about you report his ip to the right officals. That'll do a much better > job than a steam id. It'll take a while to process but he'll be dealt with. > For now, i think a lot of us are being affected by this attack. And it's > more than 1 person. I'm seeing IPs from many places. Best solution is to > report it to valve until they respond and to also start using query cache > which should help a bit. I haven't tried Bottiger's solution yet but i > think it's hopeful. You might want to upgrade on your bandwith :) > > > On Mon, Sep 2, 2013 at 12:26 PM, Violent Crimes < > [email protected]> wrote: > > > Hey I know who is attacking you its the same guy who is attacking me. > > http://bans.blackoutgaming.**org/index.php?p=banlist&** > > advSearch=STEAM_0:1:43055663&**advType=steamid< > http://bans.blackoutgaming.org/index.php?p=banlist&advSearch=STEAM_0:1:43055663&advType=steamid > > > > > > > > STEAM_0:1:43055663 > > > > > > > > On 9/2/2013 7:25 AM, Michael Johansen wrote: > > > >> Blocked those and the attack still persists. > >> > >> From: [email protected] > >>> To: [email protected].**com< > [email protected]> > >>> Date: Mon, 2 Sep 2013 07:14:43 -0400 > >>> Subject: Re: [hlds_linux] NET_GetLong attacks > >>> > >>> Okay, the number you provided (53) is the size of the string, the > entire > >>> packet size is either 60 or 67 depending on the query. (there's 2 > queries > >>> that are repeating.) > >>> > >>> Try these rules: > >>> iptables -A INPUT -p udp --dport 27135 -m length --length 60 -j DROP > >>> iptables -A INPUT -p udp --dport 27135 -m length --length 67 -j DROP > >>> > >>> I just tried these locally and they do not stop the valid queries from > >>> the > >>> steam browser. > >>> > >>> > >>> ----- Original Message ----- > >>> From: "Michael Johansen" <[email protected]> > >>> To: "Half-Life dedicated Linux server mailing list" > >>> <hlds_linux@list.**valvesoftware.com < > [email protected]> > >>> > > >>> Sent: Monday, September 02, 2013 6:57 AM > >>> Subject: Re: [hlds_linux] NET_GetLong attacks > >>> > >>> > >>> http://replays.blackoutgaming.**org/attack1.cap< > http://replays.blackoutgaming.org/attack1.cap> > >>>> > >>>> This is from an attack. You should be able to open it using WireShark. > >>>> > >>>>> From: [email protected] > >>>>> To: [email protected].**com< > [email protected]> > >>>>> Date: Mon, 2 Sep 2013 06:44:46 -0400 > >>>>> Subject: Re: [hlds_linux] NET_GetLong attacks > >>>>> > >>>>> Post the tcpdump so we can look at it. > >>>>> > >>>>> ----- Original Message ----- > >>>>> From: "Michael Johansen" <[email protected]> > >>>>> To: "Half-Life dedicated Linux server mailing list" > >>>>> <hlds_linux@list.**valvesoftware.com< > [email protected]> > >>>>> > > >>>>> Sent: Monday, September 02, 2013 6:38 AM > >>>>> Subject: Re: [hlds_linux] NET_GetLong attacks > >>>>> > >>>>> > >>>>> I tried that too, and the servers stopped showing in both server > >>>>>> browser > >>>>>> and SourceBans. It looks like the only way to stop this is with a > >>>>>> plugin > >>>>>> or > >>>>>> extension on the servers. > >>>>>> > >>>>>>> From: [email protected] > >>>>>>> To: [email protected].**com< > [email protected]> > >>>>>>> Date: Mon, 2 Sep 2013 06:35:04 -0400 > >>>>>>> Subject: Re: [hlds_linux] NET_GetLong attacks > >>>>>>> > >>>>>>> Modify the packet size in the rule I gave you to match what tcpdump > >>>>>>> is > >>>>>>> showing then, see if that works. > >>>>>>> > >>>>>>> > >>>>>>> ----- Original Message ----- > >>>>>>> From: "Michael Johansen" <[email protected]> > >>>>>>> To: "Half-Life dedicated Linux server mailing list" > >>>>>>> <hlds_linux@list.**valvesoftware.com< > [email protected]> > >>>>>>> > > >>>>>>> Sent: Monday, September 02, 2013 6:32 AM > >>>>>>> Subject: Re: [hlds_linux] NET_GetLong attacks > >>>>>>> > >>>>>>> > >>>>>>> I don't know how SRCDS find that range, but tcpdump claims the > >>>>>>>> packet > >>>>>>>> is > >>>>>>>> 53 > >>>>>>>> bytes. And I'll have to take back what I said that the server lag > >>>>>>>> was > >>>>>>>> gone - it still lags badly whenever the attack hits. The cache > takes > >>>>>>>> quite > >>>>>>>> a bit of it, but it still lags. > >>>>>>>> > >>>>>>>> From: [email protected] > >>>>>>>>> To: [email protected].