|
Junior Member
|
07-20-2012
, 03:04
Re: [IMPORTANT] A new HLDS engine exploit !!!
|
#8
|
Quote:
Originally Posted by p4rp4d30
... enters the server affected and look you CONSOLE case of a flood You should see a user connecting and disconnecting the server quickly.
otherwise we would be talking about DDOS.
|
Yes we are talking about DDoS.
Quote:
Originally Posted by Russianeer
Only thing I can think of is whoever requests the A2S_INFO packets from all of these servers is simply spoofing the IP of other game-servers to make them share packets between each other at a very fast rate. How to fix it? No idea. You can probably scan your local master list and add the IPs that you query to a black list (you'd obviously need a script for that). Then once you are narrow enough, and don't have as many IPs, you can just start blacklisting the IPs manually in your database.
|
One of the server administrators managed to "solve" the problem with the 1400 length packets. He told ISP to block port 27005 for him and the flood disappeared. But then a new kind of attack again from existing CS 1.6 servers started against port 27016. The packet length was small but the flood was able to "block" anything again. So he blocked port 27016 from the router in front of the machines and the flood again dissapeared. But this is not a solution because another server administrator experienced the same attack over different port. And this has a big disadvantage - your server which is on the attacked port cannot be reached by players. 
Code:
23:15:21.580748 IP 131.18.165.162.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.580757 IP 140.28.179.105.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.580764 IP 86.144.116.87.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.580771 IP 51.6.34.19.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.580779 IP 39.142.142.176.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.580788 IP 108.113.115.94.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.580795 IP 4.165.22.63.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.580803 IP 52.27.51.13.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.580822 IP 89.190.213.199.27016 > 42.169.68.79.27005: UDP, length 6
23:15:21.580838 IP 89.190.213.199.27016 > 23.128.124.169.27005: UDP, length 6
23:15:21.580852 IP 89.190.213.199.27016 > 189.15.58.78.27005: UDP, length 6
23:15:21.580881 IP 89.190.213.199.27016 > 100.111.36.164.27005: UDP, length 6
23:15:21.580914 IP 89.190.213.199.27016 > 57.0.119.13.27005: UDP, length 6
23:15:21.580943 IP 89.190.213.199.27016 > 128.177.132.19.27005: UDP, length 6
23:15:21.580964 IP 89.190.213.199.27016 > 43.97.66.77.27005: UDP, length 6
23:15:21.580980 IP 89.190.213.199.27016 > 107.103.73.193.27005: UDP, length 6
23:15:21.580996 IP 89.190.213.199.27016 > 70.43.17.61.27005: UDP, length 6
23:15:21.581017 IP 199.58.45.162.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.581026 IP 161.74.84.163.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.581034 IP 165.139.189.16.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.581043 IP 38.121.182.15.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585199 IP 89.190.213.199.27016 > 61.51.120.78.27005: UDP, length 6
23:15:21.585221 IP 89.190.213.199.27016 > 110.70.51.117.27005: UDP, length 6
23:15:21.585237 IP 89.190.213.199.27016 > 60.83.114.88.27005: UDP, length 6
23:15:21.585249 IP 89.190.213.199.27016 > 190.199.37.153.27005: UDP, length 6
23:15:21.585260 IP 89.190.213.199.27016 > 148.176.163.12.27005: UDP, length 6
23:15:21.585273 IP 89.190.213.199.27016 > 131.70.159.133.27005: UDP, length 6
23:15:21.585285 IP 89.190.213.199.27016 > 175.26.70.136.27005: UDP, length 6
23:15:21.585297 IP 89.190.213.199.27016 > 30.76.145.89.27005: UDP, length 6
23:15:21.585313 IP 89.190.213.199.27016 > 34.174.134.192.27005: UDP, length 6
23:15:21.585325 IP 89.190.213.199.27016 > 52.195.29.13.27005: UDP, length 6
23:15:21.585337 IP 89.190.213.199.27016 > 11.93.183.109.27005: UDP, length 6
23:15:21.585351 IP 89.190.213.199.27016 > 109.184.100.81.27005: UDP, length 6
23:15:21.585363 IP 89.190.213.199.27016 > 157.113.119.72.27005: UDP, length 6
23:15:21.585374 IP 89.190.213.199.27016 > 198.17.136.122.27005: UDP, length 6
23:15:21.585386 IP 89.190.213.199.27016 > 80.90.122.25.27005: UDP, length 6
