I'm curious, what do you mean when you say that the iptables solution "cannot be handled properly" on your busy servers? Do the string checks create a lot of overhead and slow things down?
I have not experienced any attacks, but I agree that this is something that needs to be solved in the engine. A cvar to limit the number of queries per second would be great. - Dave ----- Original Message ----- From: Marco Padovan <evolutioncr...@gmail.com> Date: Wednesday, January 5, 2011 5:42 pm Subject: [hlds_linux] tf2 denial of service - please do something! To: Half-Life dedicated Linux server mailing list <hlds_linux@list.valvesoftware.com> > I'm hosting many tf2 servers and lately we are getting a lot of > denial > of services... > > basically we got our machservers spammed with query requests > till the > point they time out (the machine is running properly, it's just > the > gameserver slowly dieing) > > an effective way to stop this kind of behaviour is: > http://www.vanillatf2.org/2011/01/fighting-dos-attacks/ > > but that cannot be handled properly on boxes as busy as ours... > > basically with just little effort anybody is able to take down a > single > gameserver spamming it with query requests :( > > What can we do to stop that? > Is there a decent plugin/official fix to get rid of this problem > instead > of doing packet inspection via iptables on boxes handling 10000+ > packets/second? > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
