[hlds_linux] A2S_INFO DDOS fix
Hi, If you are on the hlds windows mailing list, then you probably already know about A2S_INFO DDOS attacks. I have mistakenly posted a *fix* on the list for *nix servers which I should have posted here. In short: If your server gets ddosed with A2S_INFO packets, it will get really laggy. Setting sv_max_queries_sec to a low value will make the server disappear from the server browser list. I'm providing you with a UDP Caching Proxy which will query the server with A2S_INFO requests not more than once in a five seconds and respond to the client with the cached data. Setup: 1. Get the source from http://www.gign.lv/tmp/querycache.c 2. Compile with gcc querycache.c -o querycache 3. Open an UDP port in firewall for the proxy server, lets say 21015 4. Make sure you have iptables NAT, REDIRECT and string match support compiled into kernel or as modules 5. execute: iptables -t nat -A PREROUTING -p udp -d YOUR_EXTERNAL_TF2_SERVER_IP --dport YOUR_SERVER_PORT -m string --algo kmp --string 'TSource Engine Query' -j REDIRECT --to-port 21015 6. Run querycache (probably under screen, so you can detach from it) I've been ddosed with about 300req/sec and it works good, however I don't give any warranty that it will work for you. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] A2S_INFO DDOS fix
I guess I'll post my fix tool here too, since it is buried down in the other discussion. Here is a fix for windows servers, that doesn't require a firewall to work http://www.wantedgov.it/page/62-srcds-query-cache/ On Sun, Sep 6, 2009 at 1:13 PM, Kasparskasp...@micro.lv wrote: Hi, If you are on the hlds windows mailing list, then you probably already know about A2S_INFO DDOS attacks. I have mistakenly posted a *fix* on the list for *nix servers which I should have posted here. In short: If your server gets ddosed with A2S_INFO packets, it will get really laggy. Setting sv_max_queries_sec to a low value will make the server disappear from the server browser list. I'm providing you with a UDP Caching Proxy which will query the server with A2S_INFO requests not more than once in a five seconds and respond to the client with the cached data. Setup: 1. Get the source from http://www.gign.lv/tmp/querycache.c 2. Compile with gcc querycache.c -o querycache 3. Open an UDP port in firewall for the proxy server, lets say 21015 4. Make sure you have iptables NAT, REDIRECT and string match support compiled into kernel or as modules 5. execute: iptables -t nat -A PREROUTING -p udp -d YOUR_EXTERNAL_TF2_SERVER_IP --dport YOUR_SERVER_PORT -m string --algo kmp --string 'TSource Engine Query' -j REDIRECT --to-port 21015 6. Run querycache (probably under screen, so you can detach from it) I've been ddosed with about 300req/sec and it works good, however I don't give any warranty that it will work for you. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] A2S_INFO DDOS fix
I have seen you changed your code, the first version was not working for me. The stdlib is still not included, this leads to some warnings. You have defined the response size, but you use the 1000 byte msg.size instead, I don't know if this could be a problem, I don't think so. Anyways, I have coded my own proxy in PHP, because yours wasn't working. As I can see, the firewall rule also redirect some packets which are 9 bytes and the A2S_PLAYER request. I have adjusted my proxy to send all malformed packets to the server, otherwise you reply with a wrong response. Hi, If you are on the hlds windows mailing list, then you probably already know about A2S_INFO DDOS attacks. I have mistakenly posted a *fix* on the list for *nix servers which I should have posted here. In short: If your server gets ddosed with A2S_INFO packets, it will get really laggy. Setting sv_max_queries_sec to a low value will make the server disappear from the server browser list. I'm providing you with a UDP Caching Proxy which will query the server with A2S_INFO requests not more than once in a five seconds and respond to the client with the cached data. Setup: 1. Get the source from http://www.gign.lv/tmp/querycache.c 2. Compile with gcc querycache.c -o querycache 3. Open an UDP port in firewall for the proxy server, lets say 21015 4. Make sure you have iptables NAT, REDIRECT and string match support compiled into kernel or as modules 5. execute: iptables -t nat -A PREROUTING -p udp -d YOUR_EXTERNAL_TF2_SERVER_IP --dport YOUR_SERVER_PORT -m string --algo kmp --string 'TSource Engine Query' -j REDIRECT --to-port 21015 6. Run querycache (probably under screen, so you can detach from it) I've been ddosed with about 300req/sec and it works good, however I don't give any warranty that it will work for you. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] A2S_INFO DDOS fix
