https://forums.alliedmods.net/showthread.php?t=204691 Send hlds mailing list submissions to hlds@list.valvesoftware.com
To subscribe or unsubscribe via the World Wide Web, visit https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds or, via email, send a message with subject or body 'help' to hlds-requ...@list.valvesoftware.com You can reach the person managing the list at hlds-ow...@list.valvesoftware.com When replying, please edit your Subject line so it is more specific than "Re: Contents of hlds digest..." Today's Topics: 1. Mandatory Team Fortress 2 update coming (Eric Smith) 2. Mandatory Team Fortress 2 update released (Eric Smith) 3. Re: Need Help with "Traffic from IP was blocked for exceeding rate limits" Messages (Lorne Mock) ---------------------------------------------------------------------- Message: 1 Date: Thu, 21 Jan 2016 01:33:35 +0000 From: Eric Smith <er...@valvesoftware.com> To: "hlds@list.valvesoftware.com" <hlds@list.valvesoftware.com>, "hlds_li...@list.valvesoftware.com" <hlds_li...@list.valvesoftware.com>, "hlds_annou...@list.valvesoftware.com" <hlds_annou...@list.valvesoftware.com> Subject: [hlds] Mandatory Team Fortress 2 update coming Message-ID: <3246a6be4318e84fa462854c906fb68994437...@exchange01.valvesoftware.com> Content-Type: text/plain; charset="us-ascii" We're working on a mandatory update for TF2. We should have it ready soon. -Eric ------------------------------ Message: 2 Date: Thu, 21 Jan 2016 01:46:03 +0000 From: Eric Smith <er...@valvesoftware.com> To: "hlds@list.valvesoftware.com" <hlds@list.valvesoftware.com>, "hlds_li...@list.valvesoftware.com" <hlds_li...@list.valvesoftware.com>, "hlds_annou...@list.valvesoftware.com" <hlds_annou...@list.valvesoftware.com> Subject: [hlds] Mandatory Team Fortress 2 update released Message-ID: <3246a6be4318e84fa462854c906fb68994437...@exchange01.valvesoftware.com> Content-Type: text/plain; charset="us-ascii" We've released a mandatory update for TF2. The update notes are below. The new version is 3242476. -Eric ------------------------------- - Fixed not seeing team names in the scoreboard on dedicated servers using tournament mode - Fixed the Nostromo Napalmer drawing the flamethrower pilot light by mistake - Fixed the Engineer's Wrangler contract updating points while the player is not an Engineer - Updated the campaign stamp images in the scoreboard and win panel - Updated the model/materials for The Federal Casemaker - Updated the model/materials for The Dictator, which can now be equipped by all classes - Updated the localization files - Updated the Phlogistinator - No longer restores player to max health on MMMPH activate - Increased amount of damage required to fill MMMPH meter to 300 from 225 - Updated koth_highpass - Removed unnecessary detail props - Revised fade-distances - Turned some brushwork into props - Revised hints and skips - Added nobuild entity on the ramps in front of spawn - Improved cliff displacements - Revised some details and textures ------------------------------ Message: 3 Date: Tue, 19 Jan 2016 07:23:02 -0600 From: Lorne Mock <blyte_sc...@hotmail.com> To: Half-Life dedicated Win32 server mailing list <hlds@list.valvesoftware.com> Subject: Re: [hlds] Need Help with "Traffic from IP was blocked for exceeding rate limits" Messages Message-ID: <col131-w15405540884f94cdc7493293...@phx.gbl> Content-Type: text/plain; charset="iso-8859-1" I had this problem happen to me last summer, several times. I could usually get it to stop by adding the ip to the firewall. But 2 times I was unable to get it to stop. I contacted NFO (my VDS host ) and got them to block it on their router. The IP address always pointed to spoofed NFO server addresses. The servers usually had been off line at the time(turned off by the owner for whatever reason). They should not have been sending any traffic at all. At least for me his only happened on the goldsource game servers and never on source games. I have not seen this happen anymore since at least August Lorne From: dpar...@utica.edu Date: Mon, 18 Jan 2016 22:02:54 -0500 To: hlds@list.valvesoftware.com CC: hlds_li...@list.valvesoftware.com Subject: Re: [hlds] Need Help with "Traffic from IP was blocked for exceeding rate limits" Messages That's exactly what the president of NFO said it was: a reflection attack. He said someone was firing a huge amount of queries at game servers using the spoofed NFO IP as the source, and the server which really had that IP address was receiving all of the query responses, even though it never sent the requests. Unfortunately for the customer with that IP, it had practically crippled the server at that point. - Dave On Mon, Jan 18, 2016 at 9:49 PM, Weasels Lair <wea...