Still having problems with another orangebox exploit:
Log example:
Flooded with :
14:52:33.609202 IP xxxxxxxxx.tde.net.25019 > xx.xxx.xx.27115: S
4271149929:4271149929(0) win 8192 <mss 1452,nop,nop,sackOK>
All of the with the same win size (8192)
Any advice without having to block dinamic ips?
Best regards
Andres Pozos wrote:
Theres an old exploit used to lag orangebox servers sending packets
with size 0 that can be fixed with
http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9.
But since a week or so, im not only getting lag, im getting CRASHES
in my server and seems its the same exploit:
Example of flood:
19:44:03.747611 IP xxx.dynamicIP.rima-tde.net.58723> xxx.xxx: UDP, length 0
Without ddosfixer, it used to lag the server but now it also crash.
The only way i manage to fix it was blocking the ip but its a
dinamic ip so its not a solution. Any advice?
You can also filter by packet size with udp using iptables.
iptables -A INPUT -p udp -m length --length 8 -j DROP
(which should drop all udp packets with a zero length payload). IF you
have a NAT to your server then you may need this on the FORWARD chain
instead).
Note we pass --length 8 to account for the mandatory udp header fields.
(UDP headers have 4 fields, each sixteen bits long or 8 bytes).
Regards
D.
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
