[cod] Hey everyone
Boyd G. Gafford Ph.D.
drboyd at westportresearch.com
Thu Feb 23 17:12:55 EST 2012
Hey everyone, EscapedTurkey told me about this group, and so I Just
wanted to say a quick hello.
I'm the guy who got frustrated enough with UDP flood attacks that I
wrote ServerArk to deal with the majority of them. If anyone has any
questions about the program, or any ideas on what they would like to see
in it in the future, by all means let me know.
Since I've been using it on our JA (Q3 protocol) servers
(http://elitewarriors.net) its blocked about 20 high volume attacks (one
at 64Mbps) successfully over the past few months. As long as the source
IP of the UDP flood is not random, it works really well.
I have a few new ideas on flood detection on random IP attacks I will
ping off your guys over the next few days to see what you think.
Also kudos to whoever did the "I don't want to participate in reflection
attacks" iptables rule that matches off of the 'getstatus' UDP packet
payload. If everyone who had a Q3 protocol server (COD, JA, etc) had
that rule running reflection attacks would be a LOT less potent.
:)
Thanks,
/Boyd/
/__________________________________
Boyd G. Gafford Ph.D.
Manager of Software Development
Westport Research Associates Inc.
7001 Blue Ridge Blvd
Raytown, MO 64133
(816) 358-8990
drboyd at westportresearch.com
/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20120223/750b67d1/attachment.htm>
More information about the cod
mailing list