How Marco? CSGO Cvar? Iptables? 2017-03-23 22:53 GMT+01:00 Mathias <[email protected]>:
> Thanks for this awesome help John! This kind of "Attack" have been > attacking me for days without stopping. > > So i block the port everytime they attack on new port? And what if they > attack on the port directly? There must be a kind of filter possible on > Linux with Iptables. Anything i can tell me datacenter to fix this attack > permanent? > > > > 2017-03-23 22:44 GMT+01:00 John <[email protected]>: > >> If you're seeing packets from port 28960, you're most likely seeing a >> reflected query DDoS that is coming from CoDx servers (you can tell for >> certain by looking at the contents of captured packets -- look for the >> string 'statusResponse') -- not a direct query/connection flood, and likely >> not spoofed. You can safely block traffic from port 28960, or do a more >> thorough filter to block that traffic. This is an example rule to just >> block the port. >> >> iptables -I INPUT -p udp --sport 28960 -j DROP >> >> -John >> >> >> On 3/23/2017 2:33 PM, Mathias wrote: >> >> Thanks John. >> >> Could you guide/send me the Iptables? >> >> My server is on port 27115 and the attack comes in on port 28960 - But it >> wont work block the port (Have tried) >> >> "IP rate limit sustained 79085 distributed packets at 2636.2 pps (1246 >> buckets). >> >> IP rate limit under distributed packet load (1205 buckets, 15001 global >> count), rejecting 8.59.18.221:28960. >> >> IP rate limit sustained 78411 distributed packets at 2613.7 pps (943 >> buckets). >> >> IP rate limit under distributed packet load (1210 buckets, 15001 global >> count), rejecting 154.112.126.3:28960. >> >> IP rate limit sustained 104375 distributed packets at 3479.2 pps (968 >> buckets). >> >> IP rate limit under distributed packet load (1152 buckets, 15001 global >> count), rejecting 84.3.222.161:28960. >> >> IP rate limit sustained 78941 distributed packets at 2631.4 pps (795 >> buckets). >> >> IP rate limit under distributed packet load (1176 buckets, 16663 global >> count), rejecting 88.131.51.148:28960." >> >> >> 2017-03-23 22:27 GMT+01:00 John <[email protected]>: >> >>> On 3/23/2017 1:34 PM, Mathias wrote: >>> >>>> My server's getting flood with VSE DDoS Attack. My server have DDoS >>>> Protection but it wont take it. any other DDoS Attack does it takes so what >>>> can i do? i'm on Linux Ubuntu 16.04. >>>> >>>> Here is server logs - http://pastebin.com/Q2dbcEMt >>>> >>>> I also got how the script works (VSE DDoS Attack) - Found on a forum >>>> via Google >>>> >>>> Any idea to stop it with Iptables? Packet limit? >>>> >>> >>> The term "VSE" ("Valve Source Exploit") that the attackers like to use >>> is a misnomer because there isn't an exploit involved. These attacks just >>> flood a server with spoofed queries and/or connection attempts from random >>> sources, and Source can't handle the volume. >>> >>> Currently the most effective general-purpose way to deal with these is >>> to whitelist real player IPs and rate-limit queries and connection attempts >>> from all other sources (down to around 1000/s). This can be done with >>> iptables using a combination of the ipset, hashlimit, and bpf/u32/string >>> modules. >>> >>> Ideally, the game would be redesigned to using TCP for queries and the >>> very first part of the connection, offloading the first-contact tasks to >>> the OS, which has established methods for combating high-rate spoofed TCP >>> SYN floods. Internally, it could then straight drop all UDP packets that >>> don't correspond to a currently connected player. >>> >>> -John >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> >> >> _______________________________________________ >> Csgo_servers mailing >> [email protected]https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
