from what i no ipsec does nothing to what iptables is capable of doing so thats out of the picture completely. the sudpipe udp proxy program requires i suppose a background knowledge of C, only know php/sql myself :) i see plenty of bright people around here that have solutions for linux lol :) wrong mailing list :P maybe some for windows? :)
anyways im ready to put down $65 to any plugin/program for windows that manages these UDP floods specifically for source servers. i think a few others said they would be willing to put money in the pot too. On Sat, Sep 5, 2009 at 9:37 PM, Kenny Loggins <kenny.logg...@clanao.com>wrote: > Anyone know of any hardware solutions to this problem? > > ClanAO.com > > On Sep 5, 2009, at 8:09 PM, Kaspars <kasp...@micro.lv> wrote: > > > Actually I got inspired by the word "daemon" and I realized that the > > key to > > the problem is a daemon... a proxy daemon... a caching proxy > > daemon :) I > > didn't have much time to check the incoming packet pattern, however > > I'm not > > sure that they all were 53 bytes long, actually the number was > > something > > like 33 that showed up a LOT of times in iptables logs (but I might be > > wrong... and I'm sure the fault lies in drinking too much beer). > > Nevertheless I went for the 100% match with the -m string and it works > > really good. I'm having about 300r/s and I don't see any CPU usage > > with this > > method. Anyways you are free to modify the source or iptables filter > > command > > :) > > > > 2009/9/6 Nephyrin Zey <nephy...@doublezen.net> > > > >> As an alternative to using -m string, you can just filter length 53 > >> packets - no packets aside from the query packet end up being that > >> length. Not super elegant, but a lot less overhead. > >> > >> And, as I said, my daemon works differently and could be used to > >> easily > >> start thousands of fake servers on a single box, which would screw > >> more > >> things over than it would help. > >> > >> - Neph > >> > >> On 09/05/2009 05:20 PM, Kaspars wrote: > >>> God dammit... this is really fucked up... sorry for my language, I > >>> just > >> got > >>> too many beers today... > >>> Anyways, I just wanted to give something to the community as Neph > >>> is not > >>> willing to do it. This will fix the ddos attack for *nix however > >>> if you > >> are > >>> using it, I'm not giving any warranty :) > >>> > >>> Here goes: > >>> first, get the source and compile: http://www.gign.lv/tmp/test.c > >>> run it in the screen like ./test 21015 YOUR_EXTERNAL_TF2_SERVER_IP > >>> YOUR_SERVER_PORT > >>> 21015 is some random port for the udp proxy :) it must be opened in > >> firewall > >>> > >>> then some iptables magic: > >>> iptables -t nat -A PREROUTING -p udp -d YOUR_EXTERNAL_TF2_SERVER_IP > >> --dport > >>> YOUR_SERVER_PORT -m string --algo kmp --string 'TSource Engine > >>> Query' -j > >>> REDIRECT --to-port 21015 > >>> > >>> thats about it... > >>> > >>> 2009/9/6 Nephyrin Zey<nephy...@doublezen.net> > >>> > >>> > >>>> The problem with my solution is the daemon would be really really > >>>> abusive in the wrong hands. We dont need someone using it to easily > >>>> start 100 fake servers at 255/255 slots and polluting the server > >>>> list. > >>>> It's not some super complex feat, but releasing an easy compiled > >>>> prepackaged version is just asking for it - and the real solution > >>>> needs > >>>> to be valve. Plus, it's not very easy to configure and I'm not > >>>> even sure > >>>> windows ipsec is capable of that level of packet interception. > >>>> > >>>> Something on the lines of tony's plugin would be a much better > >>>> solution, > >>>> but you'll have to hound him about that > >>>> > >>>> - Neph > >>>> > >>>> On 09/05/2009 03:14 PM, Kenny Loggins wrote: > >>>> > >>>>> I don't think either you or Neph have released your plugins to the > >> public > >>>>> > >>>> so > >>>> > >>>>> this solution works great for you guys. Maybe we can have some > >>>>> into or > >>>>> direction from you so the general public can do something about > >>>>> this? > >>>>> > >>>>> As long as they get away with this it's going to keep happening > >>>>> if a > >>>>> > >>>> plugin > >>>> > >>>>> was available to stop this it is not long "fun" or productive to > >>>>> DOS > >>>>> > >>>> servers > >>>> > >>>>> anymore. > >>>>> > >>>>> > >>>> > >>>> _______________________________________________ > >>>> To unsubscribe, edit your list preferences, or view the list > >>>> archives, > >>>> please visit: > >>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>> > >>>> > >>> _______________________________________________ > >>> To unsubscribe, edit your list preferences, or view the list > >>> archives, > >> please visit: > >>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>> > >> > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list > >> archives, > >> please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds > >> > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list > > archives, please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
