Re: [hlds_linux] DoS Attack to SRCDS with TCP packets
Do you have a plugin to block DoS Attacks such as A2S_INFO Packet flood? If not, I advice you to install DBlocker or a plugin called DAF Dos Attack Fix. See: http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 http://dblocker.didrole.com/ Hope it helps :/ On Tue, Oct 18, 2011 at 8:38 AM, Никита Булаев [Nikita Bulaev] < djfireb...@gmail.com> wrote: > Well, thank you friends! > > Ics - you helped a lot to find the source utility. > > Now I'm trying to create iptables rules, and wrote this: > > = > # DROP and ban >iptables -N REJECT_RCON_FLOOD >iptables -A REJECT_RCON_FLOOD -j LOG --log-prefix 'IPTABLES-RCON-FLOOD:' > --log-level info >iptables -A REJECT_RCON_FLOOD -j DROP > >iptables -A INPUT -p tcp --dport 27000:28900 -m connlimit > --connlimit-above 1 --connlimit-mask 32 -j REJECT_RCON_FLOOD >iptables -A INPUT -p tcp --dport 27000:28900 -m hashlimit > --hashlimit-upto 1/sec \ >--hashlimit-burst 1 --hashlimit-mode srcip,dstip,dstport > --hashlimit-name rcon_flood \ >--hashlimit-htable-gcinterval 3 -j ACCEPT >iptables -A INPUT -p tcp --dport 27000:28900 -j REJECT_RCON_FLOOD > > = > > One by one, as I thought, that is: > 1) DROP more then one connections to SRCDS TCP: that is lowering an attack > very much > 2) ACCEPT only one packet in second > 3) DROP more then one packet > > So the problem is that packets are not droped. And I'm really confused. I > really do not understand why. Just like the rule wont work at all! > > I can't block rcon at all. So the only way is to limit connections and ban > the source ip of an attacker. > > Ideas? > > 2011/10/18 > > > Looks much like some-prog-that-i-wont-say-out-loud-from-4chan-sute > > output, with just modified message. Looks like idiots have found it and > > started using it. > > > > -ics > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack to SRCDS with TCP packets
Well, thank you friends! Ics - you helped a lot to find the source utility. Now I'm trying to create iptables rules, and wrote this: = # DROP and ban iptables -N REJECT_RCON_FLOOD iptables -A REJECT_RCON_FLOOD -j LOG --log-prefix 'IPTABLES-RCON-FLOOD:' --log-level info iptables -A REJECT_RCON_FLOOD -j DROP iptables -A INPUT -p tcp --dport 27000:28900 -m connlimit --connlimit-above 1 --connlimit-mask 32 -j REJECT_RCON_FLOOD iptables -A INPUT -p tcp --dport 27000:28900 -m hashlimit --hashlimit-upto 1/sec \ --hashlimit-burst 1 --hashlimit-mode srcip,dstip,dstport --hashlimit-name rcon_flood \ --hashlimit-htable-gcinterval 3 -j ACCEPT iptables -A INPUT -p tcp --dport 27000:28900 -j REJECT_RCON_FLOOD = One by one, as I thought, that is: 1) DROP more then one connections to SRCDS TCP: that is lowering an attack very much 2) ACCEPT only one packet in second 3) DROP more then one packet So the problem is that packets are not droped. And I'm really confused. I really do not understand why. Just like the rule wont work at all! I can't block rcon at all. So the only way is to limit connections and ban the source ip of an attacker. Ideas? 2011/10/18 > Looks much like some-prog-that-i-wont-say-out-loud-from-4chan-sute > output, with just modified message. Looks like idiots have found it and > started using it. > > -ics > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack to SRCDS with TCP packets
At least it helps if the game engine is damaged by the packets contents. Pure bandwidth attacks are hard to mitigate, though. Regards Oskar Levin os...@dataviruset.com -Ursprungligt meddelande- Från: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] För ics Skickat: den 17 oktober 2011 23:05 Till: Half-Life dedicated Linux server mailing list Ämne: Re: [hlds_linux] DoS Attack to SRCDS with TCP packets Bloking tcp is useless too as that software which is used has option to UDP on drop down menu too. I guess it won't hurt to try though if the user is stupid. -ics 17.10.2011 23:58, Andre Pozos kirjoitti: > games servers use udp protocol, tcp is only useed for rcon so block > any tcp packet and only allow your client ips to make tcp queries. > >> Hi, firends! >> >> Some our clients are under stupid attack by tcp packets with length >> 1480 bytes. >> >> = >> 22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], >> proto TCP (6), length 1480) >> 188.186.18.151.50325> 188.64.170.100.27019: Flags [P.], cksum >> 0x3c63 >> (correct), seq 39288:40728, ack 1, win 64800, length 1440 >> >> 0x: 0025 901a fd64 0026 9806 ddc1 0800 4500 >> .%...d.&..E. >> 0x0010: 05c8 13d1 4000 7c06 af68 bcba 1297 bc40 >> @.|..h.@ >> 0x0020: aa64 c495 698b c6b8 4281 3531 d72b 5018 >> .d..i...B.51.+P. >> 0x0030: fd20 3c63 6e65 2074 6f6f 2e20 4465 >> ..> 0x0040: 7375 6465 7375 6465 7375 7e41 2063 6174 >> sudesudesu~A.cat >> 0x0050: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >> .is.fine.too..De >> 0x0060: 7375 6465 7375 6465 7375 7e41 2063 6174 >> sudesudesu~A.cat >> 0x0070: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >> .is.fine.too..De >> 0x0080: 7375 6465 7375 6465 7375 7e41 2063 6174 >> sudesudesu~A.cat >> 0x0090: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >> .is.fine.too..De >> 0x00a0: 7375 6465 7375 6465 7375 7e41 2063 6174 >> sudesudesu~A.cat >> 0x00b0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >> .is.fine.too..De >> 0x00c0: 7375 6465 7375 6465 7375 7e41 2063 6174 >> sudesudesu~A.cat >> 0x00d0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >> .is.fine.too..De >> 0x00e0: 7375 6465 7375 6465 7375 7e41 2063 6174 >> sudesudesu~A.cat = >> >> And so on... >> >> The tcpdump can be found here: >> http://188.64.170.86/bulkin/files/dos_vsplay.zip >> >> So is there a way to prevent it by Iptables? >> >> Nikita Bulaev >> ___ >> To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack to SRCDS with TCP packets
Bloking tcp is useless too as that software which is used has option to UDP on drop down menu too. I guess it won't hurt to try though if the user is stupid. -ics 17.10.2011 23:58, Andre Pozos kirjoitti: games servers use udp protocol, tcp is only useed for rcon so block any tcp packet and only allow your client ips to make tcp queries. Hi, firends! Some our clients are under stupid attack by tcp packets with length 1480 bytes. = 22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], proto TCP (6), length 1480) 188.186.18.151.50325> 188.64.170.100.27019: Flags [P.], cksum 0x3c63 (correct), seq 39288:40728, ack 1, win 64800, length 1440 0x: 0025 901a fd64 0026 9806 ddc1 0800 4500 .%...d.&..E. 0x0010: 05c8 13d1 4000 7c06 af68 bcba 1297 bc40 @.|..h.@ 0x0020: aa64 c495 698b c6b8 4281 3531 d72b 5018 .d..i...B.51.+P. 0x0030: fd20 3c63 6e65 2074 6f6f 2e20 4465 .. 0x0040: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat 0x0050: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De 0x0060: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat 0x0070: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De 0x0080: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat 0x0090: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De 0x00a0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat 0x00b0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De 0x00c0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat 0x00d0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De 0x00e0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat = And so on... The tcpdump can be found here: http://188.64.170.86/bulkin/files/dos_vsplay.zip So is there a way to prevent it by Iptables? Nikita Bulaev ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack to SRCDS with TCP packets
