The numbers coming from the logs in srcds appear to be wrong, the packet
size it lists (8293) is incorrect even if the packet is being split, and the
valid size that it's giving, I'm not actually sure how it's calculating
that. It's probably coming from one of these convars, net_maxroutable,
net_splitrate, net_maxfragments. (But still not accurate.)
----- Original Message -----
From: "Weasel" <[email protected]>
To: <[email protected]>
Sent: Tuesday, September 03, 2013 2:54 AM
Subject: Re: [hlds_linux] NET_GetLong attacks
If the "Valid Size" is always in the range 564-1248, is there a way to
have IP tables block anything that is EITHER above or below that size
limit? or will that interfere with the game? (i.e. are there other LEGIT
game-related packets outside the range to be expected?).
______________________________________________________
Re: [hlds_linux] NET_GetLong attacks
Calvin Judy Mon, 02 Sep 2013 03:09:16 -0700
Rating limiting the a2s queries will still make the server appear offline,
if you read your log that you posted, it gives you the size, and the
acceptable size, you should be able to tailor a rule to fit your needs.
Log:
NET_GetLong: Split packet from 157.208.132.148:54712 with invalid split
size (number 99/ count 114) where size 8293 is out of valid range [564 -
1248 ] NET_GetLong: Split packet from 61.52.31.78:45086 with invalid split
size (number 99/ count 114) where size 8293 is out of valid range [564 -
1248 ]
Size: 8293
Valid Size: 564-1248
Rule:
iptables -A INPUT -i eth0 -p udp --dport 27015 -m length --length 8293 -j
DROP
Make sure you also update the destination port if it's different. (I just
tried this rule on my machine and it's working.)
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux