How would you block this using iptables? if it means people cannot see the server during an attack but it doesn't kick out players who are already playing that is fine by me...
Kyle. On Sat, Aug 8, 2009 at 2:13 PM, Tony Paloma <drunkenf...@hotmail.com> wrote: > You'd be blocking any new players from seeing your server. Also, if you're > using iptables you'd want to list the IPs you want to allow first and then > deny all others. Iptable rules are applied in order. > > -----Original Message----- > From: hlds-boun...@list.valvesoftware.com > [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Matt Stanton > Sent: Saturday, August 08, 2009 12:33 PM > To: Half-Life dedicated Win32 server mailing list > Subject: Re: [hlds] TF2 Crashes (Alec Sanger) > > This may be a completely stupid idea, but keep in mind I do not know the > capabilities of SQL or of the linux kernel firewall. Would it be > feasable to DENY all UDP, then add ALLOWs for each ip address in a > HLStatsX database? I know we have roughly 100,000 players logged by > HLStatsX, so it seems like this would be far too many ips to have in a > firewall to get any sort of quick response, and would likely jack > latency up to a very extreme amount. If everything *is* fast enough to > handle that amount of information, then you could institute an DENY all > rule when an attack is detected, quickly add the ips of everyone who is > currently on the server to the ALLOW rules, then start adding ips in the > HLStatsX database to the ALLOW rules. You may also consider only adding > ips with a certain threshold of time spent on the servers. Once the > attack has died down, you could just go back to the normal firewall rules. > > It would be a nasty big coding job, but someone on this list is bound to > be able to do it if it's feasable. > > > > Kyle Sanderson wrote: > > Sorry for my previous negligence this just started with my server 2 > nights > > ago, I didn't realise it until now but it is the exact same thing that is > > happening with was was mentioned previously (Extremely high pings, > players > > ingame start skipping all over the place, etc.) > > > > If anyone has anymore information on how to block this attack please do > not > > hesitate to email me, > > Kyle. > > On Thu, Aug 6, 2009 at 4:35 PM, Tony Paloma <drunkenf...@hotmail.com> > wrote: > > > > > >> It's different IPs. Random IPs. Like I said, it's spoofed. Changing the > max > >> queries cvar will only change when source engine decides to stop giving > >> replies but doesn't seem to help the lag. An iptables rule will prevent > >> server lag but still have the same no-reply problem which prevents > players > >> from seeing your server. > >> > >> -----Original Message----- > >> From: hlds-boun...@list.valvesoftware.com > >> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins > >> Sent: Thursday, August 06, 2009 4:22 PM > >> To: Half-Life dedicated Win32 server mailing list > >> Subject: Re: [hlds] TF2 Crashes (Alec Sanger) > >> > >> Is it the same IP or does it change? Would changing sv_max_queries_max > >> do anything? > >> > >> > >> On Aug 6, 2009, at 6:04 PM, "Tony Paloma" <drunkenf...@hotmail.com> > >> wrote: > >> > >> > >>> Not with any currently available utilities. You can limit the number > >>> of > >>> queries allowed per second using an iptables rule, but it will also > >>> prevent > >>> regular players from seeing your server during an attack. > >>> > >>> -----Original Message----- > >>> From: hlds-boun...@list.valvesoftware.com > >>> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny > >>> Loggins > >>> Sent: Thursday, August 06, 2009 3:57 PM > >>> To: Half-Life dedicated Win32 server mailing list > >>> Subject: Re: [hlds] TF2 Crashes (Alec Sanger) > >>> > >>> So it's not possible to block this? > >>> > >>> ClanAO.com > >>> > >>> On Aug 6, 2009, at 5:34 PM, "Tony Paloma" <drunkenf...@hotmail.com> > >>> wrote: > >>> > >>> > >>>> From earlier in the thread: > >>>> It's A2S_INFO query spam on spoofed IP addresses > >>>> > >>>> -----Original Message----- > >>>> From: hlds-boun...@list.valvesoftware.com > >>>> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny > >>>> Loggins > >>>> Sent: Thursday, August 06, 2009 3:17 PM > >>>> To: Half-Life dedicated Win32 server mailing list > >>>> Subject: Re: [hlds] TF2 Crashes (Alec Sanger) > >>>> > >>>> Cam you give us more info on this? What type of attack is this? > >>>> > >>>> > >>>> On Aug 6, 2009, at 4:56 PM, "Tony Paloma" <drunkenf...@hotmail.com> > >>>> wrote: > >>>> > >>>> > >>>>> That plugin does nothing to prevent attack I (and others) have been > >>>>> experiencing nor does this have anything to do with running console > >>>>> commands > >>>>> before entering the game. > >>>>> > >>>>> -----Original Message----- > >>>>> From: hlds-boun...