I forgot an important part, your query proxy has still no rate limit. It can be used to flood spoofed IP's. Hi, If you are on the hlds windows mailing list, then you probably already know about A2S_INFO DDOS attacks. I have mistakenly posted a *fix* on the list for *nix servers which I should have posted here. In short: If your server gets ddosed with A2S_INFO packets, it will get really laggy. Setting sv_max_queries_sec to a low value will make the server disappear from the server browser list. I'm providing you with a UDP Caching Proxy which will query the server with A2S_INFO requests not more than once in a five seconds and respond to the client with the cached data. Setup: 1. Get the source from http://www.gign.lv/tmp/querycache.c 2. Compile with gcc querycache.c -o querycache 3. Open an UDP port in firewall for the proxy server, lets say 21015 4. Make sure you have iptables NAT, REDIRECT and string match support compiled into kernel or as modules 5. execute: iptables -t nat -A PREROUTING -p udp -d YOUR_EXTERNAL_TF2_SERVER_IP --dport YOUR_SERVER_PORT -m string --algo kmp --string 'TSource Engine Query' -j REDIRECT --to-port 21015 6. Run querycache (probably under screen, so you can detach from it) I've been ddosed with about 300req/sec and it works good, however I don't give any warranty that it will work for you. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] A2S_INFO DDOS fix
firewall rule could be adjusted to this: iptables -t nat -A PREROUTING -p udp -d SERVER_IP --dport SERVER_PORT -m string --algo kmp --string 'TSource Engine Query' -m length --length 53 -j REDIRECT --to-port 21015 As for the rate limit... I don't think this is a good idea, because setting such a limit will make the server disappear from the browser list for legit clients. And if you have a good connection, you probably will not notice the traffic increase anyway. 2009/9/6 Ronny Schedel i...@ronny-schedel.de I forgot an important part, your query proxy has still no rate limit. It can be used to flood spoofed IP's. Hi, If you are on the hlds windows mailing list, then you probably already know about A2S_INFO DDOS attacks. I have mistakenly posted a *fix* on the list for *nix servers which I should have posted here. In short: If your server gets ddosed with A2S_INFO packets, it will get really laggy. Setting sv_max_queries_sec to a low value will make the server disappear from the server browser list. I'm providing you with a UDP Caching Proxy which will query the server with A2S_INFO requests not more than once in a five seconds and respond to the client with the cached data. Setup: 1. Get the source from http://www.gign.lv/tmp/querycache.c 2. Compile with gcc querycache.c -o querycache 3. Open an UDP port in firewall for the proxy server, lets say 21015 4. Make sure you have iptables NAT, REDIRECT and string match support compiled into kernel or as modules 5. execute: iptables -t nat -A PREROUTING -p udp -d YOUR_EXTERNAL_TF2_SERVER_IP --dport YOUR_SERVER_PORT -m string --algo kmp --string 'TSource Engine Query' -j REDIRECT --to-port 21015 6. Run querycache (probably under screen, so you can detach from it) I've been ddosed with about 300req/sec and it works good, however I don't give any warranty that it will work for you. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] A2S_INFO DDOS fix
Could you use the firewall to rate limit using -m limit --limit 1/s --limit-burst 10 or similar? Maybe something like this? iptables -t nat -A PREROUTING -p udp -d SERVER_IP --dport SERVER_PORT -m string --algo kmp --string 'TSource Engine Query' -m length --length 53 -m limit --limit 1/s --limit-burst 10 -j REDIRECT --to-port 21015 Maybe won't even need the proxy if the firewall is limiting the DOS packets? I have not tried the above. } -Original Message- } From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux- } boun...@list.valvesoftware.com] On Behalf Of Kaspars } Sent: Sunday, September 06, 2009 9:43 AM } To: Half-Life dedicated Linux server mailing list } Subject: Re: [hlds_linux] A2S_INFO DDOS fix } } firewall rule could be adjusted to this: } iptables -t nat -A PREROUTING -p udp -d SERVER_IP --dport SERVER_PORT -m } string --algo kmp --string 'TSource Engine Query' -m length --length 53 -j } REDIRECT --to-port 21015 } } As for the rate limit... I don't think this is a good idea, because } setting } such a limit will make the server disappear from the browser list for } legit } clients. And if you have a good connection, you probably will not notice } the } traffic increase anyway. } } } 2009/9/6 Ronny Schedel i...