**com< > [email protected]> > >>>>>>>>> Date: Mon, 2 Sep 2013 06:07:49 -0400 > >>>>>>>>> Subject: Re: [hlds_linux] NET_GetLong attacks > >>>>>>>>> > >>>>>>>>> Rating limiting the a2s queries will still make the server appear > >>>>>>>>> offline, > >>>>>>>>> if you read your log that you posted, it gives you the size, and > >>>>>>>>> the > >>>>>>>>> acceptable size, you should be able to tailor a rule to fit your > >>>>>>>>> needs. > >>>>>>>>> > >>>>>>>>> Log: > >>>>>>>>> NET_GetLong: Split packet from 157.208.132.148:54712 with > invalid > >>>>>>>>> split > >>>>>>>>> size (number 99/ count 114) where size 8293 is out of valid range > >>>>>>>>> [564 - > >>>>>>>>> 1248 ] > >>>>>>>>> NET_GetLong: Split packet from 61.52.31.78:45086 with invalid > >>>>>>>>> split > >>>>>>>>> size > >>>>>>>>> (number 99/ count 114) where size 8293 is out of valid range > [564 - > >>>>>>>>> 1248 ] > >>>>>>>>> > >>>>>>>>> Size: 8293 > >>>>>>>>> Valid Size: 564-1248 > >>>>>>>>> > >>>>>>>>> Rule: > >>>>>>>>> iptables -A INPUT -i eth0 -p udp --dport 27015 -m length --length > >>>>>>>>> 8293 -j > >>>>>>>>> DROP > >>>>>>>>> > >>>>>>>>> Make sure you also update the destination port if it's different. > >>>>>>>>> (I > >>>>>>>>> just > >>>>>>>>> tried this rule on my machine and it's working.) > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> ----- Original Message ----- > >>>>>>>>> From: "Michael Johansen" <[email protected]> > >>>>>>>>> To: "Half-Life dedicated Linux server mailing list" > >>>>>>>>> <hlds_linux@list.**valvesoftware.com< > [email protected]> > >>>>>>>>> > > >>>>>>>>> Sent: Monday, September 02, 2013 5:12 AM > >>>>>>>>> Subject: Re: [hlds_linux] NET_GetLong attacks > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> I've tried that, and it doesn't work. For now the solution is to > >>>>>>>>>> run > >>>>>>>>>> Query > >>>>>>>>>> Cache to make the server playable, it will still disappear from > >>>>>>>>>> the > >>>>>>>>>> serverbrowser though. Is there a solution to that? Somehow > >>>>>>>>>> rate-limiting > >>>>>>>>>> A2S queries? > >>>>>>>>>> > >>>>>>>>>> From: [email protected] > >>>>>>>>>>> To: [email protected].**com< > [email protected]> > >>>>>>>>>>> Date: Mon, 2 Sep 2013 04:10:15 -0400 > >>>>>>>>>>> Subject: Re: [hlds_linux] NET_GetLong attacks > >>>>>>>>>>> > >>>>>>>>>>> Yes, it was mentioned on the other thread titled "steam server > >>>>>>>>>>> ports." > >>>>>>>>>>> > >>>>>>>>>>> http://forums.alliedmods.net/**showthread.php?t=151551< > http://forums.alliedmods.net/showthread.php?t=151551> > >>>>>>>>>>> > >>>>>>>>>>> The 4th section from the top is dealing with attacks like this. > >>>>>>>>>>> > >>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>> From: "Michael Johansen" <[email protected]> > >>>>>>>>>>> To: "Half-Life dedicated Linux server mailing list" > >>>>>>>>>>> <hlds_linux@list.**valvesoftware.com< > [email protected]> > >>>>>>>>>>> > > >>>>>>>>>>> Sent: Monday, September 02, 2013 2:38 AM > >>>>>>>>>>> Subject: Re: [hlds_linux] NET_GetLong attacks > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> Is it possible to stop this attack using iptables? Usually > >>>>>>>>>>>> using > >>>>>>>>>>>> the > >>>>>>>>>>>> "Valve-way" of stopping the attacks won't work very well. > >>>>>>>>>>>> > >>>>>>>>>>>>> Date: Sun, 1 Sep 2013 23:45:23 -0400 > >>>>>>>>>>>>> From: violentcrimes@convictgaming.**com< > [email protected]> > >>>>>>>>>>>>> To: [email protected].