@list.valvesoftware.com > >>>>> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kyle > >>>>> Sanderson > >>>>> Sent: Thursday, August 06, 2009 2:12 PM > >>>>> To: Half-Life dedicated Win32 server mailing list > >>>>> Subject: Re: [hlds] TF2 Crashes (Alec Sanger) > >>>>> > >>>>> I installed that new RconLock and my server is still going strong. > >>>>> If you > >>>>> don't want all the features that come with it, download the source > >>>>> like I > >>>>> did and strip it down. > >>>>> > >>>>> RconLock: https://forums.alliedmods.net/showthread.php?t=93934 > >>>>> The kid who was crashing my server a month ago / exploit: > >>>>> > >>>>> > >> > > http://aluigi.freeforums.org/source-engine-seg-fault-crash-exploit-t993.html > >> > >>>>> Kyle > >>>>> > >>>>> On Thu, Aug 6, 2009 at 8:32 AM, Tony Paloma > >>>>> <drunkenf...@hotmail.com> wrote: > >>>>> > >>>>> > >>>>>> Ya attack has been ongoing for a couple hours now on my server. > >>>>>> > >>>>>> -----Original Message----- > >>>>>> From: hlds-boun...@list.valvesoftware.com > >>>>>> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane > >>>>>> Sent: Thursday, August 06, 2009 8:00 AM > >>>>>> To: Half-Life dedicated Win32 server mailing list > >>>>>> Subject: Re: [hlds] TF2 Crashes (Alec Sanger) > >>>>>> > >>>>>> Oh fun, some of my servers are empty. > >>>>>> > >>>>>> Guess it was only a matter of time until some shitface figured it > >>>>>> out. > >>>>>> > >>>>>> On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma > >>>>>> <drunkenf...@hotmail.com> > >>>>>> wrote: > >>>>>> > >>>>>> > >>>>>>> It is an attack. It's A2S_INFO query spam on spoofed IP addresses > >>>>>>> and > >>>>>>> > >>>>>> it's > >>>>>> > >>>>>>> happening to tons of servers. I think some community is trying to > >>>>>>> fill > >>>>>>> their > >>>>>>> servers by emptying out a ton of others. > >>>>>>> > >>>>>>> -----Original Message----- > >>>>>>> From: hlds-boun...@list.valvesoftware.com > >>>>>>> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny > >>>>>>> Loggins > >>>>>>> Sent: Wednesday, August 05, 2009 12:24 AM > >>>>>>> To: 'Half-Life dedicated Win32 server mailing list' > >>>>>>> Subject: Re: [hlds] TF2 Crashes (Alec Sanger) > >>>>>>> > >>>>>>> This is some attack for sure I have not had any issues myself but > >>>>>>> everything > >>>>>>> points to a person doing it server by server. The network traffic > >>>>>>> meter > >>>>>>> shows a slow steady drop in traffic. After looking in the logs I > >>>>>>> notice > >>>>>>> people talking about it a few other times today any remember > >>>>>>> noticing a > >>>>>>> server drop out and come back up quick (I didn't have time to look > >>>>>>> more > >>>>>>> into > >>>>>>> it) no problems at all before the exploit was pointed out today. > >>>>>>> Not > >>>>>>> > >>>>>> saying > >>>>>> > >>>>>>> that's bad I just hope they can be remedy this quick as I'm sure > >>>>>>> it's > >>>>>>> > >>>>> not > >>>>> > >>>>>>> going to stop with just our servers. > >>>>>>> > >>>>>>> I was on my forums at the time and didn't even notice this was > >>>>>>> going on > >>>>>>> > >>>>>> no > >>>>>> > >>>>>>> network issues at all. > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>>> archives, > >>>>>>> please visit: > >>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>>>>> _______________________________________________ > >>>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>>> archives, > >>>>>>> please visit: > >>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>>>>> > >>>>>>> > >>>>>> _______________________________________________ > >>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>> archives, > >>>>>> please visit: > >>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>>>> _______________________________________________ > >>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>> archives, > >>>>>> please visit: > >>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>>>> > >>>>>> > >>>>> _______________________________________________ > >>>>> To unsubscribe, edit your list preferences, or view the list > >>>>> archives, > >>>>> please visit: > >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>>> > >>>>> > >>>>> _______________________________________________ > >>>>> To unsubscribe, edit your list preferences, or view the list > >>>>> archives, please visit: > >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>>> > >>>> _______________________________________________ > >>>> To unsubscribe, edit your list preferences, or view the list > >>>> archives, > >>>> please visit: > >>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>> > >>>> > >>>> _______________________________________________ > >>>> To unsubscribe, edit your list preferences, or view the list > >>>> archives, please visit: > >>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>> > >>> _______________________________________________ > >>> To unsubscribe, edit your list preferences, or view the list archives, > >>> please visit: > >>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>> _______________________________________________ > >>> To unsubscribe, edit your list preferences, or view the list > >>> archives, please visit: > >>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds > >> > >> > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