@ronny-schedel.de } } } I forgot an important part, your query proxy has still no rate limit. It } can } be used to flood spoofed IP's. } } } Hi, } } If you are on the hlds windows mailing list, then you probably already } know } about A2S_INFO DDOS attacks. I have mistakenly posted a *fix* on the } list } for *nix servers which I should have posted here. } } In short: } If your server gets ddosed with A2S_INFO packets, it will get really } laggy. } Setting sv_max_queries_sec to a low value will make the server } disappear } from the server browser list. I'm providing you with a UDP Caching } Proxy } which will query the server with A2S_INFO requests not more than once } in } a } five seconds and respond to the client with the cached data. } } Setup: } 1. Get the source from http://www.gign.lv/tmp/querycache.c } 2. Compile with gcc querycache.c -o querycache } 3. Open an UDP port in firewall for the proxy server, lets say 21015 } 4. Make sure you have iptables NAT, REDIRECT and string match support } compiled into kernel or as modules } 5. execute: iptables -t nat -A PREROUTING -p udp -d } YOUR_EXTERNAL_TF2_SERVER_IP --dport YOUR_SERVER_PORT -m string --algo } kmp } --string 'TSource Engine Query' -j REDIRECT --to-port 21015 } 6. Run querycache (probably under screen, so you can detach from it) } } I've been ddosed with about 300req/sec and it works good, however I } don't } give any warranty that it will work for you. } ___ } To unsubscribe, edit your list preferences, or view the list archives, } please visit: } http://list.valvesoftware.com/mailman/listinfo/hlds_linux } } } } ___ } To unsubscribe, edit your list preferences, or view the list archives, } please visit: } http://list.valvesoftware.com/mailman/listinfo/hlds_linux } } ___ } To unsubscribe, edit your list preferences, or view the list archives, } please visit: } http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] A2S_INFO DDOS fix
As I said before, you could just set sv_max_queries_sec to very small number, but that would lead to server not showing up in the server browser list. The same goes for the limiting - it will just drop out of the list and thats why there is a proxy which takes off the load from gameserver. I can confirm what Ronny Schedel said that iptables does sometime redirect wrong packets to the proxy, I'm investigating this now... 2009/9/6 Guy Watkins hlds_li...@watkins-home.com Could you use the firewall to rate limit using -m limit --limit 1/s --limit-burst 10 or similar? Maybe something like this? iptables -t nat -A PREROUTING -p udp -d SERVER_IP --dport SERVER_PORT -m string --algo kmp --string 'TSource Engine Query' -m length --length 53 -m limit --limit 1/s --limit-burst 10 -j REDIRECT --to-port 21015 Maybe won't even need the proxy if the firewall is limiting the DOS packets? I have not tried the above. } -Original Message- } From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux- } boun...@list.valvesoftware.com] On Behalf Of Kaspars } Sent: Sunday, September 06, 2009 9:43 AM } To: Half-Life dedicated Linux server mailing list } Subject: Re: [hlds_linux] A2S_INFO DDOS fix } } firewall rule could be adjusted to this: } iptables -t nat -A PREROUTING -p udp -d SERVER_IP --dport SERVER_PORT -m } string --algo kmp --string 'TSource Engine Query' -m length --length 53 -j } REDIRECT --to-port 21015 } } As for the rate limit... I don't think this is a good idea, because } setting } such a limit will make the server disappear from the browser list for } legit } clients. And if you have a good connection, you probably will not notice } the } traffic increase anyway. } } } 2009/9/6 Ronny Schedel i...@ronny-schedel.de } } } I forgot an important part, your query proxy has still no rate limit. It } can } be used to flood spoofed IP's. } } } Hi, } } If you are on the hlds windows mailing list, then you probably already } know } about A2S_INFO DDOS attacks. I have mistakenly posted a *fix* on the } list } for *nix servers which I should have posted here. } } In short: } If your server gets ddosed with A2S_INFO packets, it will get really } laggy. } Setting sv_max_queries_sec to a low value will make the server } disappear } from the server browser list. I'm providing you with a UDP Caching } Proxy } which will query the server with A2S_INFO requests not more than once } in } a } five seconds and respond to the client with the cached data. } } Setup: } 1. Get the source from http://www.gign.lv/tmp/querycache.c } 2. Compile with gcc querycache.c -o querycache } 3. Open an UDP port in firewall for the proxy server, lets say 21015 } 4. Make sure you have iptables NAT, REDIRECT and string match support } compiled into kernel or as modules } 5. execute: iptables -t nat -A PREROUTING -p udp -d } YOUR_EXTERNAL_TF2_SERVER_IP --dport YOUR_SERVER_PORT -m string --algo } kmp } --string 'TSource Engine Query' -j REDIRECT --to-port 21015 } 6. Run querycache (probably under screen, so you can detach from it) } } I've been ddosed with about 300req/sec and it works good, however I } don't } give any warranty that it will work for you. } ___ } To unsubscribe, edit your list preferences, or view the list archives, } please visit: } http://list.valvesoftware.com/mailman/listinfo/hlds_linux } } } } ___ } To unsubscribe, edit your list preferences, or view the list archives, } please visit: } http://list.valvesoftware.com/mailman/listinfo/hlds_linux } } ___ } To unsubscribe, edit your list preferences, or view the list archives, } please visit: } http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] A2S_INFO DDOS fix
You did not understand. I only wanted to limit the packets that match the DOS attack. Only the DOS attacks that match the Query string and length would be rate limited. I think. But maybe you are saying the server browser uses the same string and length? At least the server will not lag for the players that find the server. } -Original Message- } From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux- } boun...@list.valvesoftware.com] On Behalf Of Kaspars } Sent: Sunday, September 06, 2009 11:58 AM } To: Half-Life dedicated Linux server mailing list } Subject: Re: [hlds_linux] A2S_INFO DDOS fix } } As I said before, you could just set sv_max_queries_sec to very small } number, but that would lead to server not showing up in the server browser } list. The same goes for the limiting - it will just drop out of the list } and } thats why there is a proxy which takes off the load from gameserver. } } I can confirm what Ronny Schedel said that iptables does sometime redirect } wrong packets to the proxy, I'm investigating this now... } } 2009/9/6 Guy Watkins hlds_li...@watkins-home.com } } Could you use the firewall to rate limit using -m limit --limit 1/s } --limit-burst 10 or similar? } } Maybe something like this? } iptables -t nat -A PREROUTING -p udp -d SERVER_IP --dport SERVER_PORT -m } string --algo kmp --string 'TSource Engine Query' -m length --length 53 } -m } limit --limit 1/s --limit-burst 10 -j REDIRECT --to-port 21015 } } Maybe won't even need the proxy if the firewall is limiting the DOS } packets? } } I have not tried the above. } } } -Original Message- } } From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux- } } boun...@list.valvesoftware.com] On Behalf Of Kaspars } } Sent: Sunday, September 06, 2009 9:43 AM } } To: Half-Life dedicated Linux server mailing list } } Subject: Re: [hlds_linux] A2S_INFO DDOS fix } } } } firewall rule could be adjusted to this: } } iptables -t nat -A PREROUTING -p udp -d SERVER_IP --dport SERVER_PORT } -m } } string --algo kmp --string 'TSource Engine Query' -m length --length } 53 } -j } } REDIRECT --to-port 21015 } } } } As for the rate limit... I don't think this is a good idea, because } } setting } } such a limit will make the server disappear from the browser list for } } legit } } clients. And if you have a good connection, you probably will not } notice } } the } } traffic increase anyway. } } } } } } 2009/9/6 Ronny Schedel i...@ronny-schedel.de } } } } } } I forgot an important part, your query proxy has still no rate } limit. } It } } can } } be used to flood spoofed IP's. } } } } } } Hi, } } } } If you are on the hlds windows mailing list, then you probably } already } } know } } about A2S_INFO DDOS attacks. I have mistakenly posted a *fix* on } the } } list } } for *nix servers which I should have posted here. } } } } In short: } } If your server gets ddosed with A2S_INFO packets, it will get } really } } laggy. } } Setting sv_max_queries_sec to a low value will make the server } } disappear } } from the server browser list. I'm providing you with a UDP Caching } } Proxy } } which will query the server with A2S_INFO requests not more than } once } } in } } a } } five seconds and respond to the client with the cached data. } } } } Setup: } } 1. Get the source from http://www.gign.lv/tmp/querycache.c } } 2. Compile with gcc querycache.c -o querycache } } 3. Open an UDP port in firewall for the proxy server, lets say } 21015 } } 4. Make sure you have iptables NAT, REDIRECT and string match } support } } compiled into kernel or as modules } } 5. execute: iptables -t nat -A PREROUTING -p udp -d } } YOUR_EXTERNAL_TF2_SERVER_IP --dport YOUR_SERVER_PORT -m string -- } algo } } kmp } } --string 'TSource Engine Query' -j REDIRECT --to-port 21015 } } 6. Run querycache (probably under screen, so you can detach from } it) } } } } I've been ddosed with about 300req/sec and it works good, however } I } } don't } } give any warranty that it will work for you. } } ___ } } To unsubscribe, edit your list preferences, or view the list } archives, } } please visit: } } http://list.valvesoftware.com/mailman/listinfo/hlds_linux } } } } } } } } ___ } } To unsubscribe, edit your list preferences, or view the list } archives, } } please visit: } } http://list.valvesoftware.com/mailman/listinfo/hlds_linux } } } } ___ } } To unsubscribe, edit your list preferences, or view the list archives, } } please visit: } } http://list.valvesoftware.com/mailman/listinfo/hlds_linux } } } ___ } To unsubscribe, edit your list preferences, or view the list archives, } please visit: } http
