<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I've with this rules since some months ago and no problem.<br>
<br>
The key is that:<br>
<br>
<pre wrap="">/sbin/iptables -A INPUT -p UDP -m length --length 42 -m recent --set
--name getstatus_cod
/sbin/iptables -A INPUT -p UDP -m string --algo bm --string "getstatus"
-m recent --update --seconds 1 --hitcount 20 --name getstatus_cod -j DROP</pre>
If hitcount isn't overloaded packets are accepted<br>
<br>
El 06/01/12 22:39, Jeff Love escribió:
<blockquote
cite="mid:f384d360c64c3456c9824cba21ac4ea8.squirrel@atomic.burgh.net"
type="cite">
<pre wrap="">Are we sure that a getstatus packet length is 42, and that there are no legitimate client packet
length 1162-1168?
If so, this seems like a good fix. I just want to be sure I'm not blocking legitimate client packets.
Jeff Love
Burgh Gaming
</pre>
<blockquote type="cite">
<pre wrap="">You can try this:
/sbin/iptables -A OUTPUT -p UDP -m length --length 1162:1168 -j DROP
/sbin/iptables -A FORWARD -p UDP -m length --length 1162:1168 -j DROP
/sbin/iptables -A INPUT -p UDP -m length --length 1162:1168 -j DROP
/sbin/iptables -A INPUT -p UDP -m length --length 42 -m recent --set
--name getstatus_cod
/sbin/iptables -A INPUT -p UDP -m string --algo bm --string "getstatus"
-m recent --update --seconds 1 --hitcount 20 --name getstatus_cod -j DROP
This prevents your servers to be exploitable. If you are the target
there's nothing in your hand to take UDP floods down, only your ISP can
blackhole offending IPS
</pre>
</blockquote>
<pre wrap="">
_______________________________________________
cod mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Content-Style-Type" content="text/css">
<title></title>
<meta name="Generator" content="Cocoa HTML Writer">
<meta name="CocoaVersion" content="949.54">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Times; min-height: 14.0px}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Courier; color: #2e3bfb}
p.p3 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Courier}
p.p4 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Courier; min-height: 14.0px}
p.p5 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Courier; color: #0018ea}
p.p6 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Times}
span.s1 {text-decoration: underline}
</style>
<p class="p1"><br>
</p>
<p class="p2"><b>David Aguilar Valero</b></p>
<p class="p3">Dpto. Comercial y Soporte técnico</p>
<p class="p3">NewLight Systems</p>
<p class="p2"><b>Servidores de juegos, HW, Dedicados</b></p>
<p class="p4"><br>
</p>
<p class="p5"><span class="s1"><a href="mailto:c"><b>crk01@nls.es</b></a></span></p>
<p class="p5"><span class="s1"><a
href="mailto:crk01@newlightsystems.com">crk01@newlightsystems.com</a></span></p>
<p class="p5"><span class="s1"><a
href="mailto:tecnico@newlightsystems.com">tecnico@newlightsystems.com</a></span></p>
<p class="p3">#NewLight_Systems @ irc-hispano.org</p>
<p class="p5"><span class="s1"><a
href="http://www.newlightsystems.com/"><b>www.newlightsystems.com</b></a></span></p>
<p class="p5"><span class="s1"><a href="http://www.nls.es/"><b>www.nls.es</b></a></span></p>
<p class="p6">This email and any files or attachments transmitted
with it are intended solely for the use of the intended
recipient. This email is confidential and may contain legally
privileged information. If you are not the intended recipient
you should not read, disseminate, distribute, or copy this
email. If you have received this email in error, please notify
the sender immediately and delete it from your system.</p>
</div>
</body>
</html>