games servers use udp protocol, tcp is only useed for rcon so block any tcp packet and only allow your client ips to make tcp queries. Hi, firends! Some our clients are under stupid attack by tcp packets with length 1480 bytes. = 22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], proto TCP (6), length 1480) 188.186.18.151.50325> 188.64.170.100.27019: Flags [P.], cksum 0x3c63 (correct), seq 39288:40728, ack 1, win 64800, length 1440 0x: 0025 901a fd64 0026 9806 ddc1 0800 4500 .%...d.&..E. 0x0010: 05c8 13d1 4000 7c06 af68 bcba 1297 bc40 @.|..h.@ 0x0020: aa64 c495 698b c6b8 4281 3531 d72b 5018 .d..i...B.51.+P. 0x0030: fd20 3c63 6e65 2074 6f6f 2e20 4465 ..http://188.64.170.86/bulkin/files/dos_vsplay.zip So is there a way to prevent it by Iptables? Nikita Bulaev ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack to SRCDS with TCP packets
These packets don't really use up processing power, but they just take over your link... Adding a rule to iptables that would drop the connections wouldn't help. Sorry. Sergiusz Bazański xmpp: sergi...@q3k.org www: http://q3k.org/ On Mon, Oct 17, 2011 at 10:30 PM, ics wrote: > Looks much like some-prog-that-i-wont-say-out-loud-from-4chan-sute output, > with just modified message. Looks like idiots have found it and started > using it. > > -ics > > 17.10.2011 23:09, Marco Padovan kirjoitti: >> >> Additionally: set a very strict rate limiting to new connections (10new >> connections every 20seconds?) and drop anything that's not >> "estabilished"... >> >> Il 17/10/2011 21:15, ?? ?? [Nikita Bulaev] ha scritto: >>> >>> Hi, firends! >>> >>> Some our clients are under stupid attack by tcp packets with length 1480 >>> bytes. >>> >>> = >>> 22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], >>> proto >>> TCP (6), length 1480) >>> 188.186.18.151.50325> 188.64.170.100.27019: Flags [P.], cksum 0x3c63 >>> (correct), seq 39288:40728, ack 1, win 64800, length 1440 >>> >>> 0x: 0025 901a fd64 0026 9806 ddc1 0800 4500 >>> .%...d.&..E. >>> 0x0010: 05c8 13d1 4000 7c06 af68 bcba 1297 bc40 >>> @.|..h.@ >>> 0x0020: aa64 c495 698b c6b8 4281 3531 d72b 5018 >>> .d..i...B.51.+P. >>> 0x0030: fd20 3c63 6e65 2074 6f6f 2e20 4465 >>> ..>> 0x0040: 7375 6465 7375 6465 7375 7e41 2063 6174 >>> sudesudesu~A.cat >>> 0x0050: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >>> .is.fine.too..De >>> 0x0060: 7375 6465 7375 6465 7375 7e41 2063 6174 >>> sudesudesu~A.cat >>> 0x0070: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >>> .is.fine.too..De >>> 0x0080: 7375 6465 7375 6465 7375 7e41 2063 6174 >>> sudesudesu~A.cat >>> 0x0090: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >>> .is.fine.too..De >>> 0x00a0: 7375 6465 7375 6465 7375 7e41 2063 6174 >>> sudesudesu~A.cat >>> 0x00b0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >>> .is.fine.too..De >>> 0x00c0: 7375 6465 7375 6465 7375 7e41 2063 6174 >>> sudesudesu~A.cat >>> 0x00d0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 >>> .is.fine.too..De >>> 0x00e0: 7375 6465 7375 6465 7375 7e41 2063 6174 >>> sudesudesu~A.cat >>> = >>> >>> And so on... >>> >>> The tcpdump can be found here: >>> http://188.64.170.86/bulkin/files/dos_vsplay.zip >>> >>> So is there a way to prevent it by Iptables? >>> >>> Nikita Bulaev >>> ___ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> ___ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack to SRCDS with TCP packets
Looks much like some-prog-that-i-wont-say-out-loud-from-4chan-sute output, with just modified message. Looks like idiots have found it and started using it. -ics 17.10.2011 23:09, Marco Padovan kirjoitti: Additionally: set a very strict rate limiting to new connections (10new connections every 20seconds?) and drop anything that's not "estabilished"... Il 17/10/2011 21:15, ?? ?? [Nikita Bulaev] ha scritto: Hi, firends! Some our clients are under stupid attack by tcp packets with length 1480 bytes. = 22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], proto TCP (6), length 1480) 188.186.18.151.50325> 188.64.170.100.27019: Flags [P.], cksum 0x3c63 (correct), seq 39288:40728, ack 1, win 64800, length 1440 0x: 0025 901a fd64 0026 9806 ddc1 0800 4500 .%...d.&..E. 0x0010: 05c8 13d1 4000 7c06 af68 bcba 1297 bc40 @.|..h.@ 0x0020: aa64 c495 698b c6b8 4281 3531 d72b 5018 .d..i...B.51.+P. 0x0030: fd20 3c63 6e65 2074 6f6f 2e20 4465 ..http://188.64.170.86/bulkin/files/dos_vsplay.zip So is there a way to prevent it by Iptables? Nikita Bulaev ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack to SRCDS with TCP packets
Additionally: set a very strict rate limiting to new connections (10new connections every 20seconds?) and drop anything that's not "estabilished"... Il 17/10/2011 21:15, ?? ?? [Nikita Bulaev] ha scritto: > Hi, firends! > > Some our clients are under stupid attack by tcp packets with length 1480 > bytes. > > = > 22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], proto > TCP (6), length 1480) > 188.186.18.151.50325 > 188.64.170.100.27019: Flags [P.], cksum 0x3c63 > (correct), seq 39288:40728, ack 1, win 64800, length 1440 > > 0x: 0025 901a fd64 0026 9806 ddc1 0800 4500 .%...d.&..E. > 0x0010: 05c8 13d1 4000 7c06 af68 bcba 1297 bc40 @.|..h.@ > 0x0020: aa64 c495 698b c6b8 4281 3531 d72b 5018 .d..i...B.51.+P. > 0x0030: fd20 3c63 6e65 2074 6f6f 2e20 4465 .. 0x0040: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat > 0x0050: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De > 0x0060: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat > 0x0070: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De > 0x0080: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat > 0x0090: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De > 0x00a0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat > 0x00b0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De > 0x00c0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat > 0x00d0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De > 0x00e0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat > = > > And so on... > > The tcpdump can be found here: > http://188.64.170.86/bulkin/files/dos_vsplay.zip > > So is there a way to prevent it by Iptables? > > Nikita Bulaev > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack to SRCDS with TCP packets
