It's most likely an attack and not Steam, but I bet someone from Valve could
tell you pretty quickly whether or not it's related to Steam if you sent them a
portion of the capture file. Not sure who you would send that to, though.
Maybe li...@valvesoftware.com ?
- Dave
--
Dave Parker
Systems Administrator
Utica College
(315) 792-3229
Registered Linux User #408177
----- Original Message -----
> From: "Michael Johansen" <michs...@live.no>
> To: "hlds linux" <hlds_linux@list.valvesoftware.com>
> Sent: Monday, January 30, 2012 9:34:54 AM
> Subject: Re: [hlds_linux] No Steam Logon - massive lag
>
>
> Thanks for the correct command. Anyhow, is there a way to figure out
> if it is infact a targeted attack or if it's Steam messing up?
>
> > From: cladi...@gmail.com
> > Date: Sun, 29 Jan 2012 22:57:02 -0500
> > To: hlds_linux@list.valvesoftware.com
> > Subject: Re: [hlds_linux] No Steam Logon - massive lag
> >
> > >
> > > Michael Johansen ✆ michs...@live.no
> > > via<http://support.google.com/mail/bin/answer.py?hl=en&ctx=mail&answer=1311182>
> > > valvesoftware.com
> > > Jan 28 (2 days ago)
> > >
> > > to hlds_linux
> > > Hi,
> > > How would I find that IP? I've got root access on both the
> > > machines.
> > > Problem is, everyone lagged out on TWO machines, which is in
> > > separate
> > > datacenters and even in different countrys!
> > >
> >
> > if an attacker is pin-pointing you directly, all he would have to
> > do is
> > attack both.
> >
> > On Sun, Jan 29, 2012 at 12:53 PM, Joe Brown
> > <k1773r0nt3h...@hotmail.com>wrote:
> >
> > >
> > > Run tcpdump for a little:
> > >
> > > > /usr/sbin/tcpdump -i eth0 -w traffic03.cap
> > >
> > > Control+C when you get enough data, download traffic03.cap to
> > > your
> > > computer, and load it up in wireshark.
> > >
> > > > From: michs...@live.no
> > > > To: hlds_linux@list.valvesoftware.com
> > > > Date: Sun, 29 Jan 2012 17:34:17 +0100
> > > > Subject: Re: [hlds_linux] No Steam Logon - massive lag
> > > >
> > > >
> > > > Tbh I have no idea how to find out what this is, how do I even
> > > > use
> > > tcpdump to output that info? All I get from it is "encrypted"
> > > like with
> > > some weird chars that Notepad++ can't open.Help please.
> > > >
> > > > > Date: Sat, 28 Jan 2012 23:57:31 +0100
> > > > > From: nowa...@platinum.linux.pl
> > > > > To: hlds_linux@list.valvesoftware.com
> > > > > Subject: Re: [hlds_linux] No Steam Logon - massive lag
> > > > >
> > > > > tcpdump of an attack on one of my servers:
> > > > >
> > > > > 18:01:58.350565 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP,
> > > > > length 18
> > > > > 0x0000: 4500 002e 1dc1 0000 7711 6a89 5bc0 a579
> > > E.......w.j.[..y
> > > > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521
> > > ......i....(3BE!
> > > > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969
> > > ody6SAMPBE!dii
> > > > > 18:01:58.351470 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP,
> > > > > length 18
> > > > > 0x0000: 4500 002e 1dc3 0000 7711 6a87 5bc0 a579
> > > E.......w.j.[..y
> > > > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521
> > > ......i....(3BE!
> > > > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969
> > > ody6SAMPBE!dii
> > > > > 18:01:58.352542 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP,
> > > > > length 0
> > > > > 0x0000: 4500 001c 1dc4 0000 7711 6a98 5bc0 a579
> > > E.......w.j.[..y
> > > > > 0x0010: xxxx xxxx 04f3 6987 0008 d5ee 0000 0000
> > > ......i.........
> > > > > 0x0020: 0000 0000 0000 0000 0000 0000 0000
> > > ..............
> > > > > 18:01:58.353050 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP,
> > > > > length 18
> > > > > 0x0000: 4500 002e 1dc5 0000 7711 6a85 5bc0 a579
> > > E.......w.j.[..y
> > > > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521
> > > ......i....(3BE!
> > > > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969
> > > ody6SAMPBE!dii
> > > > > 18:01:58.353988 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP,
> > > > > length 18
> > > > > 0x0000: 4500 002e 1dc7 0000 7711 6a83 5bc0 a579
> > > E.......w.j.[..y
> > > > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521
> > > ......i....(3BE!
> > > > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969
> > > ody6SAMPBE!dii
> > > > > 18:01:58.354937 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP,
> > > > > length 18
> > > > > 0x0000: 4500 002e 1dc9 0000 7711 6a81 5bc0 a579
> > > E.......w.j.[..y
> > > > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521
> > > ......i....(3BE!
> > > > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969
> > > ody6SAMPBE!dii
> > > > > 18:01:58.355887 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP,
> > > > > length 0
> > > > > 0x0000: 4500 001c 1dca 0000 7711 6a92 5bc0 a579
> > > E.......w.j.[..y
> > > > > 0x0010: xxxx xxxx 04f3 6987 0008 d5ee 0000 0000
> > > ......i.........
> > > > > 0x0020: 0000 0000 0000 0000 0000 0000 0000
> > > ..............
> > > > >
> > > > > Low bandwidth (~250 packets per second) but was severly
> > > > > lagging the
> > > > > game, all clients dropping with no steam logon. Iptables
> > > > > killed it but
> > > > > there is something seriously wrong with srcds if it can't
> > > > > just ignore
> > > > > those packets.
> > > > >
> > > > > On 2012-01-28 17:31, voice wrote:
> > > > > > Bleh, attached an image and now its pending approval,
> > > > > > lesson learned.
> > > > > > Instead have a link:
> > > http://projectshadow.randomsonicnet.org/srcds/dos.png
> > > > > >
> > > > > > The thing to see there is the constant stream from port
> > > > > > 65098 to the
> > > > > > server's port. All UDP traffic in IPTraf gets thrown into
> > > > > > that bottom
> > > > > > window.
> > > > > >
> > > > > > Regards,
> > > > > > Chris
> > > > > >
> > > > > > On Sat, Jan 28, 2012 at 10:17 AM, Harry
> > > > > > Cann<harrycan...@yahoo.co.uk
> > > >wrote:
> > > > > >
> > > > > >> We get the same on our linux TF2 servers!
> > > > > >>
> > > > > >> ----- Reply message -----
> > > > > >> From: "Michael Johansen"<michs...@live.no>
> > > > > >> To:<hlds_linux@list.valvesoftware.com>
> > > > > >> Subject: [hlds_linux] No Steam Logon - massive lag
> > > > > >> Date: Sat, Jan 28, 2012 3:25 pm
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> Hi guys,
> > > > > >> I'm running 6 TF2 servers which are quite popular. Anyhow,
> > > > > >> my server
> > > > > >> laggs, badly sometimes, and right after the spike a lot of
> > > > > >> players
> > > d/c with
> > > > > >> the "No Steam Logon" message. This is not related to a
> > > > > >> machine or
> > > any
> > > > > >> plugins I am running. This has happened a lot of times
> > > > > >> now, and I'm
> > > sick of
> > > > > >> it. What is wrong and why is it happening? Me and a friend
> > > > > >> were
> > > playing on
> > > > > >> two of our servers when we both lag out (red message in
> > > > > >> the top
> > > right
> > > > > >> corner) and then it stops and returns to normal, but half
> > > > > >> of the
> > > players
> > > > > >> are now gone.
> > > > > >> Help?
> > > > > >> _______________________________________________
> > > > > >> To unsubscribe, edit your list preferences, or view the
> > > > > >> list
> > > archives,
> > > > > >> please visit:
> > > > > >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> > > > > >> _______________________________________________
> > > > > >> To unsubscribe, edit your list preferences, or view the
> > > > > >> list
> > > archives,
> > > > > >> please visit:
> > > > > >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> > > > > >>
> > > > > > _______________________________________________
> > > > > > To unsubscribe, edit your list preferences, or view the
> > > > > > list
> > > archives, please visit:
> > > > > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > To unsubscribe, edit your list preferences, or view the list
> > > > > archives,
> > > please visit:
> > > > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> > > >
> > > > _______________________________________________
> > > > To unsubscribe, edit your list preferences, or view the list
> > > > archives,
> > > please visit:
> > > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> > >
> > > _______________________________________________
> > > To unsubscribe, edit your list preferences, or view the list
> > > archives,
> > > please visit:
> > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> > >
> > _______________________________________________
> > To unsubscribe, edit your list preferences, or view the list
> > archives, please visit:
> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list
> archives, please visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
