> My initial research says that these are attacks on my servers but I'm no so
> sure that's correct. I'm running my TF2 and CSS servers on my own Windows > 2008 Dedicated server and when I see these messages, I immediately add them > to a Windows Firewall rule I have to block any and all traffic from these > IPs before the server even sees it. What's interesting is that I still see > these messages even though they get added to the firewall's block list. > Eventually they stop but a litle while later, I get messages like it from > other IPs. Sometimes I can go a day or two without any, and other days I > get as many as 15 IPs doing this > Windows Firewall isn't an effective tool to mitigate DoS or DDoS attacks, nor is any software firewall running on the server box being attacked. The server is still receiving those malicious packets and having to process them, which takes processing time and bandwidth. Even assuming Windows Firewall could filter out the bad traffic, the attackers could just increase the intensity of the attack until all of the CPU time and memory is consumed with dealing with those packets. In a situation like yours, playing whack-a-mole and blocking IP addresses isn't going to help you. You need to have a box upstream of your server running something like security onion doing packet inspection and automatically filtering out the malicious packets. This will prevent the server from being hammered, but you're still at the mercy of how big the network pipes to the server are and how much the attackers what to take your server down.
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
