I was wondering if someone could help my find the right iptables rules to block off this attack I'm getting. It seems like a typical denial of service attack.
When the attack takes place (usually when the server is full) the CPU load of the srcds_linux goes to 100% causing the server to go down. tcpdump shows the output posted below.
I'm already dropping invalid length UDP packets with these rules:
iptables -A INPUT -p udp --dport 27015:27020 -m length --length 0
2 -j DROP
iptables -A INPUT -p udp --dport 27015:27020 -m length --length 2521:65535 -j DROP
Another symptom with this attack is the traffic. When the attack takes place I have about 5000 kB/s incoming, but also outgoing traffic of about the same amount.
Any idea how to fix this?
Thanks!
Code:
07:36:31.749765 IP 115.200.44.28.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749797 IP 191.115.63.28.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749847 IP 137.193.4.220.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749857 IP 137.251.75.56.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749875 IP 91.95.183.239.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749886 IP 202.128.240.177.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749897 IP 155.15.174.228.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749909 IP 121.177.212.64.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749929 IP 91.80.76.254.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749978 IP 214.173.228.78.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749982 IP 76.116.11.169.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749986 IP 218.211.77.118.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750012 IP 76.101.176.114.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750016 IP 128.171.113.141.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750027 IP 16.92.57.133.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750038 IP 71.191.150.107.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750064 IP 91.227.192.251.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750078 IP 106.131.150.109.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750081 IP 152.96.183.123.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750085 IP 64.217.207.219.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750093 IP 58.150.136.57.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750115 IP 192.14.121.249.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750136 IP 200.14.33.44.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750140 IP 7.209.209.38.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750150 IP 148.160.190.132.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750162 IP 205.81.45.132.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750167 IP 141.216.141.190.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750172 IP 100.165.185.107.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750202 IP 52.236.116.151.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750259 IP 77.219.206.182.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750263 IP 38.133.203.72.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750271 IP 13.66.244.111.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750310 IP 3.42.73.82.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750353 IP 84.153.117.155.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750358 IP 174.253.253.20.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749760 IP 72.179.15.167.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749765 IP 115.200.44.28.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749797 IP 191.115.63.28.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749847 IP 137.193.4.220.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749857 IP 137.251.75.56.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749875 IP 91.95.183.239.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749886 IP 202.128.240.177.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749897 IP 155.15.174.228.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749909 IP 121.177.212.64.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749929 IP 91.80.76.254.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749978 IP 214.173.228.78.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749982 IP 76.116.11.169.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.749986 IP 218.211.77.118.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750012 IP 76.101.176.114.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750016 IP 128.171.113.141.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750027 IP 16.92.57.133.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750038 IP 71.191.150.107.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750064 IP 91.227.192.251.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750078 IP 106.131.150.109.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750081 IP 152.96.183.123.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750085 IP 64.217.207.219.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750093 IP 58.150.136.57.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750115 IP 192.14.121.249.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750136 IP 200.14.33.44.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750140 IP 7.209.209.38.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750150 IP 148.160.190.132.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750162 IP 205.81.45.132.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750167 IP 141.216.141.190.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750172 IP 100.165.185.107.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750202 IP 52.236.116.151.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750259 IP 77.219.206.182.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750263 IP 38.133.203.72.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750271 IP 13.66.244.111.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750310 IP 3.42.73.82.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750353 IP 84.153.117.155.27015 > 1.1.1.1.27015: UDP, length 25
07:36:31.750358 IP 174.253.253.20.27015 > 1.1.1.1.27015: UDP, length 25