I have posted this some time ago... this will work on *nix boxes. Had an
ongoing DDoS for two days with about 300 requests/second. This did the
job great.
Setup:
1. Get the source from http://www.gign.lv/tmp/querycache.c
2. Compile with gcc querycache.c -o querycache
3. Open an UDP port in firewall for the proxy server, lets say 21015
4. Make sure you have iptables NAT, REDIRECT and string match support
compiled into kernel or as modules
5. execute: iptables -t nat -A PREROUTING -p udp -d <your gameserver ip>
--dport <your gameserver port> -m string --algo kmp --string 'TSource
Engine Query' -j REDIRECT --to-port 21015
6. Run ./querycache 21015 <your gameserver ip> <your gameserver port>
(probably under screen, so you can detach from it)
On 2010.10.24. 4:19, goatscaper Goatso wrote:
Malicious users can continuously spam the TSource Engine Query USP packet to
any given server, causing the server to crash under the pressure.
I've been subject to this spam and I believe Valve should do something in
order to prevent this packet from being spammed. If I block the packet then
legitimate users cannot see my game, if I let it go, my game is unplayable.
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
