[cod] CoD2 UDP flood

River Hosting info at riverhosting.nl
Tue Feb 7 10:49:06 EST 2012


So iptables helped blocking the incoming connections. Now the other issue:
the ougoing traffic (DDOS'ing other servers atm). What to do? Iptables don't
seem to help here.

Met vriendelijke groeten,
With kind regards,

Julian Maartens
River Hosting

info at riverhosting.nl
http://www.riverhosting.nl

-----Oorspronkelijk bericht-----
Van: Andrej Parovel [mailto:aparovel at gmail.com] 
Verzonden: vrijdag 3 februari 2012 12:37
Aan: Call of Duty server admin list.
Onderwerp: Re: [cod] CoD2 UDP flood

Hello,

Do you think 4 second is too much relaxed?

HLSW works only with 4second setting (iptables -A QUERY-CHECK -m 
hashlimit --hashlimit-mode srcip --hashlimit-name getstatus 
--hashlimit-above 4/second -j QUERY-BLOCK)

I will also monitor the traffic to see if the attacks starts again with 
less restrictive settings.

Thank you

Andrej

+386 31 247 707
aparovel at gmail.com


On 29.1.2012 20:22, B.M. Schiltmans wrote:
> From the top of my head, hlsw is using about 2 per second. So I'd try 
> 3 first, just to make sure your filter is as strict as possible.
> Adding your personal ip could fix your rcon problem, but players who 
> use hlsw to connect to your server are still going to have problem. So 
> I'd go with relaxing the filter a bit.
>
> Grtz
> Bram
>
> On 29-1-2012 20:10, John wrote:
>> On 1/29/2012 2:36 AM, Andrej Parovel wrote:
>>> Thank you, I assumed it was these iptables problem, because i had 
>>> never before these problems. With less strict do you mean these line:
>>>
>>> iptables -A QUERY-CHECK -m hashlimit --hashlimit-mode srcip 
>>> --hashlimit-name getstatus --hashlimit-above 2/second -j QUERY-BLOCK
>>>
>>> to rise up these value (2 second)? Or maybe some other too?
>>
>> Yes, you could raise that, to something like 4 or 5, possibly. You 
>> could also add a rule before the others that specifically permits 
>> access from your personal IP.
>>
>> It's odd that HLSW would be querying the server more than once per 
>> second, though.
>>
>> -John
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
_______________________________________________
cod mailing list
cod at icculus.org
http://icculus.org/mailman/listinfo/cod



More information about the cod mailing list