Here's part of the tcpdump: 02:11:17.138473 IP (tos 0x0, ttl 27, id 19245, offset 0, flags [DF], proto UDP (17), length 37) 59.31.122.64.27005 > my.ip.27015: [no cksum] UDP, length 7
0x0000: 0015 17b4 b6e4 0004 23de d5a7 0800 4500 ........#.....E. 0x0010: 0025 4b2d 4000 1b11 53c3 3b1f 7a40 5d98 .%[email protected].;.z@]. 0x0020: ade0 697d 6987 000f 0000 ffff ffff 5530 ..i}i.........U0 0x0030: 3230 3500 0000 0000 0000 0000 205......... 02:11:17.138484 IP (tos 0x0, ttl 27, id 19245, offset 0, flags [DF], proto UDP (17), length 37) 8.173.193.5.27005 > my.ip.27015: [no cksum] UDP, length 7 0x0000: 0015 17b4 b6e4 0004 23de d5a7 0800 4500 ........#.....E. 0x0010: 0025 4b2d 4000 1b11 3f70 08ad c105 5d98 .%K-@...?p....]. 0x0020: ade0 697d 6987 000f 0000 ffff ffff 5530 ..i}i.........U0 0x0030: 3230 3500 0000 0000 0000 0000 205......... 02:11:17.138495 IP (tos 0x0, ttl 27, id 19245, offset 0, flags [DF], proto UDP (17), length 37) 141.169.185.77.27005 > my.ip.27015: [no cksum] UDP, length 7 0x0000: 0015 17b4 b6e4 0004 23de d5a7 0800 4500 ........#.....E. 0x0010: 0025 4b2d 4000 1b11 c22b 8da9 b94d 5d98 .%K-@....+...M]. 0x0020: ade0 697d 6987 000f 0000 ffff ffff 5530 ..i}i.........U0 0x0030: 3230 3500 0000 0000 0000 0000 205......... 02:11:17.138505 IP (tos 0xc0, ttl 25, id 19245, offset 0, flags [DF], proto UDP (17), length 49) 162.187.15.168.27005 > my.ip.27015: [no cksum] UDP, length 21 0x0000: 0015 17b4 b6e4 0004 23de d5a7 0800 45c0 ........#.....E. 0x0010: 0031 4b2d 4000 1911 57f3 a2bb 0fa8 5d98 [email protected].....]. 0x0020: ade0 697d 6987 001d 0000 ffff ffff 7126 ..i}i.........q& 0x0030: 9e2a 0c30 3030 3030 3030 3330 3030 00 .*.00000003000. 02:11:17.138516 IP (tos 0xc0, ttl 25, id 19245, offset 0, flags [DF], proto UDP (17), length 49) 0.50.110.15.27005 > my.ip.27015: [no cksum] UDP, length 21 0x0000: 0015 17b4 b6e4 0004 23de d5a7 0800 45c0 ........#.....E. 0x0010: 0031 4b2d 4000 1911 9c15 0032 6e0f 5d98 [email protected].]. 0x0020: ade0 697d 6987 001d 0000 ffff ffff 7126 ..i}i.........q& 0x0030: 9e2a 0c30 3030 3030 3030 3330 3030 00 .*.00000003000. 02:11:17.138524 IP (tos 0x0, ttl 27, id 19245, offset 0, flags [DF], proto UDP (17), length 37) 5.102.121.62.27005 > my.ip.27015: [no cksum] UDP, length 7 0x0000: 0015 17b4 b6e4 0004 23de d5a7 0800 4500 ........#.....E. 0x0010: 0025 4b2d 4000 1b11 8a7e 0566 793e 5d98 .%K-@....~.fy>]. 0x0020: ade0 697d 6987 000f 0000 ffff ffff 5530 ..i}i.........U0 0x0030: 3230 3500 0000 0000 0000 0000 205......... 02:11:17.138536 IP (tos 0x0, ttl 27, id 19245, offset 0, flags [DF], proto UDP (17), length 37) 102.47.10.116.27005 > my.ip.27015: [no cksum] UDP, length 7 0x0000: 0015 17b4 b6e4 0004 23de d5a7 0800 4500 ........#.....E. 0x0010: 0025 4b2d 4000 1b11 987f 662f 0a74 5d98 .%[email protected]/.t]. 0x0020: ade0 697d 6987 000f 0000 ffff ffff 5530 ..i}i.........U0 0x0030: 3230 3500 0000 0000 0000 0000 205......... 02:11:17.138548 IP (tos 0x0, ttl 27, id 19245, offset 0, flags [DF], proto UDP (17), length 37) 7.96.105.23.27005 > my.ip.27015: [no cksum] UDP, length 7 0x0000: 0015 17b4 b6e4 0004 23de d5a7 0800 4500 ........#.....E. 0x0010: 0025 4b2d 4000 1b11 98ab 0760 6917 5d98 .%K-@......`i.]. 0x0020: ade0 697d 6987 000f 0000 ffff ffff 5530 ..i}i.........U0 0x0030: 3230 3500 0000 0000 0000 0000 205......... 02:11:17.138553 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 34) my.ip.27015 > 119.24.20.64.27005: [bad udp cksum bbb!] UDP, length 6 0x0000: 0004 23de d5a7 0015 17b4 b6e4 0800 4500 ..#...........E. 0x0010: 0022 0000 4000 4011 a3fa 5d98 ade0 7718 ."..@.@...]...w. 0x0020: 1440 6987 697d 000e 96f0 ffff ffff 4400 [email protected]}........D. 02:11:17.138560 IP (tos 0x0, ttl 27, id 19245, offset 0, flags [DF], proto UDP (17), length 37) 174.137.159.102.27005 > my.ip.27015: [no cksum] UDP, length 7 0x0000: 0015 17b4 b6e4 0004 23de d5a7 0800 4500 ........#.....E. 0x0010: 0025 4b2d 4000 1b11 bb32 ae89 9f66 5d98 .%[email protected]]. 0x0020: ade0 697d 6987 000f 0000 ffff ffff 5530 ..i}i.........U0 0x0030: 3230 3500 0000 0000 0000 0000 205......... 02:11:17.138572 IP (tos 0x0, ttl 27, id 19245, offset 0, flags [DF], proto UDP (17), length 37) 5.181.47.152.27005 > my.ip.27015: [no cksum] UDP, length 7 0x0000: 0015 17b4 b6e4 0004 23de d5a7 0800 4500 ........