TSource query engine attack

Статус
В этой теме нельзя размещать новые ответы.
Сообщения
18
Реакции
3
Ошибка
No error. Server offline in favorites, HLSW and gametracker
ОС
Linux
Amx Mod X
AMX Mod X 1.8.2
Билд
ReHLDS version: 3.4.0.668-dev
ReGamedll
ReGameDLL version: 5.7.0.312-dev
Версия Metamod
Metamod-r v1.3.0.128
Список метамодулей
[ 1] SafeNameAndChat  RUN   -    SafeNameAndChat.so        v1.1            ini  ANY   ANY  
[ 2] AMX Mod X RUN - amxmodx_mm_i386.so v1.8.2 ini Start ANY
[ 3] Reunion RUN - reunion_mm_i386.so v0.1.0.133 ini Start Never
[ 4] WHBlocker RUN - whblocker_mm_i386.so v1.5.695 ini Chlvl ANY
[ 5] Revoice RUN - revoice_mm_i386.so v0.1.0.32 ini Start Never
[ 6] ReAuthCheck RUN - reauthcheck_mm_i386.so v0.1.6 ini Start Never
[ 7] Rechecker RUN - rechecker_mm_i386.so v2.5 ini Chlvl ANY
[ 8] ReSemiclip RUN - resemiclip_mm_i386.so v2.3.9 ini Chlvl ANY
[ 9] Fun RUN - fun_amxx_i386.so v1.8.2 pl2 ANY ANY
[10] Engine RUN - engine_amxx_i386.so v1.8.2 pl2 ANY ANY
[11] FakeMeta RUN - fakemeta_amxx_i386.so v1.8.2 pl2 ANY ANY
[12] CStrike RUN - cstrike_amxx_i386.so v1.8.2-dev-fix pl2 ANY ANY
[13] CSX RUN - csx_amxx_i386.so v1.8.2 pl2 ANY ANY
[14] Ham Sandwich RUN - hamsandwich_amxx_i386.so v1.8.2 pl2 ANY ANY
[15] MySQL RUN - mysql_amxx_i386.so v1.8.2 pl2 ANY ANY
[16] ReAPI RUN - reapi_amxx_i386.so v5.6.0.156-dev pl2 ANY Never
[17] CSDM2 RUN - csdm_amxx_i386.so v2.1.3c-KWo pl2 ANY ANY
Список плагинов
Not relevant
Hi,

For the past couple of days my server is being attacked with HLDS amplification attack.
I have a VPS rented with debian 9 on it.
I have bought the module by Fire/Asmodai and applied the iptables rules, but the attacks are still successful.

tcpdump shows the following:


Код:
    129.138.114.195.19232 > x.x.x.x.27015: [udp sum ok] UDP, length 25

        0x0000:  d4be d9b6 efa2 0027 0dfd b540 0800 45e0  .......'[email protected].

        0x0010:  0035 7003 0000 7011 75e5 818a 72c3 5d7b  .5p...p.u...r.]{

        0x0020:  1227 4b20 6989 0021 2859 ffff ffff 5453  .'K.i..!(Y....TS

        0x0030:  6f75 7263 6520 456e 6769 6e65 2051 7565  ource.Engine.Que^C

        0x0040:  7279 00                                  ry.
I have also noticed this in the tcpdump (from a lot of different servers):


Код:
    89.40.233.58.27015 > x.x.x.x.27015: [udp sum ok] UDP, length 116
        0x0000:  d4be d9b6 efa2 0027 0dfd b540 0800 45e0  .......'[email protected].
        0x0010:  0090 4fba 0000 f611 c1bd 5928 e93a 5d7b  ..O.......Y(.:]{
        0x0020:  1227 6987 6989 007c b4ae ffff ffff 4930  .'i.i..|......I0
        0x0030:  4d69 7831 2e4c 614c 6561 6761 6e65 2e52  Mix1.LaLeagane.R
        0x0040:  6f20 2320 5473 2e4c 616c 6561 6761 6e65  o.#.Ts.Laleagane
        0x0050:  2e52 6f00 6465 5f64 7573 7432 0063 7374  .Ro.de_dust2.cst
        0x0060:  7269 6b65 0043 6f75 6e74 6572 2d53 7472  rike.Counter-Str^C
        0x0070:  696b 6500 0a00 000e 0064 6c00 0131 2e31  ike......dl..1.1
        0x0080:  2e32 2e37 2f53 7464 696f 0091 8769 08fc  .2.7/Stdio...i..
        0x0090:  33fa 9d2e 4001 0a00 0000 0000 0000       3...@.........
Iptables packets accepted/dropped:

Код:
   36492  2120910 ACCEPT     udp  --               0.0.0.0/0            0.0.0.0/0            udp dpts:27015:27016cs 1.6 packet

  965376 40239110 DROP       udp  --               0.0.0.0/0            0.0.0.0/0            udp dpts:27015:27016
Is there a new kind of attack? The module from Fire should be able to mitigate this? I have pm'd him but he's not online.
 
Последнее редактирование:
Статус
В этой теме нельзя размещать новые ответы.

Пользователи, просматривающие эту тему

Сейчас на форуме нет ни одного пользователя.
Сверху Снизу