Lock tcp port and whitelist it only to certain users? (or change the tcpport to another port) Do you want to filter it with iptables because it's affecting the game? Il 17/10/2011 21:15, ?? ?? [Nikita Bulaev] ha scritto: > Hi, firends! > > Some our clients are under stupid attack by tcp packets with length 1480 > bytes. > > = > 22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], proto > TCP (6), length 1480) > 188.186.18.151.50325 > 188.64.170.100.27019: Flags [P.], cksum 0x3c63 > (correct), seq 39288:40728, ack 1, win 64800, length 1440 > > 0x: 0025 901a fd64 0026 9806 ddc1 0800 4500 .%...d.&..E. > 0x0010: 05c8 13d1 4000 7c06 af68 bcba 1297 bc40 @.|..h.@ > 0x0020: aa64 c495 698b c6b8 4281 3531 d72b 5018 .d..i...B.51.+P. > 0x0030: fd20 3c63 6e65 2074 6f6f 2e20 4465 .. 0x0040: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat > 0x0050: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De > 0x0060: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat > 0x0070: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De > 0x0080: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat > 0x0090: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De > 0x00a0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat > 0x00b0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De > 0x00c0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat > 0x00d0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De > 0x00e0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat > = > > And so on... > > The tcpdump can be found here: > http://188.64.170.86/bulkin/files/dos_vsplay.zip > > So is there a way to prevent it by Iptables? > > Nikita Bulaev > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack to SRCDS with TCP packets
You're better off having your ISP/Host block this upstream on a firewall or router. Doing this with iptables can be very resource intensive, and may cause performance issues for your clients. On Mon, Oct 17, 2011 at 3:15 PM, Никита Булаев [Nikita Bulaev] < djfireb...@gmail.com> wrote: > Hi, firends! > > Some our clients are under stupid attack by tcp packets with length 1480 > bytes. > > = > 22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], proto > TCP (6), length 1480) >188.186.18.151.50325 > 188.64.170.100.27019: Flags [P.], cksum 0x3c63 > (correct), seq 39288:40728, ack 1, win 64800, length 1440 > >0x: 0025 901a fd64 0026 9806 ddc1 0800 4500 .%...d.&..E. >0x0010: 05c8 13d1 4000 7c06 af68 bcba 1297 bc40 @.|..h.@ >0x0020: aa64 c495 698b c6b8 4281 3531 d72b 5018 .d..i...B.51.+P. >0x0030: fd20 3c63 6e65 2074 6f6f 2e20 4465 ..0x0040: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat >0x0050: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De >0x0060: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat >0x0070: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De >0x0080: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat >0x0090: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De >0x00a0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat >0x00b0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De >0x00c0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat >0x00d0: 2069 7320 6669 6e65 2074 6f6f 2e20 4465 .is.fine.too..De >0x00e0: 7375 6465 7375 6465 7375 7e41 2063 6174 sudesudesu~A.cat > = > > And so on... > > The tcpdump can be found here: > http://188.64.170.86/bulkin/files/dos_vsplay.zip > > So is there a way to prevent it by Iptables? > > Nikita Bulaev > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] DoS Attack to SRCDS with TCP packets
Hi, firends! Some our clients are under stupid attack by tcp packets with length 1480 bytes. = 22:25:17.613625 IP (tos 0x0, ttl 124, id 5073, offset 0, flags [DF], proto TCP (6), length 1480) 188.186.18.151.50325 > 188.64.170.100.27019: Flags [P.], cksum 0x3c63 (correct), seq 39288:40728, ack 1, win 64800, length 1440 0x: 0025 901a fd64 0026 9806 ddc1 0800 4500 .%...d.&..E. 0x0010: 05c8 13d1 4000 7c06 af68 bcba 1297 bc40 @.|..h.@ 0x0020: aa64 c495 698b c6b8 4281 3531 d72b 5018 .d..i...B.51.+P. 0x0030: fd20 3c63 6e65 2074 6f6f 2e20 4465 ..http://188.64.170.86/bulkin/files/dos_vsplay.zip So is there a way to prevent it by Iptables? Nikita Bulaev ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] dos attack
On Thu, Oct 28, 2010 at 2:23 AM, Kyle Sanderson wrote: > There's Dos Attack Fixer (DAF) > http://www.sourceop.net/modules.php?name=Downloads&d_op=viewdownload&cid=9 > > There's no real proper way to fix this though, successfully. There are > also 'condom' wrappers that forward network traffic to the game and > back through. You server will be listed on Port Y instead of the > regular Port X, which is a major downside and overall drag. > > Over the years there have been numerous topics about the issue, > including '[hlds] Source packet flood exploit' which was created less > then a week ago. Valve does not care AT ALL about their server > software, it's whatever they can do to make their players happy. This > exploit, among may others has been public knowledge for ages. Unless > if there's some *super* plan to fix all of these exploits all at once; > it takes ages for any work to be done while the community diligently > suffers. Take notice how Steam exploits are typically fixed, literally > it was the next day and the main servers were patched against it. Actually, my mod was bombarded by A2S_CHALLENGE packets with spoofed source IP and banning person that wanted everyone to join his server sorted issue out. Unless you make everyone switch to secure IP networking where packets can be authenticated and have traces I don't see a better solution. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] dos attack
There's Dos Attack Fixer (DAF) http://www.sourceop.net/modules.php?name=Downloads&d_op=viewdownload&cid=9 There's no real proper way to fix this though, successfully. There are also 'condom' wrappers that forward network traffic to the game and back through. You server will be listed on Port Y instead of the regular Port X, which is a major downside and overall drag. Over the years there have been numerous topics about the issue, including '[hlds] Source packet flood exploit' which was created less then a week ago. Valve does not care AT ALL about their server software, it's whatever they can do to make their players happy. This exploit, among may others has been public knowledge for ages. Unless if there's some *super* plan to fix all of these exploits all at once; it takes ages for any work to be done while the community diligently suffers. Take notice how Steam exploits are typically fixed, literally it was the next day and the main servers were patched against it. Well, there's my rant, DAF should hopefully work for you. Kyle. On Wed, Oct 27, 2010 at 4:33 PM, tom n wrote: > How bout a noob friendly dos attack plugin or software for css > orangebox/linux server? > > Not sure the details but all players ping went skyhigh and there was a > mention of maybe being attacked by dos. > Thanks > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] dos attack
How bout a noob friendly dos attack plugin or software for css orangebox/linux server? Not sure the details but all players ping went skyhigh and there was a mention of maybe being attacked by dos. Thanks ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] Dos Attack Fix Plugin Updated