23:15:21.585393 IP 176.84.161.21.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585402 IP 165.20.190.63.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585411 IP 109.46.19.2.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585418 IP 147.146.194.141.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585428 IP 20.172.24.75.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585436 IP 116.79.1.61.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585445 IP 2.191.194.130.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585454 IP 17.150.87.110.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585498 IP 89.190.213.199.27016 > 36.28.0.160.27005: UDP, length 6
23:15:21.585528 IP 141.78.189.160.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585538 IP 6.30.30.81.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585551 IP 99.59.7.169.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585560 IP 126.177.72.61.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585568 IP 136.124.80.121.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585577 IP 82.174.180.172.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585585 IP 39.133.147.48.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585593 IP 140.30.67.39.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585609 IP 89.190.213.199.27016 > 134.119.173.88.27005: UDP, length 6
23:15:21.585628 IP 89.190.213.199.27016 > 186.182.182.169.27005: UDP, length 6
23:15:21.585645 IP 89.190.213.199.27016 > 110.127.13.108.27005: UDP, length 6
23:15:21.585663 IP 89.190.213.199.27016 > 63.13.190.58.27005: UDP, length 6
23:15:21.585681 IP 89.190.213.199.27016 > 60.23.188.145.27005: UDP, length 6
23:15:21.585699 IP 89.190.213.199.27016 > 53.44.166.85.27005: UDP, length 6
23:15:21.585717 IP 89.190.213.199.27016 > 13.161.156.48.27005: UDP, length 6
23:15:21.585733 IP 89.190.213.199.27016 > 185.108.94.44.27005: UDP, length 6
23:15:21.585749 IP 89.190.213.199.27016 > 140.45.65.167.27005: UDP, length 6
23:15:21.585759 IP 18.84.98.114.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585769 IP 116.67.111.25.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585779 IP 138.171.28.107.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585788 IP 115.141.126.79.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585796 IP 155.63.109.136.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585807 IP 12.59.146.163.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585817 IP 168.8.188.67.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.585855 IP 89.190.213.199.27016 > 100.101.94.25.27005: UDP, length 6
23:15:21.585873 IP 89.190.213.199.27016 > 170.102.163.113.27005: UDP, length 6
23:15:21.585892 IP 89.190.213.199.27016 > 21.188.91.158.27005: UDP, length 6
23:15:21.585910 IP 89.190.213.199.27016 > 199.97.49.36.27005: UDP, length 6
23:15:21.585923 IP 89.190.213.199.27016 > 41.41.82.140.27005: UDP, length 6
23:15:21.585937 IP 89.190.213.199.27016 > 176.24.126.155.27005: UDP, length 6
23:15:21.585950 IP 89.190.213.199.27016 > 11.71.194.157.27005: UDP, length 6
23:15:21.585964 IP 89.190.213.199.27016 > 72.197.87.2.27005: UDP, length 6
23:15:21.585977 IP 89.190.213.199.27016 > 49.39.157.153.27005: UDP, length 6
23:15:21.585996 IP 125.85.153.129.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586007 IP 150.166.25.115.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586017 IP 123.33.4.88.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586027 IP 84.189.197.5.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586036 IP 148.92.169.113.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586046 IP 105.168.38.2.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586055 IP 147.128.54.187.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586069 IP 89.190.213.199.27016 > 113.101.184.163.27005: UDP, length 6
23:15:21.586086 IP 89.190.213.199.27016 > 69.162.159.102.27005: UDP, length 6
23:15:21.586100 IP 89.190.213.199.27016 > 157.167.164.116.27005: UDP, length 6
23:15:21.586117 IP 174.175.144.92.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586127 IP 13.19.43.179.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586136 IP 100.162.17.137.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586147 IP 34.58.101.181.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586156 IP 165.55.121.132.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586165 IP 94.146.72.137.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586174 IP 65.82.126.88.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586185 IP 34.8.156.12.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586201 IP 89.190.213.199.27016 > 84.86.85.81.27005: UDP, length 6
