Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › TF2 server packet flooding
New Posts  All Forums:Forum Nav:

TF2 server packet flooding

post #1 of 12
Thread Starter 
I posted this in the networking section, but it sat with no responses for several days. So I turn to the more reliable section. Help is much appreciated.

I'm not good with networking, but a friend of mine is managing a server which occasionally gets massive lag spikes, and he pinpointed it to a flood of 40-80mb/s packets during random times. He decided to do some packet filtering with iptables by limiting UDP to 10 packets/s.

These are the rules he will be adding. Is this sufficient, or is there a better way to accomplish this?

Quote:
iptables -N QUERYLIMIT
iptables -A QUERYLIMIT -m hashlimit --hashlimit-mode dstport --hashlimit-name srcdsquery --hashlimit 20/s --hashlimit-burst 10 -j ACCEPT
iptables -A QUERYLIMIT -j DROP
iptables -N QUERY
iptables -A QUERY -p udp -m udp -m string --algo bm --hex-string '|ffffffff54|' -j QUERYLIMIT
iptables -A QUERY -p udp -m udp -m string --algo bm --hex-string '|ffffffff55|' -j QUERYLIMIT
iptables -A QUERY -p udp -m udp -m string --algo bm --hex-string '|ffffffff56|' -j QUERYLIMIT
iptables -A QUERY -p udp -m udp -m string --algo bm --hex-string '|ffffffff57|' -j QUERYLIMIT
iptables -I INPUT 15 -p udp --dport 29000:30000 -j QUERY
Deimos
(13 items)
 
Pluto
(18 items)
 
 
CPUMotherboardGraphicsRAM
AMD 1090T Biostar TA890FXE Nvidia GTX 470 Corsair Vengence 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 MZ-7PC128D/AM Western Digital Black Western Digital Green Western Digital Blue 
CoolingOSOSMonitor
Dtek v2 Water Windows 7 Pro Fedora 16 LG4250 42" LCD TV 
KeyboardPowerCaseMouse
Microsoft Ergo Silverstone ST-1000P Cooler Master Cosmos 1000 Logitech G500 
Mouse PadAudio
X-Trac Ripper Asus D1 
  hide details  
Reply
Deimos
(13 items)
 
Pluto
(18 items)
 
 
CPUMotherboardGraphicsRAM
AMD 1090T Biostar TA890FXE Nvidia GTX 470 Corsair Vengence 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 MZ-7PC128D/AM Western Digital Black Western Digital Green Western Digital Blue 
CoolingOSOSMonitor
Dtek v2 Water Windows 7 Pro Fedora 16 LG4250 42" LCD TV 
KeyboardPowerCaseMouse
Microsoft Ergo Silverstone ST-1000P Cooler Master Cosmos 1000 Logitech G500 
Mouse PadAudio
X-Trac Ripper Asus D1 
  hide details  
Reply
post #2 of 12
Looks like somebody is trying to crash the server.... I could be wrong, but people will do that.
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
post #3 of 12
Thread Starter 
Quote:
Originally Posted by mushroomboy View Post
Looks like somebody is trying to crash the server.... I could be wrong, but people will do that.
Yeah, that's most likely what's going on. The server doesn't crash when it happens, but will lag hard, with everyone in the 800s for about 30s-60s, and this is somewhat of a solution to thwart it.
Deimos
(13 items)
 
Pluto
(18 items)
 
 
CPUMotherboardGraphicsRAM
AMD 1090T Biostar TA890FXE Nvidia GTX 470 Corsair Vengence 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 MZ-7PC128D/AM Western Digital Black Western Digital Green Western Digital Blue 
CoolingOSOSMonitor
Dtek v2 Water Windows 7 Pro Fedora 16 LG4250 42" LCD TV 
KeyboardPowerCaseMouse
Microsoft Ergo Silverstone ST-1000P Cooler Master Cosmos 1000 Logitech G500 
Mouse PadAudio
X-Trac Ripper Asus D1 
  hide details  
Reply
Deimos
(13 items)
 
Pluto
(18 items)
 