Hey all, Since there seems to be a script kiddie going around and abusing A2C_PRINT I've updated my DoS Attack Fix plugin to block A2C_PRINT spam. The plugin is a Valve server plugin, and does not require metamod or Sourcemod. It can be loaded in the middle of a game with no noticeable load time. You can download it from my website: http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 Direct link: http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=35 Both Linux and Windows binaries are included. Extract the contents of the ZIP file to your addons directory. Here is an example from the HLDS list of what the update is designed to block: http://screencast.com/t/JRYs3LglN Contents of the README file: DoS Attack Fix Version: 3 for TF2 Date: 5/3/09 Creator: Drunken F00l, www.sourceop.com This plugin blocks the denial of service attacks released into the wild recently. Console commands: daf_status - Returns the status of the DoS Attack Fix plugin and prints the IP address of any blocked offenders daf_reset - Resets the banned IP list CVARs: daf_version - The version of the DoS Attack Fix plugin daf_enable - Enables the DoS Attack Fix plugin (defaults to on) daf_log - Enables logging of new attackers to file (defaults to off; saves to addons/daf/log.txt) daf_block_alla2cprint - Enables blocking of all A2C_PRINT packets (defaults to off) daf_block_a2cprint_spam - Enables blocking of high volumes of A2C_PRINT packets (defaults to on) daf_block_a2cprint_nonprintable - Enables blocking of A2C_PRINT packets with strange characters (defaults to on) I hope this helps! - Tony ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Updated and CSS Version Released
Linux server doesnt start once plugin is loaded, Console initialized. Game.dll loaded for "Team Fortress" Particles: Missing 'particles/error.pcf' ./srcds_run_fixed: line 354: 22130 Floating point exception$HL_CMD Add "-debug" to the ./srcds_run_fixed command line to generate a debug.log to help with solving this problem Sat Jan 24 16:04:03 EST 2009: Server restart in 10 seconds dosattackfix.vdf "Plugin" { "file" "..\tf\addons\daf\bin\dosattackfix_i486.so" } Any ideas? Running debian etch -Original Message- From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Hüseyin C. Sent: Saturday, 24 January 2009 3:41 AM To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] DoS Attack Fix Plugin Updated and CSS Version Released what a plugin because I must install in order to help I have normal css server with maniadmin event script and metamod if they could explain to me that I would try 2009/1/23 Tony Paloma > I've updated the plugin and also included a CSS version. The updated > version > removes the GLIBC 2.4 requirement and also adds a daf_log CVAR. The CVAR > will log attacking IPs to a file (addons/daf/log.txt). > > > Downloads available here: > http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 > > Direct link for CSS version: > http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=33 > Direct link for TF2 version: > http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=32 > > If you have any issues, let me know. > > Thanks, > Tony > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Updated and CSS Version Released
Any chance to have source so we can have some idea of what we're installing here? > I've updated the plugin and also included a CSS version. The updated version > removes the GLIBC 2.4 requirement and also adds a daf_log CVAR. The CVAR > will log attacking IPs to a file (addons/daf/log.txt). > > > Downloads available here: > http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 > > Direct link for CSS version: > http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=33 > Direct link for TF2 version: > http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=32 > > If you have any issues, let me know. > > Thanks, > Tony > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > __ Information from ESET NOD32 Antivirus, version of virus signature > database 3795 (20090123) __ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > __ Information from ESET NOD32 Antivirus, version of virus signature database 3795 (20090123) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Updated and CSS Version Released
Excellent, thanks for this Tony. mauirixxx -Original Message- From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Tony Paloma Sent: Thursday, January 22, 2009 8:18 PM To: 'Half-Life dedicated Linux server mailing list' Subject: [hlds_linux] DoS Attack Fix Plugin Updated and CSS Version Released I've updated the plugin and also included a CSS version. The updated version removes the GLIBC 2.4 requirement and also adds a daf_log CVAR. The CVAR will log attacking IPs to a file (addons/daf/log.txt). Downloads available here: http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid =9 Direct link for CSS version: http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=33 Direct link for TF2 version: http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=32 If you have any issues, let me know. Thanks, Tony ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
>On Thu, Jan 22, 2009 at 4:47 PM, Nephyrin Zey >wrote: >> The iptables startup script combined with the iptables command >> *should* autoload necessary modules as they're asked for. >> >> "-m length" pulls in the "xt_length" module, so you might not have >> this module supported, or your scripts might not be autoloading it. > >In particular: > ls -l /lib/modules/`uname -r`/kernel/net/netfilter/xt_length.* > > Note that uses 'backticks' not single quote. Typically located on the > tilde (~) key in a full size US QWERTY keyboard. > > BTW as covered before, remove the "-m udp" which isn't supported, >because you include '-p udp' which matches UDP packets. Thanks fellas. The module was not in that directory so I recompiled the kernel with that module turned on and it works great now! ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Updated and CSS Version Released
what a plugin because I must install in order to help I have normal css server with maniadmin event script and metamod if they could explain to me that I would try 2009/1/23 Tony Paloma > I've updated the plugin and also included a CSS version. The updated > version > removes the GLIBC 2.4 requirement and also adds a daf_log CVAR. The CVAR > will log attacking IPs to a file (addons/daf/log.txt). > > > Downloads available here: > http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 > > Direct link for CSS version: > http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=33 > Direct link for TF2 version: > http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=32 > > If you have any issues, let me know. > > Thanks, > Tony > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] DoS Attack Fix Plugin Updated and CSS Version Released
I've updated the plugin and also included a CSS version. The updated version removes the GLIBC 2.4 requirement and also adds a daf_log CVAR. The CVAR will log attacking IPs to a file (addons/daf/log.txt). Downloads available here: http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 Direct link for CSS version: http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=33 Direct link for TF2 version: http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=32 If you have any issues, let me know. Thanks, Tony ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