23:15:21.586221 IP 89.190.213.199.27016 > 87.97.172.54.27005: UDP, length 6
23:15:21.586239 IP 89.190.213.199.27016 > 185.8.179.146.27005: UDP, length 6
23:15:21.586256 IP 89.190.213.199.27016 > 164.151.47.73.27005: UDP, length 6
23:15:21.586274 IP 89.190.213.199.27016 > 55.21.132.18.27005: UDP, length 6
23:15:21.586292 IP 89.190.213.199.27016 > 79.131.142.98.27005: UDP, length 6
23:15:21.586310 IP 89.190.213.199.27016 > 98.81.189.165.27005: UDP, length 6
23:15:21.586328 IP 89.190.213.199.27016 > 135.164.4.127.27005: UDP, length 6
23:15:21.586345 IP 89.190.213.199.27016 > 74.162.186.129.27005: UDP, length 6
23:15:21.586368 IP 89.190.213.199.27016 > 35.17.8.33.27005: UDP, length 6
23:15:21.586382 IP 99.169.143.38.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586394 IP 67.32.43.12.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586403 IP 24.40.49.80.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586415 IP 156.116.10.70.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586424 IP 31.8.75.111.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586432 IP 177.20.84.199.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586444 IP 75.30.58.161.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586453 IP 25.16.12.30.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586462 IP 178.16.115.13.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586479 IP 89.190.213.199.27016 > 71.13.100.55.27005: UDP, length 6
23:15:21.586497 IP 89.190.213.199.27016 > 61.78.17.57.27005: UDP, length 6
23:15:21.586515 IP 89.190.213.199.27016 > 100.90.49.177.27005: UDP, length 6
23:15:21.586530 IP 188.12.59.106.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586541 IP 176.11.9.50.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586551 IP 179.59.35.6.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586560 IP 157.130.65.169.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586571 IP 55.184.104.16.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586581 IP 100.62.181.106.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586589 IP 119.133.134.114.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586598 IP 151.73.0.157.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586617 IP 89.190.213.199.27016 > 199.63.126.157.27005: UDP, length 6
23:15:21.586636 IP 89.190.213.199.27016 > 56.33.58.47.27005: UDP, length 6
23:15:21.586654 IP 89.190.213.199.27016 > 19.80.90.187.27005: UDP, length 6
23:15:21.586671 IP 89.190.213.199.27016 > 47.164.15.195.27005: UDP, length 6
23:15:21.586689 IP 89.190.213.199.27016 > 72.104.127.87.27005: UDP, length 6
23:15:21.586706 IP 89.190.213.199.27016 > 35.56.99.87.27005: UDP, length 6
23:15:21.586722 IP 192.144.124.43.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586732 IP 79.26.25.76.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586743 IP 107.121.19.40.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586753 IP 22.173.134.144.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586763 IP 174.148.70.91.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586775 IP 199.56.56.92.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.586797 IP 89.190.213.199.27016 > 59.95.188.118.27005: UDP, length 6
23:15:21.586813 IP 89.190.213.199.27016 > 100.189.160.139.27005: UDP, length 6
23:15:21.586828 IP 89.190.213.199.27016 > 195.13.110.190.27005: UDP, length 6
23:15:21.586843 IP 89.190.213.199.27016 > 88.128.127.193.27005: UDP, length 6
23:15:21.586859 IP 89.190.213.199.27016 > 77.130.52.58.27005: UDP, length 6
23:15:21.586875 IP 89.190.213.199.27016 > 37.177.60.116.27005: UDP, length 6
23:15:21.586891 IP 89.190.213.199.27016 > 66.50.23.90.27005: UDP, length 6
23:15:21.586907 IP 89.190.213.199.27016 > 56.0.153.195.27005: UDP, length 6
23:15:21.586923 IP 89.190.213.199.27016 > 102.78.90.77.27005: UDP, length 6
23:15:21.586939 IP 89.190.213.199.27016 > 74.36.184.80.27005: UDP, length 6
23:15:21.586955 IP 89.190.213.199.27016 > 99.2.89.115.27005: UDP, length 6
23:15:21.586971 IP 89.190.213.199.27016 > 48.9.36.119.27005: UDP, length 6
23:15:21.586992 IP 181.150.12.57.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587001 IP 25.43.186.104.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587010 IP 87.71.185.86.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587019 IP 2.123.91.150.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587028 IP 91.166.127.49.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587037 IP 55.67.2.192.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587045 IP 89.188.31.11.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587054 IP 170.193.50.25.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587061 IP 147.131.70.197.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587077 IP 89.190.213.199.27016 > 83.161.188.67.27005: UDP, length 6