 
CPUMotherboardGraphicsRAM
AMD 1090T Biostar TA890FXE Nvidia GTX 470 Corsair Vengence 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 MZ-7PC128D/AM Western Digital Black Western Digital Green Western Digital Blue 
CoolingOSOSMonitor
Dtek v2 Water Windows 7 Pro Fedora 16 LG4250 42" LCD TV 
KeyboardPowerCaseMouse
Microsoft Ergo Silverstone ST-1000P Cooler Master Cosmos 1000 Logitech G500 
Mouse PadAudio
X-Trac Ripper Asus D1 
  hide details  
Reply
post #4 of 12
Limiting it should work, you could probably set a firewall to ignore too. Like if an IP is sending too many packets, just set the rules for determining how much is too much. lol I haven't set up a firewall in a long, long time. I never did any ignore rules like that either, but if I had this problem that's where I'd venture to do research.
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
post #5 of 12
its better to do it so the server monitors each connected ip, and disconnects a person who packet floods by ignoring thier connection to it all together....if only i could remeber the code i used on my HLDM server >.>
Orange Angel
(23 items)
 
 
BOINC me! (TM)
(9 items)
 
CPUMotherboardGraphicsRAM
i5 2500k @ 4.8Ghz ASUS P8Z77-I Deluxe  Visiontek RX 480 [EK FC nickel/Acetal] 16GB Mushkin Blackline 2133mhz @11-11-11-31-1T 
Hard DriveHard DriveHard DriveCooling
Samsung 840 EVO 120GB Crucial M300 1TB Seagate Firecuda 2TB EK Supreme LTX CSQ [Canadian Special Edition] 
CoolingCoolingCoolingCooling
MCP 35X 10W W/ EK CSQ X-TOP EK Coolstream PE 240 Bitspower Multi Tank 80 Bitspower Matte Black Rotary Fittings/ Feser Ma... 
OSMonitorMonitorKeyboard
Windows 10 Professional 64-Bit Samsung 32 Inch 4K TV Acer S231H NKPC V60 65% custom  
PowerCaseMouseMouse Pad
Corsair HX750 Fractal Design Define Nano S Razer Deathadder 2013 Stelseries QCK+ 
AudioOther
Astro A40 TR+ Mixamp Pro AKRacing Arctica Gaming Chair 
CPUCPUCoolingPower
Antminer S3 Antminer S3 4x Cougar Vortex V12-HP PWM Fans EVGA 500B 500W PSU, Corsair GS700 700W PSU 
Case
2x Factory S3 Steel Cowl Case 
CPUMotherboardGraphicsGraphics
i5 750 EVGA P55 Classified 200 XFX Radeon 6850 Refrerence XFX Radeon 5770 XXX 
RAMHard DriveCoolingOS
16GB Kingston HyperX Genesis DDR3 WD Caviar RE 250GB Coolermaster Hyper 212+ windows 7 64 bit 
Power
Corsair GS600 
  hide details  
Reply
Orange Angel
(23 items)
 
 
BOINC me! (TM)
(9 items)
 
CPUMotherboardGraphicsRAM
i5 2500k @ 4.8Ghz ASUS P8Z77-I Deluxe  Visiontek RX 480 [EK FC nickel/Acetal] 16GB Mushkin Blackline 2133mhz @11-11-11-31-1T 
Hard DriveHard DriveHard DriveCooling
Samsung 840 EVO 120GB Crucial M300 1TB Seagate Firecuda 2TB EK Supreme LTX CSQ [Canadian Special Edition] 
CoolingCoolingCoolingCooling
MCP 35X 10W W/ EK CSQ X-TOP EK Coolstream PE 240 Bitspower Multi Tank 80 Bitspower Matte Black Rotary Fittings/ Feser Ma... 
OSMonitorMonitorKeyboard
Windows 10 Professional 64-Bit Samsung 32 Inch 4K TV Acer S231H NKPC V60 65% custom  
PowerCaseMouseMouse Pad
Corsair HX750 Fractal Design Define Nano S Razer Deathadder 2013 Stelseries QCK+ 
AudioOther
Astro A40 TR+ Mixamp Pro AKRacing Arctica Gaming Chair 
CPUCPUCoolingPower
Antminer S3 Antminer S3 4x Cougar Vortex V12-HP PWM Fans EVGA 500B 500W PSU, Corsair GS700 700W PSU 
Case
2x Factory S3 Steel Cowl Case 
CPUMotherboardGraphicsGraphics
i5 750 EVGA P55 Classified 200 XFX Radeon 6850 Refrerence XFX Radeon 5770 XXX 
RAMHard DriveCoolingOS
16GB Kingston HyperX Genesis DDR3 WD Caviar RE 250GB Coolermaster Hyper 212+ windows 7 64 bit 
Power
Corsair GS600 
  hide details  
Reply
post #6 of 12
Get a tcpdump when it's happening so you can actually see what the problem is isn't of making assumptions.
post #7 of 12
Thread Starter 
Quote:
Originally Posted by Jimi View Post
Get a tcpdump when it's happening so you can actually see what the problem is isn't of making assumptions.
I'll ask him to get a dump, but it's udp, not tcp in nature.

