[cod] CoD2 UDP flood

River Hosting info at riverhosting.nl
Tue Feb 7 12:23:22 EST 2012


Traffic dropped a bit, though for now it's still too high. I'll let ya know if it worked. :) Thanks!

Met vriendelijke groeten,

Julian Maartens
River Hosting

info at riverhosting.nl
http://www.riverhosting.nl


-----Oorspronkelijk bericht-----
Van: feugatos [mailto:feugatos at ceidwarfare.net] 
Verzonden: dinsdag 7 februari 2012 17:23
Aan: Call of Duty server admin list.
Onderwerp: Re: [cod] CoD2 UDP flood

I don't know if this has already been mentioned here, but I use this script:

http://et-zone.de/downloads/?action=download&id=14

It's supposed to protect q3 based engines from the getStatus exploit 
(which includes CoD servers).
I use it and I'm pretty happy with the results. It has already banned 
lots of attackers.
Give it a try.

To run it you need iptables and tcpdump.

Demetri.

On 7/2/2012 5:49 μμ, River Hosting wrote:
> So iptables helped blocking the incoming connections. Now the other issue:
> the ougoing traffic (DDOS'ing other servers atm). What to do? Iptables don't
> seem to help here.
>
> Met vriendelijke groeten,
> With kind regards,
>
> Julian Maartens
> River Hosting
>
> info at riverhosting.nl
> http://www.riverhosting.nl
>
> -----Oorspronkelijk bericht-----
> Van: Andrej Parovel [mailto:aparovel at gmail.com]
> Verzonden: vrijdag 3 februari 2012 12:37
> Aan: Call of Duty server admin list.
> Onderwerp: Re: [cod] CoD2 UDP flood
>
> Hello,
>
> Do you think 4 second is too much relaxed?
>
> HLSW works only with 4second setting (iptables -A QUERY-CHECK -m
> hashlimit --hashlimit-mode srcip --hashlimit-name getstatus
> --hashlimit-above 4/second -j QUERY-BLOCK)
>
> I will also monitor the traffic to see if the attacks starts again with
> less restrictive settings.
>
> Thank you
>
> Andrej
>
> +386 31 247 707
> aparovel at gmail.com
>
>
> On 29.1.2012 20:22, B.M. Schiltmans wrote:
>>  From the top of my head, hlsw is using about 2 per second. So I'd try
>> 3 first, just to make sure your filter is as strict as possible.
>> Adding your personal ip could fix your rcon problem, but players who
>> use hlsw to connect to your server are still going to have problem. So
>> I'd go with relaxing the filter a bit.
>>
>> Grtz
>> Bram
>>
>> On 29-1-2012 20:10, John wrote:
>>> On 1/29/2012 2:36 AM, Andrej Parovel wrote:
>>>> Thank you, I assumed it was these iptables problem, because i had
>>>> never before these problems. With less strict do you mean these line:
>>>>
>>>> iptables -A QUERY-CHECK -m hashlimit --hashlimit-mode srcip
>>>> --hashlimit-name getstatus --hashlimit-above 2/second -j QUERY-BLOCK
>>>>
>>>> to rise up these value (2 second)? Or maybe some other too?
>>> Yes, you could raise that, to something like 4 or 5, possibly. You
>>> could also add a rule before the others that specifically permits
>>> access from your personal IP.
>>>
>>> It's odd that HLSW would be querying the server more than once per
>>> second, though.
>>>
>>> -John
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod

_______________________________________________
cod mailing list
cod at icculus.org
http://icculus.org/mailman/listinfo/cod



More information about the cod mailing list