23:15:21.587094 IP 89.190.213.199.27016 > 178.7.119.31.27005: UDP, length 6
23:15:21.587114 IP 119.137.145.161.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587123 IP 73.111.34.151.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587132 IP 67.24.97.26.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587140 IP 13.87.67.85.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587152 IP 64.9.103.69.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587160 IP 177.172.164.72.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.587184 IP 58.16.112.94.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590552 IP 141.190.190.79.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590568 IP 159.102.0.178.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590577 IP 36.93.171.117.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590587 IP 178.185.129.119.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590596 IP 119.118.143.192.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590604 IP 16.1.124.98.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590612 IP 187.179.45.115.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590620 IP 189.54.34.142.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590628 IP 114.124.40.165.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590636 IP 121.169.134.118.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590644 IP 78.19.46.58.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590651 IP 141.80.194.89.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590667 IP 89.190.213.199.27016 > 104.92.120.74.27005: UDP, length 6
23:15:21.590684 IP 89.190.213.199.27016 > 161.7.84.187.27005: UDP, length 6
23:15:21.590700 IP 89.190.213.199.27016 > 143.62.165.151.27005: UDP, length 6
23:15:21.590717 IP 89.190.213.199.27016 > 108.117.139.31.27005: UDP, length 6
23:15:21.590731 IP 133.97.180.194.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590739 IP 108.49.99.181.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590748 IP 28.151.2.93.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590767 IP 91.187.191.1.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590776 IP 171.0.59.95.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590783 IP 69.133.186.119.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590800 IP 89.190.213.199.27016 > 76.59.156.74.27005: UDP, length 6
23:15:21.590817 IP 89.190.213.199.27016 > 52.111.136.175.27005: UDP, length 6
23:15:21.590834 IP 89.190.213.199.27016 > 196.154.172.59.27005: UDP, length 6
23:15:21.590855 IP 89.190.213.199.27016 > 159.41.74.153.27005: UDP, length 6
23:15:21.590868 IP 89.190.213.199.27016 > 60.134.35.6.27005: UDP, length 6
23:15:21.590882 IP 89.190.213.199.27016 > 95.62.3.45.27005: UDP, length 6
23:15:21.590895 IP 89.190.213.199.27016 > 159.172.121.117.27005: UDP, length 6
23:15:21.590903 IP 101.101.31.116.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590912 IP 81.128.180.77.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590922 IP 164.17.4.179.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590932 IP 171.167.48.188.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590943 IP 59.144.82.161.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.590967 IP 89.190.213.199.27016 > 45.55.132.160.27005: UDP, length 6
23:15:21.590985 IP 89.190.213.199.27016 > 114.73.183.199.27005: UDP, length 6
23:15:21.591002 IP 89.190.213.199.27016 > 138.60.19.128.27005: UDP, length 6
23:15:21.591020 IP 89.190.213.199.27016 > 188.187.149.60.27005: UDP, length 6
23:15:21.591042 IP 89.190.213.199.27016 > 56.77.74.152.27005: UDP, length 6
23:15:21.591061 IP 89.190.213.199.27016 > 192.63.88.105.27005: UDP, length 6
23:15:21.591078 IP 89.190.213.199.27016 > 157.181.103.69.27005: UDP, length 6
23:15:21.591095 IP 89.190.213.199.27016 > 197.145.148.142.27005: UDP, length 6
23:15:21.591113 IP 89.190.213.199.27016 > 57.164.0.180.27005: UDP, length 6
23:15:21.591131 IP 89.190.213.199.27016 > 128.31.146.13.27005: UDP, length 6
23:15:21.591152 IP 89.190.213.199.27016 > 8.10.151.42.27005: UDP, length 6