On Thu, Jan 22, 2009 at 4:47 PM, Nephyrin Zey wrote: > The iptables startup script combined with the iptables command > *should* autoload necessary modules as they're asked for. > > "-m length" pulls in the "xt_length" module, so you might not have > this module supported, or your scripts might not be autoloading it. In particular: ls -l /lib/modules/`uname -r`/kernel/net/netfilter/xt_length.* Note that uses 'backticks' not single quote. Typically located on the tilde (~) key in a full size US QWERTY keyboard. BTW as covered before, remove the "-m udp" which isn't supported, because you include '-p udp' which matches UDP packets. -Michael ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
The iptables startup script combined with the iptables command *should* autoload necessary modules as they're asked for. "-m length" pulls in the "xt_length" module, so you might not have this module supported, or your scripts might not be autoloading it. - Neph On Thu, Jan 22, 2009 at 11:50 AM, Chris wrote: >>> Date: Tue, 20 Jan 2009 14:10:38 -0600 >>> Subject: Re: [hlds_linux] Counterstrike Source DDos Attack !!! NO JOKE!!! >>> hello neph we tested this script one he gives a error >>> >>> iptables -A INPUT -p udp -m udp --dport 27015 -m length --length 28 -j >>> DROP >>> ->>> iptables: No chain/target/match by that name >>> >>> can u help me ? > >>What is the output of lsmod? > > I am having the same problem. I _do_ have an INPUT and _do_ have a > DROP section and am already using iptables with these sections for > other things. > I tried messing with the command a bit to see what is wrong. The -p > udp -m udp --dport 27015 options work fine. > I tried the command like this to see what error I get: > /usr/sbin/iptables -A INPUT -p udp -m udp --dport 27015 -m length -j DROP > and it replies:iptables v1.3.6: length: You must specify `--length' > so it seems like it will work. But when I add --length 28 I get the > same error as the others: > > /usr/sbin/iptables -A INPUT -p udp -m udp --dport 27015 -m length > --length 28 -j DROP > iptables: No chain/target/match by that name > > Since I can't use the TF2 plugin I'd like to get iptables to work. > Here is my lsmod output: > > Module Size Used by > ipt_LOG 6784 5 > xt_tcpudp 4096 35 > iptable_filter 3328 1 > ip_tables 18856 1 iptable_filter > x_tables 17032 3 ipt_LOG,xt_tcpudp,ip_tables > i2c_viapro 9496 0 > via_velocity 30404 0 > i2c_core 23296 1 i2c_viapro > sata_sis8132 0 > pata_sis 14340 1 sata_sis > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
>> Date: Tue, 20 Jan 2009 14:10:38 -0600 >> Subject: Re: [hlds_linux] Counterstrike Source DDos Attack !!! NO JOKE!!! >> hello neph we tested this script one he gives a error >> >> iptables -A INPUT -p udp -m udp --dport 27015 -m length --length 28 -j >> DROP >> ->>> iptables: No chain/target/match by that name >> >> can u help me ? >What is the output of lsmod? I am having the same problem. I _do_ have an INPUT and _do_ have a DROP section and am already using iptables with these sections for other things. I tried messing with the command a bit to see what is wrong. The -p udp -m udp --dport 27015 options work fine. I tried the command like this to see what error I get: /usr/sbin/iptables -A INPUT -p udp -m udp --dport 27015 -m length -j DROP and it replies:iptables v1.3.6: length: You must specify `--length' so it seems like it will work. But when I add --length 28 I get the same error as the others: /usr/sbin/iptables -A INPUT -p udp -m udp --dport 27015 -m length --length 28 -j DROP iptables: No chain/target/match by that name Since I can't use the TF2 plugin I'd like to get iptables to work. Here is my lsmod output: Module Size Used by ipt_LOG 6784 5 xt_tcpudp 4096 35 iptable_filter 3328 1 ip_tables 18856 1 iptable_filter x_tables 17032 3 ipt_LOG,xt_tcpudp,ip_tables i2c_viapro 9496 0 via_velocity 30404 0 i2c_core 23296 1 i2c_viapro sata_sis8132 0 pata_sis 14340 1 sata_sis ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
I was hoping it would work on CSS even though it was written for tf. I made the pertinent changes in the .vdf file, but it does not seem to load up. I get no error messages. > Message: 1 > Date: Wed, 21 Jan 2009 21:14:06 +0100 > From: Pawel > Subject: Re: [hlds_linux] DoS Attack Fix Plugin Released > To: Half-Life dedicated Linux server mailing list > > Message-ID: ><80894ffe0901211214i1b297e2cp6b58b04a98477...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > How about CS:S? > Will it be working? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
I'm still interested in seeing the source myself to see how you accomplished it and what exactly goes on. Let us know when you host it! :D > The plugin hooks valve's receive UDP packet function and filters out the > packets sent by the attacker program. > > The amount of code required to do this is very small. > > -Original Message- > From: hlds_linux-boun...@list.valvesoftware.com > [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of AFAdmin > Sent: Wednesday, January 21, 2009 2:28 PM > To: Half-Life dedicated Linux server mailing list > Subject: Re: [hlds_linux] DoS Attack Fix Plugin Released > > I haven't been on this list for very long, So I dont know eveyrone yet... > > But again, I would feel alot more comfortable trying out the plugin if I > could see what it actually does or how it works, rather than add some > blackbox addon to my server from someone I do not know. > > You can probably tell I'm not of the "Take your medicine it's good for > you" philosophy. ;) > > P.S. I'd still like to know what this plugin actually does. > > > Rick Payton wrote: > >> I totally understand where you're coming from AFAdmin, and you're >> obviously totally justified too, but on the other hand, Tony has been on >> this list for quite some time now. I highly doubt he would release a >> plugin that would mess with other peoples servers. It's just one admin, >> trying help many other admins. >> >> mauirixxx >> >> -Original Message- >> From: hlds_linux-boun...@list.valvesoftware.com >> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of AFAdmin >> Sent: Wednesday, January 21, 2009 2:38 AM >> To: Half-Life dedicated Linux server mailing list >> Subject: Re: [hlds_linux] DoS Attack Fix Plugin Released >> >> I would be more tempted to try it if I saw some source. How do I know >> this wont repeatedly rickroll everyone with the motd window when Im not >> on? >> >> Tony Paloma wrote: >> >> >>> Hey all, >>> >>> I've released a plugin that fixes the attack done by the denial of >>> service program floating around. The plugin is a Valve server plugin, >>> and does not require metamod or Sourcemod. It can be loaded in the >>> middle of a game with no noticeable load time. You can download it >>> >>> >> from my website: >> >> >>> http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&c >>> id=9 >>> >>> Direct link: >>> http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=31 >>> >>> Both Linux and Windows binaries are included. Extract the contents of >>> the ZIP file to your addons directory. >>> >>> Contents of the README file: >>> DoS Attack Fix >>> Version: 1 for TF2 >>> Date: 1/21/09 >>> Creator: Drunken F00l, www.sourceop.com >>> >>> This plugin blocks the denial of service attacks released into the >>> wild recently. >>> >>> Console commands: >>> daf_status >>> - Returns the status of the DoS Attack Fix plugin and prints the IP >>> address of any blocked offenders daf_version >>> - prints the version of the DoS Attack Fix plugin daf_reset >>> - Resets the banned IP list >>> >>> CVARs: >>> daf_enable >>> - Enables the DoS Attack Fix plugin (defaults to on) >>> >>> >>> >>> ___ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> >>> >> please visit: >> >> >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>> >>> >>> >> ___ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> ___ >> To unsubscribe, edit your list preferences, or view the list archives, >> > please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > __ Information from ESET NOD32 Antivirus, version of virus signature > database 3787 (20090121) __ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > __ Information from ESET NOD32 Antivirus, version of virus signature database 3787 (20090121) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
