I am indeed. Thank you for all your help :)
> Date: Tue, 27 Nov 2012 14:25:24 +0100
> From: e...@evcz.tk
> To: hlds_linux@list.valvesoftware.com
> Subject: Re: [hlds_linux] Incoming DoS attack
>
> Hi,
>
> are you the Mike on WHT?
>
> I was the one replying in there :D
>
> Il 27/11/2012 13.54, Michael Johansen ha scritto:
> > My face when, I just analyzed my own tcpdump and I had over ~150 Mbit/s
> > traffic on UDP, where as my SYN stood for about 50k pps.
> >> From: sai...@specialattack.net
> >> To: hlds_linux@list.valvesoftware.com
> >> Date: Tue, 27 Nov 2012 11:29:01 +0100
> >> Subject: Re: [hlds_linux] Incoming DoS attack
> >>
> >> We have no control over the upstream network. All I can do is filter the
> >> packets at the machine, but that wouldn't prevent the link from still
> >> being overloaded.
> >>
> >> Currently a null-route is in place to stop the attack at the network
> >> boarder.
> >>
> >> Saint K.
> >> ________________________________________
> >> From: hlds_linux-boun...@list.valvesoftware.com
> >> [hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Michael Johansen
> >> [michs...@live.no]
> >> Sent: 27 November 2012 11:26
> >> To: hlds_linux@list.valvesoftware.com
> >> Subject: Re: [hlds_linux] Incoming DoS attack
> >>
> >> Just took a look at the tcpdump, doesn't look like the attacks I'm having.
> >> I may be stupid now, but wouldn't it work just by blocking packets with
> >> the size of 50?
> >>
> >>> From: sai...@specialattack.net
> >>> To: hlds_linux@list.valvesoftware.com
> >>> Date: Tue, 27 Nov 2012 11:19:08 +0100
> >>> Subject: Re: [hlds_linux] Incoming DoS attack
> >>>
> >>> The IP's in the dump originate from China, but as it's UDP it could very
> >>> well be spoofed.
> >>>
> >>> Looking at the payload in the packets, each new packet only has 1
> >>> character change from the previous packet.
> >>>
> >>> Bruteforce, or perhaps signature scanning evasion?
> >>>
> >>> Saint K.
> >>> ________________________________________
> >>> From: hlds_linux-boun...@list.valvesoftware.com
> >>> [hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Michael Johansen
> >>> [michs...@live.no]
> >>> Sent: 27 November 2012 11:15
> >>> To: hlds_linux@list.valvesoftware.com
> >>> Subject: Re: [hlds_linux] Incoming DoS attack
> >>>
> >>> I haven't looked at the tcpdump, but I have been getting attacks too,
> >>> they're SYN floods, 300 - 400 mbps in size and always coming from
> >>> local/reserved (0.x) ip's. All started soem time after we set up our mvm
> >>> serves.
> >>>> From: sai...@specialattack.net
> >>>> To: hlds_linux@list.valvesoftware.com
> >>>> Date: Tue, 27 Nov 2012 10:56:28 +0100
> >>>> Subject: [hlds_linux] Incoming DoS attack
> >>>>
> >>>> Hi,
> >>>>
> >>>> We've been having DoS attacks aimed at one of our MvM servers.
> >>>>
> >>>> Anyone have any idea what they're attempting to do here? It is just to
> >>>> make the server unreachable, or are the actually trying to exploit srcds
> >>>> somehow?
> >>>>
> >>>> Here's a tcpdump made for about 30 seconds during the attack (which is
> >>>> still ongoing);
> >>>>
> >>>> http://www.specialattack.net/downloads/dump.rar
> >>>>
> >>>> Saint K.
> >>>> _______________________________________________
> >>>> To unsubscribe, edit your list preferences, or view the list archives,
> >>>> please visit:
> >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> >>> _______________________________________________
> >>> To unsubscribe, edit your list preferences, or view the list archives,
> >>> please visit:
> >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> >>>
> >>> _______________________________________________
> >>> To unsubscribe, edit your list preferences, or view the list archives,
> >>> please visit:
> >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> >> _______________________________________________
> >> To unsubscribe, edit your list preferences, or view the list archives,
> >> please visit:
> >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> >>
> >> _______________________________________________
> >> To unsubscribe, edit your list preferences, or view the list archives,
> >> please visit:
> >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> >
> > _______________________________________________
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives, please
> visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
