Raised This Month: $ Target: $400
 0% 

How to fight "a2s_player spam" script? (IP rate limit sustained)


  
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Puppetmaster
Senior Member
Join Date: Jun 2015
Location: Probably at a computer.
Old 12-13-2015 , 22:25   Re: How to fight "a2s_player spam" script? (IP rate limit sustained)
Reply With Quote #4

PHP Code:
      snprintf(sourceipsizeof(sourceip)-1"%d.%d.%d.%d"rand()%255rand()%255rand()%255rand()%255);
      
iph->saddr inet_addr(sourceip); // Holy fuck this is terrible 
Looks like its going to be a pain to defend against this. While it has a rotating spoof of their their source address, I find it interesting that it does not call setup_ip_header more than once per thread so it should be possible to block the ips using iptables. Unless they restart the binary that should block them (They WILL restart eventually).

I would start by setting up a good set of iptables with things like Martians removed by default to help slow this kind of attack down (Due to the way this is coded its spoof code allows loopbacks, Martians, etc).

I would expect a better version to be found in the wild shortly. Off the top of my head I can see a few areas that could be easily improved to make this much more dangerous.
__________________

GZS Servers
Puppetmaster is offline
 



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 00:17.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode