[Kigen]

Lets say an attacker only has one machine and must hide it. So he decides to only use 10Mbps. The attack packet is 42 bytes. 10Megabits is 1310720 bytes. Divide that by 42 and you get approx. 31207 packets per second. Then we will look at the server. Most will be using shared hosting. This means that only a few hundred megabytes of memory will be available to the server. Lets say you are right that the IP record only takes 16 bytes (btw, look up struct padding). So lets say the server has 500MB extra aside from base SRCDS use (which is around 200-300MB). 500MB is 524288000 bytes. That means 32768000 IP records can be stored. That means that the server would only last 1050 seconds before it consumes all that available memory. Then lets say another server on the box crashes/restarts (because this is a shared host). Then server would then start to allocate into that space the other server was using. However, the other server would no longer be able to malloc() SRCDS's needed space. Then angry customer complains to the host provider. The host provider then sees that your SRCDS server is consuming an abnormal amount of RAM and then tries to restart it. But your server would fast consume the available memory. They would suspend your service.

All this because of a poorly coded plugin you were using.

I seriously hope you guys are joking about not caring about the list growing infinitely. You don't even at least have pruning to keep the list under a certain size so that when someone runs the command they don't see over 1000 lines of IPs. Seriously, its pointless to be keeping a record of attacking IPs anyway since they will most likely be spoofed.

I've seen attacker keep up a sustained spoofed IP attack at 100Mbps for over 2 months. That caused me to have to make my own anti-DoS plugin that covers all types of attacks against an SRCDS.