#.....E. 0x0010: 0025 4b2d 4000 1b11 d3d5 05b5 2f98 5d98 .%K-@......./.]. 0x0020: ade0 697d 6987 000f 0000 ffff ffff 5530 ..i}i.........U0 0x0030: 3230 3500 0000 0000 0000 0000 205......... 02:11:17.138580 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 34) my.ip.27015 > 23.103.38.81.27005: [bad udp cksum 4c56!] UDP, length 6 0x0000: 0004 23de d5a7 0015 17b4 b6e4 0800 4500 ..#...........E. 0x0010: 0022 0000 4000 4011 f19a 5d98 ade0 1767 ."..@.@...]....g 0x0020: 2651 6987 697d 000e 4950 ffff ffff 4400 &Qi.i}..IP....D. 02:11:17.138585 IP (tos 0x0, ttl 27, id 19245, offset 0, flags [DF], proto UDP (17), length 37) 20.124.33.157.27005 > my.ip.27015: [no cksum] UDP, length 7 0x0000: 0015 17b4 b6e4 0004 23de d5a7 0800 4500 ........#.....E. 0x0010: 0025 4b2d 4000 1b11 d309 147c 219d 5d98 .%K-@......|!.]. 0x0020: ade0 697d 6987 000f 0000 ffff ffff 5530 ..i}i.........U0 0x0030: 3230 3500 0000 0000 0000 0000 205......... 02:11:17.138596 IP (tos 0xc0, ttl 25, id 19245, offset 0, flags [DF], proto UDP (17), length 49) 161.36.88.147.27005 > my.ip.27015: [no cksum] UDP, length 21 0x0000: 0015 17b4 b6e4 0004 23de d5a7 0800 45c0 ........#.....E. 0x0010: 0031 4b2d 4000 1911 109f a124 5893 5d98 .1K-@......$X.]. 0x0020: ade0 697d 6987 001d 0000 ffff ffff 7126 ..i}i.........q& 0x0030: 9e2a 0c30 3030 3030 3030 3330 3030 00 .*.00000003000. 02:11:17.138605 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 34) my.ip.27015 > 12.47.153.72.27005: [bad udp cksum cd86!] UDP, length 6 0x0000: 0004 23de d5a7 0015 17b4 b6e4 0800 4500 ..#...........E. 0x0010: 0022 0000 4000 4011 89db 5d98 ade0 0c2f ."..@.@...]..../^C 0x0020: 9948 6987 697d 000e b10f ffff ffff 4400 .Hi.i}........D. -------- Оригинално писмо -------- От: Ivan Ivanov [email protected] Относно: Re: [hlds_linux] [hlds] HLDS ddos attacks [spoofed IPs] До: Half-Life dedicated Linux server mailing list Изпратено на: Събота, 2012, Май 19 00:14:09 EEST Hello, Please explain how. Machine is powerful enought, but no rules added until now help. Droping all UDP traffic won't help either, cause HLDS works on UDP... -------- Оригинално писмо -------- От: "px@ipt" [email protected] Относно: Re: [hlds_linux] [hlds] HLDS ddos attacks [spoofed IPs] До: Half-Life dedicated Linux server mailing list Изпратено на: Събота, 2012, Май 19 00:04:13 EEST Здравствуйте, Ivan. Вы писали 18 травня 2012 р., 23:30:43: If your hardware power enough, you can just drop ddos traffic via firewall, if not, you must ask you provider to drop it on border on in core > If I actually manage to log on to the machine, I'll get the tcpdump log > file... > I saw someone esle complaining on alliedmods: > http://forums.alliedmods.net/showthread.php?t=185523 > Not a very detailed tcpdump though and the length of the packets varies (at > least in my case). > -------- Оригинално писмо -------- > От: Marco Padovan [email protected] > Относно: Re: [hlds_linux] [hlds] HLDS ddos attacks [spoofed IPs] > До: Half-Life dedicated Linux server mailing list > > Изпратено на: Петък, 2012, Май 18 22:54:05 EEST > provide exact specs of the attack (maybe a tcpdump) + rates figures > (PPS/ bw) > Il 18/05/2012 18:28, Ivan Ivanov ha scritto: >> Hello, >> >> For the last few days I've been attacked by a big(huge) number of >> international IPs [Russia, USA, Korea, China, Italy etc..]. It's obviously a >> ddos attacks, so at first I tried different protections (iptables rules, >> apf, csf firewalls, ddos deflate and none of them helped). I also asked my >> ISP to stop all the international traffic, but that didn't help either >> because the IPs are spoofed. Is there any protection from these kinds of >> attacks and if yes, what is it? >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux -- С уважением, Px mailto:[email protected] _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux <BR/><BR/>-----------------------------------------------------------------<BR/> <a href="http://a.abv.bg/www/delivery/ck.php?oaparams=2__bannerid=105480__zoneid=63__oadest=http://www.astralholidays.bg/pochivki/program/40/country/20/resort/49.html"; target="_blank">Почивка на о.Крит! Чартърен полет на 02.06, 7 нощувки – от 169€</a> _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
