[bf1942] DoS against port 29900
ScratchMonkey at MatureAsskickers.net
Wed Oct 12 17:34:15 EDT 2005
--On Wednesday, October 12, 2005 9:35 AM -0700 James Gurney
<james at globalmegacorp.org> wrote:
> From the very little research I did on this last night, it sounds like
> it's theoretically possible for the ISP to block spoofed packets, which
> would seem to be the best solution all round. Or.. it may be possible to
> use iptables to rate limit the queries to the port, thus hugely reducing
> the impact of the flood.. I'll do some more research on this today..
Rate-limiting is your best bet. Tracking the offender requires cooperating
routers all the way back to the real source.
Valve took a different approach: They send back a small packet with a token
for the initial query. The bigger queries require that token to work. This
ensures that you know who really sent the big query.
More information about the Bf1942