Hey guys,
My server is getting TSource Query Floods. Rate limiting does not help as that makes server appear offline but just allows to stop lag to those who are playing but ddos ends. I find query cache an option.
https://forum.i3d.net/threads/hlds...E: Each packet is from.different IP (spoofed)
ishchhabra, I think it not possible to detect flood from different IPs on machine. In my opinion you must block its before packets got to your server (on router etc...). But I am not pro in this case and may be wrong
We cant block on network level. We cant actually filter it so we will use query cache so HLDS doesnt has to process each query and generate reply but use the data stored in the cache and respond from it thus saving alot of CPU preventing the effect of flood by alot.
This code snippet represents a set of iptables rules for filtering incoming network traffic on a server based on the UDP protocol and a specific port (presumably, the variable $SERVERPORT contains the port number). Let's break down each line of code individually:
1. A2S_PLAYER:
- iptables -A INPUT -p udp --dport $SERVERPORT -m string --hex-string "|ffffffff55|" --algo bm -m limit --limit 50/s -j ACCEPT
- This command adds an iptables rule. It means UDP packets directed to the specified port ($SERVERPORT), containing the string |ffffffff55| in hexadecimal format (this is the ASCII representation of data), will be allowed with a limit of 50 packets per second (--limit 50/s). If the packet rate exceeds 50 per second, additional packets will be dropped (-j ACCEPT).
- iptables -A INPUT -p udp --dport $SERVERPORT -m string --hex-string "|ffffffff55|" --algo bm -j DROP
- This command adds a second rule. It signifies that UDP packets containing the string |ffffffff55| in hexadecimal format and directed to the specified port will be immediately dropped (-j DROP).
2. A2S_INFO:
- iptables -A INPUT -p udp --dport $SERVERPORT -m string --hex-string "|ffffffff54|" --algo bm -m limit --limit 50/s -j ACCEPT
- This command adds a rule for a different type of packets. UDP packets on the specified port, containing the string |ffffffff54| in hexadecimal format, will be allowed with a limit of 50 packets per second. If the packet rate exceeds 50 per second, additional packets will be dropped (-j ACCEPT).
- iptables -A INPUT -p udp --dport $SERVERPORT -m string --hex-string "|ffffffff54|" --algo bm -j DROP
- This command adds a second rule for packets with different data. UDP packets containing the string |ffffffff54| in hexadecimal format and directed to the specified port will be immediately dropped (-j DROP).
These rules use the string module of iptables to filter packets based on the content of the data. In this case, the filtering is done based on specific strings in hexadecimal format, presumably representing certain commands or requests that the server should handle or block.
As mentioned, during an attack your server will appear as offline for players outside your server! This option is just to protect your server from causing too high traffic.
A cacher is caching the result of the queries of your gameserver for a certain time (usually 1-2 seconds) and answering all incoming queries directly.
Usual way: Client => Gameserver => Client
With a cacher: Client => Cacher => Client
The advantage is that the gameserver is no longer involved in answering server queries.
I already saw some public cacher for srcds in the internet. Just google.
На данном сайте используются файлы cookie, чтобы персонализировать контент и сохранить Ваш вход в систему, если Вы зарегистрируетесь.
Продолжая использовать этот сайт, Вы соглашаетесь на использование наших файлов cookie.