As an alternative to using -m string, you can just filter length 53 packets - no packets aside from the query packet end up being that length. Not super elegant, but a lot less overhead.
And, as I said, my daemon works differently and could be used to easily start thousands of fake servers on a single box, which would screw more things over than it would help. - Neph On 09/05/2009 05:20 PM, Kaspars wrote: > God dammit... this is really fucked up... sorry for my language, I just got > too many beers today... > Anyways, I just wanted to give something to the community as Neph is not > willing to do it. This will fix the ddos attack for *nix however if you are > using it, I'm not giving any warranty :) > > Here goes: > first, get the source and compile: http://www.gign.lv/tmp/test.c > run it in the screen like ./test 21015 YOUR_EXTERNAL_TF2_SERVER_IP > YOUR_SERVER_PORT > 21015 is some random port for the udp proxy :) it must be opened in firewall > > then some iptables magic: > iptables -t nat -A PREROUTING -p udp -d YOUR_EXTERNAL_TF2_SERVER_IP --dport > YOUR_SERVER_PORT -m string --algo kmp --string 'TSource Engine Query' -j > REDIRECT --to-port 21015 > > thats about it... > > 2009/9/6 Nephyrin Zey<nephy...@doublezen.net> > > >> The problem with my solution is the daemon would be really really >> abusive in the wrong hands. We dont need someone using it to easily >> start 100 fake servers at 255/255 slots and polluting the server list. >> It's not some super complex feat, but releasing an easy compiled >> prepackaged version is just asking for it - and the real solution needs >> to be valve. Plus, it's not very easy to configure and I'm not even sure >> windows ipsec is capable of that level of packet interception. >> >> Something on the lines of tony's plugin would be a much better solution, >> but you'll have to hound him about that >> >> - Neph >> >> On 09/05/2009 03:14 PM, Kenny Loggins wrote: >> >>> I don't think either you or Neph have released your plugins to the public >>> >> so >> >>> this solution works great for you guys. Maybe we can have some into or >>> direction from you so the general public can do something about this? >>> >>> As long as they get away with this it's going to keep happening if a >>> >> plugin >> >>> was available to stop this it is not long "fun" or productive to DOS >>> >> servers >> >>> anymore. >>> >>> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