Re: [hlds_linux] A2S_INFO DDOS fix
You cannot distinguish good packets from bad, they all seem legit, they are just A LOT and from A LOT of sources. If it would be that simple, you could just drop the bad packets with iptables. I have updated the querycache.c file so it understands also other packets... player listing will now work correctly. 2009/9/6 Guy Watkins hlds_li...@watkins-home.com You did not understand. I only wanted to limit the packets that match the DOS attack. Only the DOS attacks that match the Query string and length would be rate limited. I think. But maybe you are saying the server browser uses the same string and length? At least the server will not lag for the players that find the server. } -Original Message- } From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux- } boun...@list.valvesoftware.com] On Behalf Of Kaspars } Sent: Sunday, September 06, 2009 11:58 AM } To: Half-Life dedicated Linux server mailing list } Subject: Re: [hlds_linux] A2S_INFO DDOS fix } } As I said before, you could just set sv_max_queries_sec to very small } number, but that would lead to server not showing up in the server browser } list. The same goes for the limiting - it will just drop out of the list } and } thats why there is a proxy which takes off the load from gameserver. } } I can confirm what Ronny Schedel said that iptables does sometime redirect } wrong packets to the proxy, I'm investigating this now... } } 2009/9/6 Guy Watkins hlds_li...@watkins-home.com } } Could you use the firewall to rate limit using -m limit --limit 1/s } --limit-burst 10 or similar? } } Maybe something like this? } iptables -t nat -A PREROUTING -p udp -d SERVER_IP --dport SERVER_PORT -m } string --algo kmp --string 'TSource Engine Query' -m length --length 53 } -m } limit --limit 1/s --limit-burst 10 -j REDIRECT --to-port 21015 } } Maybe won't even need the proxy if the firewall is limiting the DOS } packets? } } I have not tried the above. } } } -Original Message- } } From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux- } } boun...@list.valvesoftware.com] On Behalf Of Kaspars } } Sent: Sunday, September 06, 2009 9:43 AM } } To: Half-Life dedicated Linux server mailing list } } Subject: Re: [hlds_linux] A2S_INFO DDOS fix } } } } firewall rule could be adjusted to this: } } iptables -t nat -A PREROUTING -p udp -d SERVER_IP --dport SERVER_PORT } -m } } string --algo kmp --string 'TSource Engine Query' -m length --length } 53 } -j } } REDIRECT --to-port 21015 } } } } As for the rate limit... I don't think this is a good idea, because } } setting } } such a limit will make the server disappear from the browser list for } } legit } } clients. And if you have a good connection, you probably will not } notice } } the } } traffic increase anyway. } } } } } } 2009/9/6 Ronny Schedel i...@ronny-schedel.de } } } } } } I forgot an important part, your query proxy has still no rate } limit. } It } } can } } be used to flood spoofed IP's. } } } } } } Hi, } } } } If you are on the hlds windows mailing list, then you probably } already } } know } } about A2S_INFO DDOS attacks. I have mistakenly posted a *fix* on } the } } list } } for *nix servers which I should have posted here. } } } } In short: } } If your server gets ddosed with A2S_INFO packets, it will get } really } } laggy. } } Setting sv_max_queries_sec to a low value will make the server } } disappear } } from the server browser list. I'm providing you with a UDP Caching } } Proxy } } which will query the server with A2S_INFO requests not more than } once } } in } } a } } five seconds and respond to the client with the cached data. } } } } Setup: } } 1. Get the source from http://www.gign.lv/tmp/querycache.c } } 2. Compile with gcc querycache.c -o querycache } } 3. Open an UDP port in firewall for the proxy server, lets say } 21015 } } 4. Make sure you have iptables NAT, REDIRECT and string match } support } } compiled into kernel or as modules } } 5. execute: iptables -t nat -A PREROUTING -p udp -d } } YOUR_EXTERNAL_TF2_SERVER_IP --dport YOUR_SERVER_PORT -m string -- } algo } } kmp } } --string 'TSource Engine Query' -j REDIRECT --to-port 21015 } } 6. Run querycache (probably under screen, so you can detach from } it) } } } } I've been ddosed with about 300req/sec and it works good, however } I } } don't } } give any warranty that it will work for you. } } ___ } } To unsubscribe, edit your list preferences, or view the list } archives, } } please visit: } } http://list.valvesoftware.com/mailman/listinfo/hlds_linux } } } } } } } } ___ } } To unsubscribe, edit your list preferences