[bf1942] DoS against port 29900

ScratchMonkey ScratchMonkey at MatureAsskickers.net
Wed Oct 12 17:34:15 EDT 2005

--On Wednesday, October 12, 2005 9:35 AM -0700 James Gurney 
<james at globalmegacorp.org> wrote:

>  From the very little research I did on this last night, it sounds like
> it's theoretically possible for the ISP to block spoofed packets, which
> would seem to be the best solution all round. Or.. it may be possible to
> use iptables to rate limit the queries to the port, thus hugely reducing
> the impact of the flood.. I'll do some more research on this today..

Rate-limiting is your best bet. Tracking the offender requires cooperating 
routers all the way back to the real source.

Valve took a different approach: They send back a small packet with a token 
for the initial query. The bigger queries require that token to work. This 
ensures that you know who really sent the big query.

More information about the Bf1942 mailing list