[cod] CoD2 UDP flood

Geoff Goas gitman at gmail.com
Fri Feb 24 03:54:19 EST 2012


That is strange, because if I use those values, it does not work. If I use
"--from 31" alone, then it works. As soon as I change that to 32, it stops
working. When I inspect the packets in Wireshark, the "getstatus" string
starts at offset 48 if counting from 1. Would there be a way for iptables
to print to log what it sees in the specified offset range?

On Fri, Feb 24, 2012 at 3:28 AM, Luca Farflame Fabbro <
farflame at cybergames.it> wrote:

> It doesn't matter the length of the packet.
> That rule will try to find the string "gestatus" starting at position 32
> bytes from start of packet and searching for it at maximum at position 41.
> The Q3 protocol for that command expects the string to be in that range.
>
> On Feb 24, 2012, at 1:11 AM, Geoff Goas wrote:
>
> Is the offset range of 32-41 based on a 60-byte packet?
>
> On Thu, Feb 23, 2012 at 10:34 AM, Marco Padovan <evcz at evcz.tk> wrote:
>
>>  iptables -A INPUT -p udp -m string --string "getstatus" --algo bm --from
>> 32 --to 41 -j DROP
>>
>> --
> *Geoff Goas
> Systems Engineer*
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
>
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
>


-- 
*Geoff Goas
Systems Engineer*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20120224/1c8cb5de/attachment.htm>


More information about the cod mailing list