@nitro
nitro, on 02 January 2012 - 07:41 PM, said:
This topic is here to help everyone - there isn't any need for the harsh comments, and the blatently untrue slander is not needed either - blocking every getstatus packet would not impose any latency issues at all with clients currently connected to the server as they dont need getstatus perhaps your internet connection wasnt up to scratch on saturday.
You really should adjust your Ironies detectors...
Quote
If you cant keep your rude opinions to yourself why bother to post here to try and help in the first place, I am only trying to do my bit to help other admins in this community, which you seem set to cause havoc with. I also said many times that there
Mhhhh - I've replied to you because my intend was to _help_ to. You're Settings in the Post of that I've answered in the _first place_ will cause Problems on many servers out there.
Quote
are multiple games based on the q3 engine that run on different ports between 27k and 29k, sure the whitelist probably doesnt need that however its was just a simple solution.
I do not disavow that. My Settings will protect Q3A and other games based on that engine to. But why talking here about other games - I kind of thought that this is the UrT Forum. And who the Heck uses _2000_ Gameservers on _one_ Machine? Maybe Gamehosters but not on _one_ box that much.
To Bring it to an end:
Maybe I was rude, the reason for that was that you claim that the _Settings_ in your Solution are _the_ right ones and they aren't - that easy.
Your iptables ruleset will work for sure but your _harsh Settings_ will cause problems
Just because it will work on _your_ server means not it will work on _all_ Servers.
@Derfull
Quote
It's a more elegant way than our bunch of rules.
Thank you :)
Quote
But the attackers also use the expression defined in the first rule.
They surely have to, because the Server expects _0x1c=0xffffffff_ as begin of every "conversation" with him.
So you can talk with _every_ Server out there based on the Q3A engine. Try this:
printf '\xFF\xFF\xFF\xFFgetstatus\n' | nc -u -n -w 1 188.40.128.151 47960
That will bring the getstatus reply of my Playground to your console.
<jokemode>
If you replace getstatus with getchallenge and you can give the right answers you can play it on your console. HARHARHAR
</jokemode>
I do not want to explain the whole rcon protocoll here, ask the guys from FS or ioquake to get more infos about it :)
Quote
We can use the string "getstatus" instead of the hexadecimal form you used and drop packets if it reach the hit count limit
That happens here:
iptables -A urt_drdos -m u32 --u32 "0x20=0x67657473&&0x24=0x74617475&&0x25&0xff=0x73" -m recent --name getstatus --set
Quote
Maybe we can merge our point of view ;)
We can for sure!
I would love to see that all admins out there that search for a solution will find it in this thread.
As I said in all my Replys: -> Your Settings will work for sure <-
The only reason why I replied was that a Hitcount of 3/ sec is to harsh - it will cause problems.
And in other way than nitro I do not claim that my solution is the best one and insist like a child: On my server it worked well, all is good, I make the things harsher than before because I'm _the_ admin.
I hope both of you get my point of view in the right way.
@nitro again:
I do Networking stuff for more than 20 years now (omg I'm old o.O) and host since Q3A the one or other gameserver - after that long time you become _automaticly_ rude.
Greetings from BOFH :)
I wrote it 2 times before -> EOD (EndOfDiscussion)
PS.
When you are interested we can talk in IRC, Mail or PM to get the best of the best of the best SIR! out of all Solutions and how to get the world domination (but be aware that I'm Brain)
--
ItsMe