**com< > [email protected]> > >>>>>>>>>>>>> Subject: Re: [hlds_linux] NET_GetLong attacks > >>>>>>>>>>>>> > >>>>>>>>>>>>> That might have worked with the other filtering we are doing. > >>>>>>>>>>>>> If > >>>>>>>>>>>>> it > >>>>>>>>>>>>> does > >>>>>>>>>>>>> I will send you the money. Send me a private email with your > >>>>>>>>>>>>> steam > >>>>>>>>>>>>> user. > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> On 9/1/2013 11:11 PM, Bottiger wrote: > >>>>>>>>>>>>> > >>>>>>>>>>>>>> If you used the version I posted it should not have set > >>>>>>>>>>>>>> your > >>>>>>>>>>>>>> sv_max_queries_sec_global > >>>>>>>>>>>>>> so high. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> You are supposed to lower that number until it becomes > >>>>>>>>>>>>>> playable > >>>>>>>>>>>>>> and > >>>>>>>>>>>>>> raise > >>>>>>>>>>>>>> the window. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> ______________________________**_________________ > >>>>>>>>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>>>>>>>> archives, > >>>>>>>>>>>> please visit: > >>>>>>>>>>>> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/** > >>>>>>>>>>>> hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> ______________________________**_________________ > >>>>>>>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>>>>>>> archives, > >>>>>>>>>>> please visit: > >>>>>>>>>>> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/** > >>>>>>>>>>> hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>>>>>>>>>> > >>>>>>>>>> ______________________________**_________________ > >>>>>>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>>>>>> archives, > >>>>>>>>>> please visit: > >>>>>>>>>> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/** > >>>>>>>>>> hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>>>>>>>>> > >>>>>>>>> > >>>>>>>>> ______________________________**_________________ > >>>>>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>>>>> archives, > >>>>>>>>> please visit: > >>>>>>>>> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/** > >>>>>>>>> hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>>>>>>>> > >>>>>>>> ______________________________**_________________ > >>>>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>>>> archives, > >>>>>>>> please visit: > >>>>>>>> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/** > >>>>>>>> hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>>>>>>> > >>>>>>>> > >>>>>>> ______________________________**_________________ > >>>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>>> archives, > >>>>>>> please visit: > >>>>>>> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/** > >>>>>>> hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>>>>>> > >>>>>> ______________________________**_________________ > >>>>>> To unsubscribe, edit your list preferences, or view the list > archives, > >>>>>> please visit: > >>>>>> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/** > >>>>>> hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>>>>> > >>>>> > >>>>> ______________________________**_________________ > >>>>> To unsubscribe, edit your list preferences, or view the list > archives, > >>>>> please visit: > >>>>> https://list.valvesoftware. > **com/cgi-bin/mailman/listinfo/**hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>>>> > >>>> ______________________________**_________________ > >>>> To unsubscribe, edit your list preferences, or view the list archives, > >>>> please visit: > >>>> https://list.valvesoftware. > **com/cgi-bin/mailman/listinfo/**hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>>> > >>> > >>> ______________________________**_________________ > >>> To unsubscribe, edit your list preferences, or view the list archives, > >>> please visit: > >>> https://list.valvesoftware. > **com/cgi-bin/mailman/listinfo/**hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >>> > >> > >> ______________________________**_________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > >> > >> > > > > ______________________________**_________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux< > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