The plugin hooks valve's receive UDP packet function and filters out the packets sent by the attacker program. The amount of code required to do this is very small. -Original Message- From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of AFAdmin Sent: Wednesday, January 21, 2009 2:28 PM To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] DoS Attack Fix Plugin Released I haven't been on this list for very long, So I dont know eveyrone yet... But again, I would feel alot more comfortable trying out the plugin if I could see what it actually does or how it works, rather than add some blackbox addon to my server from someone I do not know. You can probably tell I'm not of the "Take your medicine it's good for you" philosophy. ;) P.S. I'd still like to know what this plugin actually does. Rick Payton wrote: > I totally understand where you're coming from AFAdmin, and you're > obviously totally justified too, but on the other hand, Tony has been on > this list for quite some time now. I highly doubt he would release a > plugin that would mess with other peoples servers. It's just one admin, > trying help many other admins. > > mauirixxx > > -Original Message- > From: hlds_linux-boun...@list.valvesoftware.com > [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of AFAdmin > Sent: Wednesday, January 21, 2009 2:38 AM > To: Half-Life dedicated Linux server mailing list > Subject: Re: [hlds_linux] DoS Attack Fix Plugin Released > > I would be more tempted to try it if I saw some source. How do I know > this wont repeatedly rickroll everyone with the motd window when Im not > on? > > Tony Paloma wrote: > >> Hey all, >> >> I've released a plugin that fixes the attack done by the denial of >> service program floating around. The plugin is a Valve server plugin, >> and does not require metamod or Sourcemod. It can be loaded in the >> middle of a game with no noticeable load time. You can download it >> > from my website: > >> http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&c >> id=9 >> >> Direct link: >> http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=31 >> >> Both Linux and Windows binaries are included. Extract the contents of >> the ZIP file to your addons directory. >> >> Contents of the README file: >> DoS Attack Fix >> Version: 1 for TF2 >> Date: 1/21/09 >> Creator: Drunken F00l, www.sourceop.com >> >> This plugin blocks the denial of service attacks released into the >> wild recently. >> >> Console commands: >> daf_status >> - Returns the status of the DoS Attack Fix plugin and prints the IP >> address of any blocked offenders daf_version >> - prints the version of the DoS Attack Fix plugin daf_reset >> - Resets the banned IP list >> >> CVARs: >> daf_enable >> - Enables the DoS Attack Fix plugin (defaults to on) >> >> >> >> ___ >> To unsubscribe, edit your list preferences, or view the list archives, >> > please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
It blocks the packets from offending IP addresses. Blocked IPs: IP Address | Occurences +--- Blocked 21800 packets total. I already removed the IP as it was a test run from another person in the IRC, but it does do what it says it does. On Wed, Jan 21, 2009 at 4:27 PM, AFAdmin wrote: > I haven't been on this list for very long, So I dont know eveyrone yet... > > But again, I would feel alot more comfortable trying out the plugin if I > could see what it actually does or how it works, rather than add some > blackbox addon to my server from someone I do not know. > > You can probably tell I'm not of the "Take your medicine it's good for > you" philosophy. ;) > > P.S. I'd still like to know what this plugin actually does. > > > Rick Payton wrote: > > I totally understand where you're coming from AFAdmin, and you're > > obviously totally justified too, but on the other hand, Tony has been on > > this list for quite some time now. I highly doubt he would release a > > plugin that would mess with other peoples servers. It's just one admin, > > trying help many other admins. > > > > mauirixxx > > > > -Original Message- > > From: hlds_linux-boun...@list.valvesoftware.com > > [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of AFAdmin > > Sent: Wednesday, January 21, 2009 2:38 AM > > To: Half-Life dedicated Linux server mailing list > > Subject: Re: [hlds_linux] DoS Attack Fix Plugin Released > > > > I would be more tempted to try it if I saw some source. How do I know > > this wont repeatedly rickroll everyone with the motd window when Im not > > on? > > > > Tony Paloma wrote: > > > >> Hey all, > >> > >> I've released a plugin that fixes the attack done by the denial of > >> service program floating around. The plugin is a Valve server plugin, > >> and does not require metamod or Sourcemod. It can be loaded in the > >> middle of a game with no noticeable load time. You can download it > >> > > from my website: > > > >> http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&c > >> id=9 > >> > >> Direct link: > >> http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=31 > >> > >> Both Linux and Windows binaries are included. Extract the contents of > >> the ZIP file to your addons directory. > >> > >> Contents of the README file: > >> DoS Attack Fix > >> Version: 1 for TF2 > >> Date: 1/21/09 > >> Creator: Drunken F00l, www.sourceop.com > >> > >> This plugin blocks the denial of service attacks released into the > >> wild recently. > >> > >> Console commands: > >> daf_status > >> - Returns the status of the DoS Attack Fix plugin and prints the IP > >> address of any blocked offenders daf_version > >> - prints the version of the DoS Attack Fix plugin daf_reset > >> - Resets the banned IP list > >> > >> CVARs: > >> daf_enable > >> - Enables the DoS Attack Fix plugin (defaults to on) > >> > >> > >> > >> ___ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> > > please visit: > > > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> > >> > > > > > > ___ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > ___ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
I haven't been on this list for very long, So I dont know eveyrone yet... But again, I would feel alot more comfortable trying out the plugin if I could see what it actually does or how it works, rather than add some blackbox addon to my server from someone I do not know. You can probably tell I'm not of the "Take your medicine it's good for you" philosophy. ;) P.S. I'd still like to know what this plugin actually does. Rick Payton wrote: > I totally understand where you're coming from AFAdmin, and you're > obviously totally justified too, but on the other hand, Tony has been on > this list for quite some time now. I highly doubt he would release a > plugin that would mess with other peoples servers. It's just one admin, > trying help many other admins. > > mauirixxx > > -Original Message- > From: hlds_linux-boun...@list.valvesoftware.com > [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of AFAdmin > Sent: Wednesday, January 21, 2009 2:38 AM > To: Half-Life dedicated Linux server mailing list > Subject: Re: [hlds_linux] DoS Attack Fix Plugin Released > > I would be more tempted to try it if I saw some source. How do I know > this wont repeatedly rickroll everyone with the motd window when Im not > on? > > Tony Paloma wrote: > >> Hey all, >> >> I've released a plugin that fixes the attack done by the denial of >> service program floating around. The plugin is a Valve server plugin, >> and does not require metamod or Sourcemod. It can be loaded in the >> middle of a game with no noticeable load time. You can download it >> > from my website: > >> http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&c >> id=9 >> >> Direct link: >> http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=31 >> >> Both Linux and Windows binaries are included. Extract the contents of >> the ZIP file to your addons directory. >> >> Contents of the README file: >> DoS Attack Fix >> Version: 1 for TF2 >> Date: 1/21/09 >> Creator: Drunken F00l, www.sourceop.com >> >> This plugin blocks the denial of service attacks released into the >> wild recently. >> >> Console commands: >> daf_status >> - Returns the status of the DoS Attack Fix plugin and prints the IP >> address of any blocked offenders daf_version >> - prints the version of the DoS Attack Fix plugin daf_reset >> - Resets the banned IP list >> >> CVARs: >> daf_enable >> - Enables the DoS Attack Fix plugin (defaults to on) >> >> >> >> ___ >> To unsubscribe, edit your list preferences, or view the list archives, >> > please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
Tony is certainly trustworthy, and I can verify that this plugin works fine - Neph On Wed, Jan 21, 2009 at 12:21 PM, Rick Payton wrote: > I totally understand where you're coming from AFAdmin, and you're > obviously totally justified too, but on the other hand, Tony has been on > this list for quite some time now. I highly doubt he would release a > plugin that would mess with other peoples servers. It's just one admin, > trying help many other admins. > > mauirixxx ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
I totally understand where you're coming from AFAdmin, and you're obviously totally justified too, but on the other hand, Tony has been on this list for quite some time now. I highly doubt he would release a plugin that would mess with other peoples servers. It's just one admin, trying help many other admins. mauirixxx -Original Message- From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of AFAdmin Sent: Wednesday, January 21, 2009 2:38 AM To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] DoS Attack Fix Plugin Released I would be more tempted to try it if I saw some source. How do I know this wont repeatedly rickroll everyone with the motd window when Im not on? Tony Paloma wrote: > Hey all, > > I've released a plugin that fixes the attack done by the denial of > service program floating around. The plugin is a Valve server plugin, > and does not require metamod or Sourcemod. It can be loaded in the > middle of a game with no noticeable load time. You can download it from my website: > http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&c > id=9 > > Direct link: > http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=31 > > Both Linux and Windows binaries are included. Extract the contents of > the ZIP file to your addons directory. > > Contents of the README file: > DoS Attack Fix > Version: 1 for TF2 > Date: 1/21/09 > Creator: Drunken F00l, www.sourceop.com > > This plugin blocks the denial of service attacks released into the > wild recently. > > Console commands: > daf_status > - Returns the status of the DoS Attack Fix plugin and prints the IP > address of any blocked offenders daf_version > - prints the version of the DoS Attack Fix plugin daf_reset > - Resets the banned IP list > > CVARs: > daf_enable > - Enables the DoS Attack Fix plugin (defaults to on) > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
How about CS:S? Will it be working? On Wed, Jan 21, 2009 at 6:21 PM, 1nsane <1nsane...@gmail.com> wrote: > Thanks for this! Seeing how Valve isn't fixing it it's once again up to > others to fix their mistakes. > > On Wed, Jan 21, 2009 at 5:32 AM, Tony Paloma >wrote: > > > Hey all, > > > > I've released a plugin that fixes the attack done by the denial of > service > > program floating around. The plugin is a Valve server plugin, and does > not > > require metamod or Sourcemod. It can be loaded in the middle of a game > with > > no noticeable load time. You can download it from my website: > > > http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 > > > > Direct link: > > http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=31 > > > > Both Linux and Windows binaries are included. Extract the contents of the > > ZIP file to your addons directory. > > > > Contents of the README file: > > DoS Attack Fix > > Version: 1 for TF2 > > Date: 1/21/09 > > Creator: Drunken F00l, www.sourceop.com > > > > This plugin blocks the denial of service attacks released into the wild > > recently. > > > > Console commands: > > daf_status > > - Returns the status of the DoS Attack Fix plugin and prints the IP > > address > > of any blocked offenders > > daf_version > > - prints the version of the DoS Attack Fix plugin > > daf_reset > > - Resets the banned IP list > > > > CVARs: > > daf_enable > > - Enables the DoS Attack Fix plugin (defaults to on) > > > > > > > > ___ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
Thanks for this! Seeing how Valve isn't fixing it it's once again up to others to fix their mistakes. On Wed, Jan 21, 2009 at 5:32 AM, Tony Paloma wrote: > Hey all, > > I've released a plugin that fixes the attack done by the denial of service > program floating around. The plugin is a Valve server plugin, and does not > require metamod or Sourcemod. It can be loaded in the middle of a game with > no noticeable load time. You can download it from my website: > http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 > > Direct link: > http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=31 > > Both Linux and Windows binaries are included. Extract the contents of the > ZIP file to your addons directory. > > Contents of the README file: > DoS Attack Fix > Version: 1 for TF2 > Date: 1/21/09 > Creator: Drunken F00l, www.sourceop.com > > This plugin blocks the denial of service attacks released into the wild > recently. > > Console commands: > daf_status > - Returns the status of the DoS Attack Fix plugin and prints the IP > address > of any blocked offenders > daf_version > - prints the version of the DoS Attack Fix plugin > daf_reset > - Resets the banned IP list > > CVARs: > daf_enable > - Enables the DoS Attack Fix plugin (defaults to on) > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
Top Notch!! Thanks for the plugin Tony, We really appreciate you jumping on this issue. -Steve > Hey all, > > I've released a plugin that fixes the attack done by the denial of service > program floating around. The plugin is a Valve server plugin, and does not > require metamod or Sourcemod. It can be loaded in the middle of a game > with > no noticeable load time. You can download it from my website: > http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 > > Direct link: > http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=31 > > Both Linux and Windows binaries are included. Extract the contents of the > ZIP file to your addons directory. > > Contents of the README file: > DoS Attack Fix > Version: 1 for TF2 > Date: 1/21/09 > Creator: Drunken F00l, www.sourceop.com > > This plugin blocks the denial of service attacks released into the wild > recently. > > Console commands: > daf_status > - Returns the status of the DoS Attack Fix plugin and prints the IP > address > of any blocked offenders > daf_version > - prints the version of the DoS Attack Fix plugin > daf_reset > - Resets the banned IP list > > CVARs: > daf_enable > - Enables the DoS Attack Fix plugin (defaults to on) > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
Most people on this list aren't script kiddies who just want to cause trouble; I would take this post at face value and appreciate the offered fix if it works for you - that's my gut feeling anyway. - Andrew -Original Message- From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of AFAdmin Sent: Wednesday, 21 January 2009 11:38 PM To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] DoS Attack Fix Plugin Released I would be more tempted to try it if I saw some source. How do I know this wont repeatedly rickroll everyone with the motd window when Im not on? Tony Paloma wrote: > Hey all, > > I've released a plugin that fixes the attack done by the denial of service > program floating around. The plugin is a Valve server plugin, and does not > require metamod or Sourcemod. It can be loaded in the middle of a game with > no noticeable load time. You can download it from my website: > http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 > > Direct link: > http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=31 > > Both Linux and Windows binaries are included. Extract the contents of the > ZIP file to your addons directory. > > Contents of the README file: > DoS Attack Fix > Version: 1 for TF2 > Date: 1/21/09 > Creator: Drunken F00l, www.sourceop.com > > This plugin blocks the denial of service attacks released into the wild > recently. > > Console commands: > daf_status > - Returns the status of the DoS Attack Fix plugin and prints the IP address > of any blocked offenders > daf_version > - prints the version of the DoS Attack Fix plugin > daf_reset > - Resets the banned IP list > > CVARs: > daf_enable > - Enables the DoS Attack Fix plugin (defaults to on) > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
hello this one is for TF2 can i install this addon on css server ? Tony Paloma schrieb: > Hey all, > > I've released a plugin that fixes the attack done by the denial of service > program floating around. The plugin is a Valve server plugin, and does not > require metamod or Sourcemod. It can be loaded in the middle of a game with > no noticeable load time. You can download it from my website: > http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 > > Direct link: > http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=31 > > Both Linux and Windows binaries are included. Extract the contents of the > ZIP file to your addons directory. > > Contents of the README file: > DoS Attack Fix > Version: 1 for TF2 > Date: 1/21/09 > Creator: Drunken F00l, www.sourceop.com > > This plugin blocks the denial of service attacks released into the wild > recently. > > Console commands: > daf_status > - Returns the status of the DoS Attack Fix plugin and prints the IP address > of any blocked offenders > daf_version > - prints the version of the DoS Attack Fix plugin > daf_reset > - Resets the banned IP list > > CVARs: > daf_enable > - Enables the DoS Attack Fix plugin (defaults to on) > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] DoS Attack Fix Plugin Released
I would be more tempted to try it if I saw some source. How do I know this wont repeatedly rickroll everyone with the motd window when Im not on? Tony Paloma wrote: > Hey all, > > I've released a plugin that fixes the attack done by the denial of service > program floating around. The plugin is a Valve server plugin, and does not > require metamod or Sourcemod. It can be loaded in the middle of a game with > no noticeable load time. You can download it from my website: > http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 > > Direct link: > http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=31 > > Both Linux and Windows binaries are included. Extract the contents of the > ZIP file to your addons directory. > > Contents of the README file: > DoS Attack Fix > Version: 1 for TF2 > Date: 1/21/09 > Creator: Drunken F00l, www.sourceop.com > > This plugin blocks the denial of service attacks released into the wild > recently. > > Console commands: > daf_status > - Returns the status of the DoS Attack Fix plugin and prints the IP address > of any blocked offenders > daf_version > - prints the version of the DoS Attack Fix plugin > daf_reset > - Resets the banned IP list > > CVARs: > daf_enable > - Enables the DoS Attack Fix plugin (defaults to on) > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] DoS Attack Fix Plugin Released
Hey all, I've released a plugin that fixes the attack done by the denial of service program floating around. The plugin is a Valve server plugin, and does not require metamod or Sourcemod. It can be loaded in the middle of a game with no noticeable load time. You can download it from my website: http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 Direct link: http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=31 Both Linux and Windows binaries are included. Extract the contents of the ZIP file to your addons directory. Contents of the README file: DoS Attack Fix Version: 1 for TF2 Date: 1/21/09 Creator: Drunken F00l, www.sourceop.com This plugin blocks the denial of service attacks released into the wild recently. Console commands: daf_status - Returns the status of the DoS Attack Fix plugin and prints the IP address of any blocked offenders daf_version - prints the version of the DoS Attack Fix plugin daf_reset - Resets the banned IP list CVARs: daf_enable - Enables the DoS Attack Fix plugin (defaults to on) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux