TSource Query Floods

Сообщения
20
Реакции
1
Hey guys,
My server is getting TSource Query Floods. Rate limiting does not help as that makes server appear offline but just allows to stop lag to those who are playing but ddos ends. I find query cache an option.

https://forum.i3d.net/threads/hlds...E: Each packet is from.different IP (spoofed)
 
Сообщения
2,491
Реакции
2,794
Помог
61 раз(а)
ishchhabra, I think it not possible to detect flood from different IPs on machine. In my opinion you must block its before packets got to your server (on router etc...). But I am not pro in this case and may be wrong
 
Сообщения
20
Реакции
1
We cant block on network level. We cant actually filter it so we will use query cache so HLDS doesnt has to process each query and generate reply but use the data stored in the cache and respond from it thus saving alot of CPU preventing the effect of flood by alot.
 
Сообщения
2,491
Реакции
2,794
Помог
61 раз(а)
ishchhabra, sorry. But many of users have CS 1.6 servers instead of CS:GO. Did you decide your question?
 
Сообщения
20
Реакции
1
With ReHLDS the vulnerability comes to HLDS too.. Its not on net, thats why I asked someone to fix the script..
31 Янв 2018
This vulnerability is in 1.6 too..
 
Сообщения
2,751
Реакции
3,017
Помог
61 раз(а)
from: https://forums.alliedmods.net/showpost.php?p=2374318&postcount=36
Bash:
# A2S_PLAYER
iptables -A INPUT -p udp --dport $SERVERPORT -m string --hex-string "|ffffffff55|" --algo bm -m limit --limit 50/s -j ACCEPT
iptables -A INPUT -p udp --dport $SERVERPORT -m string --hex-string "|ffffffff55|" --algo bm -j DROP
# A2S_INFO
iptables -A INPUT -p udp --dport $SERVERPORT -m string --hex-string "|ffffffff54|" --algo bm -m limit --limit 50/s -j ACCEPT
iptables -A INPUT -p udp --dport $SERVERPORT -m string --hex-string "|ffffffff54|" --algo bm -j DROP
This code snippet represents a set of iptables rules for filtering incoming network traffic on a server based on the UDP protocol and a specific port (presumably, the variable $SERVERPORT contains the port number). Let's break down each line of code individually:

1. A2S_PLAYER:
- iptables -A INPUT -p udp --dport $SERVERPORT -m string --hex-string "|ffffffff55|" --algo bm -m limit --limit 50/s -j ACCEPT
- This command adds an iptables rule. It means UDP packets directed to the specified port ($SERVERPORT), containing the string |ffffffff55| in hexadecimal format (this is the ASCII representation of data), will be allowed with a limit of 50 packets per second (--limit 50/s). If the packet rate exceeds 50 per second, additional packets will be dropped (-j ACCEPT).
- iptables -A INPUT -p udp --dport $SERVERPORT -m string --hex-string "|ffffffff55|" --algo bm -j DROP
- This command adds a second rule. It signifies that UDP packets containing the string |ffffffff55| in hexadecimal format and directed to the specified port will be immediately dropped (-j DROP).

2. A2S_INFO:
- iptables -A INPUT -p udp --dport $SERVERPORT -m string --hex-string "|ffffffff54|" --algo bm -m limit --limit 50/s -j ACCEPT
- This command adds a rule for a different type of packets. UDP packets on the specified port, containing the string |ffffffff54| in hexadecimal format, will be allowed with a limit of 50 packets per second. If the packet rate exceeds 50 per second, additional packets will be dropped (-j ACCEPT).
- iptables -A INPUT -p udp --dport $SERVERPORT -m string --hex-string "|ffffffff54|" --algo bm -j DROP
- This command adds a second rule for packets with different data. UDP packets containing the string |ffffffff54| in hexadecimal format and directed to the specified port will be immediately dropped (-j DROP).

These rules use the string module of iptables to filter packets based on the content of the data. In this case, the filtering is done based on specific strings in hexadecimal format, presumably representing certain commands or requests that the server should handle or block.

As mentioned, during an attack your server will appear as offline for players outside your server! This option is just to protect your server from causing too high traffic.

A cacher is caching the result of the queries of your gameserver for a certain time (usually 1-2 seconds) and answering all incoming queries directly.

Usual way:
Client => Gameserver => Client

With a cacher:
Client => Cacher => Client

The advantage is that the gameserver is no longer involved in answering server queries.

I already saw some public cacher for srcds in the internet. Just google.
But, I found a better solution for me.
 

Пользователи, просматривающие эту тему

Сейчас на форуме нет ни одного пользователя.
Сверху Снизу