[cod] Problem with UDP flood
Luca Farflame Fabbro
farflame at cybergames.it
Mon Apr 16 04:26:48 EDT 2012
Hi,
On Apr 13, 2012, at 9:53 PM, Marco Padovan wrote:
> Btw since 2days I got a box having constant 12mbit/sec incoming (even when having 0kbit/sec outgoing) ... there's nothing you can do about it... incoming intraffic comes in even if you ban every single ip....
We had almost the same situation, about 8mbit/sec of incoming traffic per sever instance of COD2. We shut down the server some days before it reached this high level of incoming spoofed packets (I think we shut them down about two weeks ago) the servers were protected by iptables but this doesn't matter as we receive it also now that the servers are down. The worst part it that if you trace the attacked IP's most of them are null routed or suffer an high pl (> 90%) and this means that a great number of server aren't protected and are reflecting the attack.
Probably we'll wait for a fix that will never come, as this seems to be the only deterrent for the attackers. Now they use lists, that aren't taken from the master servers, and probably they only check if the attack has the expected result of "taking" the server offline.
If you ask your ISP to drop the packets coming from the spoofed IP's you'll have to do this about once a day as it seems that every day they change the attacked host. If you have the graphs of the traffic you'll notice that almost every day there is a decrease of traffic and after some time it raises again to previous level, at this point if you check which are the spoofed IP's you'll notice that some of them are changed.
Regards
Luca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20120416/ed311deb/attachment.htm>
More information about the cod
mailing list