It hasn't happened recently, so it either helped, or just hasn't been flooded.
Deimos
(13 items)
 
Pluto
(18 items)
 
 
CPUMotherboardGraphicsRAM
AMD 1090T Biostar TA890FXE Nvidia GTX 470 Corsair Vengence 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 MZ-7PC128D/AM Western Digital Black Western Digital Green Western Digital Blue 
CoolingOSOSMonitor
Dtek v2 Water Windows 7 Pro Fedora 16 LG4250 42" LCD TV 
KeyboardPowerCaseMouse
Microsoft Ergo Silverstone ST-1000P Cooler Master Cosmos 1000 Logitech G500 
Mouse PadAudio
X-Trac Ripper Asus D1 
  hide details  
Reply
Deimos
(13 items)
 
Pluto
(18 items)
 
 
CPUMotherboardGraphicsRAM
AMD 1090T Biostar TA890FXE Nvidia GTX 470 Corsair Vengence 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 MZ-7PC128D/AM Western Digital Black Western Digital Green Western Digital Blue 
CoolingOSOSMonitor
Dtek v2 Water Windows 7 Pro Fedora 16 LG4250 42" LCD TV 
KeyboardPowerCaseMouse
Microsoft Ergo Silverstone ST-1000P Cooler Master Cosmos 1000 Logitech G500 
Mouse PadAudio
X-Trac Ripper Asus D1 
  hide details  
Reply
post #8 of 12
Quote:
Originally Posted by esocid View Post
I'll ask him to get a dump, but it's udp, not tcp in nature.

It hasn't happened recently, so it either helped, or just hasn't been flooded.
tcpdump dumps both protocols...
post #9 of 12
Thread Starter 
Quote:
Originally Posted by Jimi View Post
tcpdump dumps both protocols...
Oh, my bad. Like I said, I'm no networking wizard at all.
Deimos
(13 items)
 
Pluto
(18 items)
 
 
CPUMotherboardGraphicsRAM
AMD 1090T Biostar TA890FXE Nvidia GTX 470 Corsair Vengence 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 MZ-7PC128D/AM Western Digital Black Western Digital Green Western Digital Blue 
CoolingOSOSMonitor
Dtek v2 Water Windows 7 Pro Fedora 16 LG4250 42" LCD TV 
KeyboardPowerCaseMouse
Microsoft Ergo Silverstone ST-1000P Cooler Master Cosmos 1000 Logitech G500 
Mouse PadAudio
X-Trac Ripper Asus D1 
  hide details  
Reply
Deimos
(13 items)
 
Pluto
(18 items)
 
 
CPUMotherboardGraphicsRAM
AMD 1090T Biostar TA890FXE Nvidia GTX 470 Corsair Vengence 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 MZ-7PC128D/AM Western Digital Black Western Digital Green Western Digital Blue 
CoolingOSOSMonitor
Dtek v2 Water Windows 7 Pro Fedora 16 LG4250 42" LCD TV 
KeyboardPowerCaseMouse
Microsoft Ergo Silverstone ST-1000P Cooler Master Cosmos 1000 Logitech G500 
Mouse PadAudio
X-Trac Ripper Asus D1 
  hide details  
Reply
post #10 of 12
Quote:
Originally Posted by esocid View Post
Oh, my bad. Like I said, I'm no networking wizard at all.
I'm not either, but I have extensive DDoS-defending experience.
I've ran servers that have gotten hit with every type of DDoS: slow loris, HTTP-GET, TCP flood, UDP flood, etc... and at one point was dealing with over 10gbps of udp floods.

Was a total mess; I learned quick. Main lesson: avoid drama and don't piss off botmasters, even though they may be script kiddies.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › TF2 server packet flooding