You should do it other way. You should only pass legitimate srcds packets a drop any other with NEW state. Also you can implement whitelist. Also use bm algorithm.
Dňa 31.10.2015, o 13:14, Calvin J <[email protected]> napísal: > Hi, > > SSDP attacks are a common vector on 90% of the "stresers" being sold, the > attack will generally exceed 1gbps so I doubt you're going to be able to > handle this with iptables. > > Contact your host and ask them to drop source port 1900 to your IP range. If > they can't you're likely going to have to look elsewhere for solutions. > > You could also try changing the pattern matching algorithm by changing --algo > bm to --algo kpm (It's faster for string matching) > > Make sure you delete the current rule and re-add it with the different > algorithm, I would not recommend running them alongside each other. > >> On 10/31/2015 4:30 AM, Левинчук Федор wrote: >> find solution >> $IPTABLES -I INPUT -p udp --dport 16000:29000 -m string --to 75 --algo bm >> --string 'HTTP/1.1 200 OK' -j DROP >> >> recommends another rules >> $IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP >> $IPTABLES -A OUTPUT -p udp -m udp --match multiport --sports 16000:29000 -m >> string --algo bm --string "disconnect" -j DROP > > -- > Calvin Judy > Founder & CEO > PH#: (843) 410-8486 > Mail: [email protected] > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
