[cod] CoD2 UDP flood
Luca Farflame Fabbro
farflame at cybergames.it
Fri Feb 24 03:28:57 EST 2012
It doesn't matter the length of the packet.
That rule will try to find the string "gestatus" starting at position 32 bytes from start of packet and searching for it at maximum at position 41.
The Q3 protocol for that command expects the string to be in that range.
On Feb 24, 2012, at 1:11 AM, Geoff Goas wrote:
> Is the offset range of 32-41 based on a 60-byte packet?
>
> On Thu, Feb 23, 2012 at 10:34 AM, Marco Padovan <evcz at evcz.tk> wrote:
> iptables -A INPUT -p udp -m string --string "getstatus" --algo bm --from 32 --to 41 -j DROP
>
> --
> Geoff Goas
> Systems Engineer
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20120224/cf0df9f8/attachment.htm>
More information about the cod
mailing list