<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
You can try this:<br>
<br>
/sbin/iptables -A OUTPUT -p UDP -m length --length 1162:1168 -j DROP<br>
/sbin/iptables -A FORWARD -p UDP -m length --length 1162:1168 -j
DROP<br>
/sbin/iptables -A INPUT -p UDP -m length --length 1162:1168 -j DROP<br>
/sbin/iptables -A INPUT -p UDP -m length --length 42 -m recent --set
--name getstatus_cod<br>
/sbin/iptables -A INPUT -p UDP -m string --algo bm --string
"getstatus" -m recent --update --seconds 1 --hitcount 20 --name
getstatus_cod -j DROP<br>
<br>
This prevents your servers to be exploitable. If you are the target
there's nothing in your hand to take UDP floods down, only your ISP
can blackhole offending IPS<br>
<br>
El 06/01/12 20:48, Goas escribió:
<blockquote
cite="mid:46A006D8-713B-48CA-96F0-BDE53275D6EB@g-portal.de"
type="cite">
<div>Could someone poste those ip tables</div>
<div><br>
Am 06.01.2012 um 20:43 schrieb NewLight Systems <<a
moz-do-not-send="true" href="mailto:nls@newlightsystems.com">nls@newlightsystems.com</a>>:<br>
<br>
</div>
<blockquote type="cite">
<div>
<meta content="text/html; charset=UTF-8"
http-equiv="Content-Type">
There's a dll that fixed that on windows and iptables rules on
linux<br>
<br>
El 06/01/12 20:08, Bong escribió:
<blockquote
cite="mid:B71C1847C6D945559357392B05D12A45@KupiosPC"
type="cite"> <br>
Our servers are also down now untill there is a fix but i am
also on a win server :( <br>
-----Original Message----- From: RedDragon <br>
Sent: Friday, January 06, 2012 9:33 AM <br>
To: Call of Duty server admin list. <br>
Subject: [cod] COD 4 UDP security leak <br>
<br>
Hi Guys, <br>
is there a practical solution to fix the udp security
problem? Our <br>
servers were also a target. <br>
We have turned off the servers for now till a logtime
solution patch is <br>
out there. <br>
<br>
@rayn <br>
Is it possible to release the last quick patch as an offical
one? <br>
<br>
Greetz <br>
RedDragon <br>
_______________________________________________ <br>
cod mailing list <br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:cod@icculus.org">cod@icculus.org</a> <br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
<br>
<br>
<br>
--- <br>
avast! Antivirus: Inbound message clean. <br>
Virus Database (VPS): 120106-0, 06/01/2012 <br>
Tested on: 06/01/2012 19:00:41 <br>
avast! - copyright (c) 1988-2012 AVAST Software. <br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.avast.com">http://www.avast.com</a> <br>
<br>
<br>
<br>
<br>
--- <br>
avast! Antivirus: Outbound message clean. <br>
Virus Database (VPS): 120106-0, 06/01/2012 <br>
Tested on: 06/01/2012 19:08:07 <br>
avast! - copyright (c) 1988-2012 AVAST Software. <br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.avast.com">http://www.avast.com</a> <br>
<br>
<br>
<br>
_______________________________________________ <br>
cod mailing list <br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:cod@icculus.org">cod@icculus.org</a> <br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
<br>
<br>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<meta http-equiv="Content-Style-Type" content="text/css">
<title></title>
<meta name="Generator" content="Cocoa HTML Writer">
<meta name="CocoaVersion" content="949.54">
<p class="p1"><br>
</p>
<p class="p2"><b>David Aguilar Valero</b></p>
<p class="p3">Dpto. Comercial y Soporte técnico</p>
<p class="p3">NewLight Systems</p>
<p class="p2"><b>Servidores de juegos, HW, Dedicados</b></p>
<p class="p4"><br>
</p>
<p class="p5"><span class="s1"><a moz-do-not-send="true"
href="mailto:c"><b>crk01@nls.es</b></a></span></p>
<p class="p5"><span class="s1"><a moz-do-not-send="true"
href="mailto:crk01@newlightsystems.com">crk01@newlightsystems.com</a></span></p>
<p class="p5"><span class="s1"><a moz-do-not-send="true"
href="mailto:tecnico@newlightsystems.com">tecnico@newlightsystems.com</a></span></p>
<p class="p3">#NewLight_Systems @ <a moz-do-not-send="true"
href="http://irc-hispano.org">irc-hispano.org</a></p>
<p class="p5"><span class="s1"><a moz-do-not-send="true"
href="http://www.newlightsystems.com/"><b>www.newlightsystems.com</b></a></span></p>
<p class="p5"><span class="s1"><a moz-do-not-send="true"
href="http://www.nls.es/"><b>www.nls.es</b></a></span></p>
<p class="p6">This email and any files or attachments
transmitted with it are intended solely for the use of the
intended recipient. This email is confidential and may
contain legally privileged information. If you are not the
intended recipient you should not read, disseminate,
distribute, or copy this email. If you have received this
email in error, please notify the sender immediately and
delete it from your system.</p>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>cod mailing list</span><br>
<span><a moz-do-not-send="true" href="mailto:cod@icculus.org">cod@icculus.org</a></span><br>
<span><a moz-do-not-send="true"
href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a></span><br>
</div>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
cod mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Content-Style-Type" content="text/css">
<title></title>
<meta name="Generator" content="Cocoa HTML Writer">
<meta name="CocoaVersion" content="949.54">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Times; min-height: 14.0px}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Courier; color: #2e3bfb}
p.p3 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Courier}
p.p4 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Courier; min-height: 14.0px}
p.p5 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Courier; color: #0018ea}
p.p6 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Times}
span.s1 {text-decoration: underline}
</style>
<p class="p1"><br>
</p>
<p class="p2"><b>David Aguilar Valero</b></p>
<p class="p3">Dpto. Comercial y Soporte técnico</p>
<p class="p3">NewLight Systems</p>
<p class="p2"><b>Servidores de juegos, HW, Dedicados</b></p>
<p class="p4"><br>
</p>
<p class="p5"><span class="s1"><a href="mailto:c"><b>crk01@nls.es</b></a></span></p>
<p class="p5"><span class="s1"><a
href="mailto:crk01@newlightsystems.com">crk01@newlightsystems.com</a></span></p>
<p class="p5"><span class="s1"><a
href="mailto:tecnico@newlightsystems.com">tecnico@newlightsystems.com</a></span></p>
<p class="p3">#NewLight_Systems @ irc-hispano.org</p>
<p class="p5"><span class="s1"><a
href="http://www.newlightsystems.com/"><b>www.newlightsystems.com</b></a></span></p>
<p class="p5"><span class="s1"><a href="http://www.nls.es/"><b>www.nls.es</b></a></span></p>
<p class="p6">This email and any files or attachments transmitted
with it are intended solely for the use of the intended
recipient. This email is confidential and may contain legally
privileged information. If you are not the intended recipient
you should not read, disseminate, distribute, or copy this
email. If you have received this email in error, please notify
the sender immediately and delete it from your system.</p>
</div>
</body>
</html>