10-08-2009, 06:48 PM
Good catch. I've updated my rules. No hits even to the previous rules yet, though.
|
srcds DOS attack?
|
10-08-2009, 11:16 PM
(10-08-2009, 04:04 PM)jheiv Wrote: Quick update, I screwed up the IP Tables I posted -- if you read that carefully, I'm actually limiting the jump from input to "logattacker". I really wanted to limit the logging. And if i have two servers 27015 and 27035 how do i do then?
10-09-2009, 01:00 AM
You can use the same "logattacker" iptables chain.
Add this for your 27035 server: iptables -A INPUT -p udp -m udp --dport 27035 -m length --length 0:32 -j logattacker If the both servers are attacked at the same time then it's possible in theory that you don't get log entry for the other attacker on the other server, but I don't think it's too diffuclt to draw the conclusion that it's the same attacker than on the other server 
10-13-2009, 03:47 PM
Quick update, I have gotten attacked since and the rules worked like a charm.
Blocked 10M of traffic in 367,000 packets and the players said there was no noticeable lag. With a 2/sec log frequency I logged about 3,000 entries -- not too bad -- but I could afford to decrease the frequency I'm sure. I always grep out the logs from each IP and send it to the abuse email from the apparent IP whois entry -- who knows if they even look at it though.
10-13-2009, 04:21 PM
Sounds good.
I'll do my quick update too: The iptables rule is not blocking any real traffic. I've had the rules for a week and there's only one caught packet. I wonder what that was all about 
10-13-2009, 11:35 PM
Trying but get´s an error:
Couldn't load target `logattacker':/lib/xtables/libipt_logattacker.so: cannot open shared object file: No such file or directory debian lenny (10-13-2009, 11:35 PM)lhffan Wrote: Trying but get´s an error: Sorry, you probably need to declare logattacker as a new chain so it doesn't try to join a non-existent chain named logattacker. Use this before the iptables -A rules: Code: iptables -N logattacker... That should clear it up.
ahh
thanxseems to work. How does i also limit connection to my rcon to my second server ip? Does this look okey? Code: Chain INPUT (policy ACCEPT)
10-14-2009, 02:58 AM
Sorry for double post. But why does my new chains and rules dont stay after an reboot?
Oh very nice, got the first little shit trying to crash my server yesterday.
(10-14-2009, 01:54 AM)lhffan Wrote: ahhYes this looks OK. If you want to limit access to your rcon port try (untested): Code: # Make new chainAlternatively, you could leave your rcon port open and just log the access attempts ( Code: # Build RCON Attack Rules(10-14-2009, 02:58 AM)lhffan Wrote: Sorry for double post. But why does my new chains and rules dont stay after an reboot? Because you didn't save them. Add them again then try: Code: service iptables save
SRCDS only needs udp connection?
10-27-2009, 05:41 PM
What question is this?
Srcds uses UDP for gameplay and TCP for RCON.
10-27-2009, 06:17 PM
ok thanx. Sorry for the cryptic question. But i got an answer anyways
Will trye to build up my rules some more today. Folowing this guide: http://www.lysator.liu.se/~kjell-e/tekla/linux/security/iptables/iptables.html
11-03-2009, 04:06 AM
![[Image: b_560x95.png]](http://cache.www.gametracker.com/server_info/95.31.2.145:27020/b_560x95.png)
|
|
« Next Oldest | Next Newest »
|
![[Image: banner.png]](http://css.setti.info/stats/server/78.46.42.232:27015/banner.png)
Users browsing this thread: 1 Guest(s)