23:15:21.591155 IP 52.123.44.189.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591165 IP 59.195.5.182.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591173 IP 8.22.18.30.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591183 IP 49.52.76.37.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591192 IP 89.182.166.108.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591202 IP 90.126.12.151.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591214 IP 70.68.34.111.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591221 IP 155.100.189.48.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591248 IP 89.190.213.199.27016 > 14.150.47.163.27005: UDP, length 6
23:15:21.591266 IP 89.190.213.199.27016 > 24.144.110.115.27005: UDP, length 6
23:15:21.591283 IP 89.190.213.199.27016 > 168.128.15.91.27005: UDP, length 6
23:15:21.591302 IP 89.190.213.199.27016 > 30.115.142.136.27005: UDP, length 6
23:15:21.591319 IP 89.190.213.199.27016 > 3.33.20.127.27005: UDP, length 6
23:15:21.591332 IP 97.33.182.0.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591343 IP 88.80.104.178.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591352 IP 34.150.188.81.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591361 IP 189.75.1.40.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591369 IP 114.32.104.161.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591377 IP 71.70.107.183.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591397 IP 150.197.34.96.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591409 IP 57.85.108.33.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591433 IP 89.190.213.199.27016 > 141.9.21.140.27005: UDP, length 6
23:15:21.591456 IP 89.190.213.199.27016 > 63.116.24.104.27005: UDP, length 6
23:15:21.591473 IP 89.190.213.199.27016 > 16.51.153.186.27005: UDP, length 6
23:15:21.591487 IP 89.190.213.199.27016 > 158.31.173.71.27005: UDP, length 6
23:15:21.591499 IP 89.190.213.199.27016 > 33.131.146.143.27005: UDP, length 6
23:15:21.591512 IP 89.190.213.199.27016 > 15.105.74.84.27005: UDP, length 6
23:15:21.591526 IP 89.190.213.199.27016 > 11.164.103.154.27005: UDP, length 6
23:15:21.591543 IP 89.190.213.199.27016 > 117.102.154.108.27005: UDP, length 6
23:15:21.591557 IP 89.190.213.199.27016 > 184.50.31.146.27005: UDP, length 6
23:15:21.591571 IP 174.35.56.95.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591581 IP 30.7.18.76.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591591 IP 56.41.175.161.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591600 IP 100.61.55.139.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591608 IP 81.20.112.2.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591615 IP 196.173.63.65.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591624 IP 56.44.150.172.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591632 IP 87.79.153.118.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591652 IP 89.190.213.199.27016 > 140.132.96.55.27005: UDP, length 6
23:15:21.591679 IP 89.190.213.199.27016 > 170.186.59.29.27005: UDP, length 6
23:15:21.591716 IP 58.57.92.171.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591726 IP 22.12.55.17.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591736 IP 132.33.189.43.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591746 IP 32.121.102.23.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591757 IP 113.191.177.103.27005 > 89.190.213.199.27016: UDP, length 7
23:15:21.591772 IP 152.177.7.47.27005 > 89.190.213.199.27016: UDP, length 7
So they are always using the server queries, maybe they change them (different string length) ?
Your idea isn't impossible but I won't achieve anything if I make a blacklist, because the flooder hits us indirectly and also the server database of this thing is enourmously big and it is maybe updated daily.
Another idea was to catch all the traffic when we are flooded from an ip that shows in the logs. Since there are IPs of servers which are also attacked we can watch for info packets and catch the real ip of the flooder. However this won't help against the flood because it all happens indirectly.
I think it is an exploit because everybody who knows a little bit about raw packets and sockets, can implement the flooder and upload it to the public. Then what? We will be watching our servers destroying each other. The current fix for this thing is a nice router to handle the traffic and gigabyte connectivity (which btw was reached when they attacked another server admin).
|
|