@weaselslair.com> wrote: Yep. An unfortunate downside to UDP-based applications is there is no "session" to manage. All packets are kind of "fire and forget". Very easy to spoof. Not that you can't spoof TCP too, but then the conversation falls apart with no reliable way to respond back. I'm this case, it would be categorized as a sort of reflection attack, since it's intended obviously to make effected systems take the knee-jerk reaction of blocking or reporting NFO as a bad player - when I'm fact the traffic isn't really coming from them. I just switched to them as a host, and love it so far. On Jan 18, 2016 6:37 PM, "David Parker" <dpar...@utica.edu> wrote: Hello, This is usually caused by an attack which simply floods the server with queries (usually A2S_INFO). This happened on one of my servers a few months ago (running on Linux), and the offending IP address was owned by NFO. I contacted them and had a good discussion with a few of the NFO guys. It turned out that someone in Russia was doing this to a lot of servers, and spoofing the NFO IP as the source. They said it wasn't the first time this had happened, but they were very helpful in diagnosing the issue and figuring out what was happening. I simply used a firewall rule to block the source IP, and the messages stopped immediately. Hope this helps. - Dave On Mon, Jan 18, 2016 at 7:34 PM, supp...@boomgaming.net <supp...@boomgaming.net> wrote: Hello Everyone, I've searched the web on this but can't find the specific answers I'm looking for so I'm coming to my fellow server operators for a little guidance. I'm hoping some of you have seen or experienced what I'm writing about below. I still love and use HLSW to watch the logs of my servers constantly. More and more often now I'm seeing messages similar to the ones below flooding my console (the IP addresses and ports change but the messages are the same): 11:55:44 L 01/18/2016 - 11:55:44: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits11:55:44 L 01/18/2016 - 11:55:44: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits11:55:44 L 01/18/2016 - 11:55:44: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits11:55:45 L 01/18/2016 - 11:55:45: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits11:55:45 L 01/18/2016 - 11:55:45: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits11:55:45 L 01/18/2016 - 11:55:45: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits11:55:45 L 01/18/2016 - 11:55:45: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits11:55:45 L 01/18/2016 - 11:55:45: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits11:55:46 L 01/18/2016 - 11:55:46: Traffic from 188.127.239.74:27021 was blocked for exceeding rate limits My initial research says that these are attacks on my servers but I'm no so sure that's correct. I'm running my TF2 and CSS servers on my own Windows 2008 Dedicated server and when I see these messages, I immediately add them to a Windows Firewall rule I have to block any and all traffic from these IPs before the server even sees it. What's interesting is that I still see these messages even though they get added to the firewall's block list. Eventually they stop but a litle while later, I get messages like it from other IPs. Sometimes I can go a day or two without any, and other days I get as many as 15 IPs doing this. I want to note that I don't see any significant performance hits on the servers when this occurs but I'd like to know more about these messages as they specifically relate to a game server. Based upon the content of the message, I assume these mean something bad is being blocked. What I find even more interesting is that many of the offending IPs that are doing this are the specific IP addresses and ports from other game servers, In the case of the one above, it belongs to a CS 1.6 server in Russia. Why would another game server box be attempting to connect to my servers on the same port it's being hosted on? This problem has grown in frequency over the past few months. Prior to that, I don't remember seeing these messages at all in console. Can anyone give me some background on what these mean and what they're about? Also, any idea why they Windows Firewall doesn't block their traffic completely when I add them to the scope of the Firewall wall so they don't appear in the console logs? Thanks for reading and Happy Monday,Mike Vail _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds -- Dave ParkerSystems Administrator Utica College Integrated Information Technology Services (315) 792-3229 Registered Linux User #408177 _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds -- Dave ParkerSystems Administrator Utica College Integrated Information Technology Services (315) 792-3229 Registered Linux User #408177 _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds This email has been sent from a virus-free computer protected by Avast. www.avast.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://list.valvesoftware.com/cgi-bin/mailman/private/hlds/attachments/20160119/d47757d8/attachment-0001.html> ------------------------------ _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds End of hlds Digest, Vol 57, Issue 15 ************************************
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds