Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

On 1/28/2011 2:07 PM, Gary Stanley wrote: Bottom line is you cannot protect yourself against DDOS. Only thing you can do is hope you have more transit than the attackers. That's partially true. With DDoS attacks that exceed your transit capacity, the link size does come into play. However, ma

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

At 09:20 AM 1/28/2011, Emil Larsson wrote: Since it requires a handshake, TCP is impossible to spoof (unlike UDP). It would make it a bit easier to block IP's since a handshake will fail if a spoofed IP is used. Of course, most DOS bugs in SRCDS are from bugs and lack of packet caching/priority.

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

At 09:20 AM 1/28/2011, Emil Larsson wrote: Since it requires a handshake, TCP is impossible to spoof (unlike UDP). It would make it a bit easier to block IP's since a handshake will fail if a spoofed IP is used. Of course, most DOS bugs in SRCDS are from bugs and lack of packet caching/priority.

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

SYN floods are a very well-understood attack and SYN cookies provide a good defense against them. One nice thing about TCP connections is that the handshake is done at the level of the OS, not the application -- so it can take advantage of other resources while the game server continues to chu

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

Please, read what I initially said. "TCP would solve the issue for queries" What's the issue with moving the query system from UDP 27015 to TCP 27016? :/ However, TCP is also prone to DDoS via SYN floods: "SYN flood sends a flood of TCP/SYN packets, often

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

Yes, a gameserver on TCP is really a bad idea because the handshake creates a very high overhead. I'm pretty sure you can test it out by yourself by adding -tcp to your client's startup line, and see if you enjoy playing with a choke of about 60. Which is why UDP is used instead: while it's

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

server mailing list Subject: Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update? Since it requires a handshake, TCP is impossible to spoof (unlike UDP). It would make it a bit easier to block IP's since a handshake will fail if a spoofed IP is used. Of course

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

Since it requires a handshake, TCP is impossible to spoof (unlike UDP). It would make it a bit easier to block IP's since a handshake will fail if a spoofed IP is used. Of course, most DOS bugs in SRCDS are from bugs and lack of packet caching/priority. However it also have higher overhead, which

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

I thought that TCP would solve the issue for queries and stuff like that but in practice TCP is just as prone to DDoS as UDP -.- On Friday, 28 January 2011, Marco Padovan wrote: > TCP for example... > > Il 28/01/2011 13:45, frostschutz ha scritto: > > On Thu, Jan 27, 2011 at 06:53:08PM -0500, cla

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

TCP for example... Il 28/01/2011 13:45, frostschutz ha scritto: On Thu, Jan 27, 2011 at 06:53:08PM -0500, clad iron wrote: Would there be a way for the engine to identify exactly where it's coming from and drop the connection ? It's UDP, there are no connections and you can't stop others from

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

On Thu, Jan 27, 2011 at 06:53:08PM -0500, clad iron wrote: > Would there be a way for the engine to identify > exactly where it's coming from and drop the connection ? It's UDP, there are no connections and you can't stop others from sending packets to you. So the best you can do is drop without

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

ftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Arie Sent: Thursday, January 27, 2011 3:17 PM To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update? Well, the new update seems to be effect

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

with attacks? > > -Original Message- > From: hlds_linux-boun...@list.valvesoftware.com > [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Arie > Sent: vrijdag 28 januari 2011 0:34 > To: Half-Life dedicated Linux server mailing list > Subject: Re: [hlds_linux

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

On 28/01/2011 10:26 AM, Eric Riemers wrote: So can we conclude that it doesn't solve the issues with attacks? From what I've seen... it's helped but not SOLVED the issue. -- PryMaL email: pry...@geekout.info twitter: prymal1981 ___ To unsubscribe,

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

list Subject: Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update? Just checked another server and it was fine. Only during the attack connecting was impossible, but that was expected. On 28 January 2011 00:29, Ross Bemrose wrote: > I have no problem connecting

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

i have no idea if this is even possible, but if the Dos attacks are now being able to be blocked. Would there be a way for the engine to identify exactly where it's coming from and drop the connection ? I mean a hacker can flood it enough to drop everyone, so it seems there should be some type of b

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

Just checked another server and it was fine. Only during the attack connecting was impossible, but that was expected. On 28 January 2011 00:29, Ross Bemrose wrote: > I have no problem connecting to one of my servers (red.ocrtf2.com:27015) > post-update. > > However, my servers aren't being DoS

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

I have no problem connecting to one of my servers (red.ocrtf2.com:27015) post-update. However, my servers aren't being DoSed either... On 1/27/2011 6:17 PM, Arie wrote: Well, the new update seems to be effective at blocking the DoS attacks. Too effective even, because after an attack it won't

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

Well, the new update seems to be effective at blocking the DoS attacks. Too effective even, because after an attack it won't allow anyone to connect any more, even though it's still running and not frozen. On 28 January 2011 00:01, Kyle Sanderson wrote: > Doesn't look like it. I was surprise

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

Doesn't look like it. I was surprised that nothing was announced on the list. Maybe they're pushing a bigger update later in the day that is required?. Kyle. On Thu, Jan 27, 2011 at 2:53 PM, Ross Bemrose wrote: > I always update my servers if I see a client update. > > Today's update updated jus