[spumer]

Added instruction for building BCC on Debian 10 Buster
https://github.com/spumer/source-que...ebpf/README.md

[RAIN182]

Is it relevant for csgo?
Server mirror?

[spumer]

Quote:

Originally Posted by RAIN182 Is it relevant for csgo? Server mirror?

Depend on what do you want.

It's not a mirror, just query packets handler in separate process.

And i'm working on some algorithms to detect and mitigate ddos, but it's not public yet and experimental

[jeremyvillanueva]

Hi, I just got identified some attackers
I have traced to Uruguay, and also from gameservers.com
Those UDP packets are using all my bandwidth and my CPU,
I will share my iptables

[pakgamerz]

iptables wont solve completely flood or dos attacks. it will cause more problems.


The attacker can change methods and you keep changing your rules?



The solution would be to block this before come to your server. so where ever you host you can ask them for protection for this kind of flood or dos attacks.

[jeremyvillanueva]

Hi, may you share your experience?
What kind of protection do you use in your servers?
I think and as far as I can tell iptables could prevent
contact from the attacker, it doesn't consume your CPU, I've tried right now also,

[pakgamerz]

i am using OVH Game + Addtional filters setup by Path.net


and instead of iptables i ise ufw to rate limit port 27015.


works good.

[jeremyvillanueva]

I want to share this iptables

It works for my 93 tickrate server, btw it also blocks rcon listening

sudo iptables --flush
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo iptables -t raw -F
sudo iptables -t raw -X
sudo iptables -t security -F
sudo iptables -t security -X
sudo iptables -F
sudo iptables -X
sudo iptables --new-chain RATE-LIMIT
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -A INPUT -p udp --destination-port 27015 --jump RATE-LIMIT
sudo iptables --append RATE-LIMIT --match hashlimit --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-upto 93/sec --hashlimit-burst 20 --hashlimit-name conn_rate_limit --hashlimit-htable-expire 30000 --hashlimit-htable-max 65535 --jump ACCEPT
sudo iptables --append RATE-LIMIT --match limit --limit 1/sec --limit-burst 1 --jump LOG --log-prefix "IPTables-Dropped: "
sudo iptables --append RATE-LIMIT --jump DROP
sudo iptables -A INPUT -p tcp --destination-port 27015 -j DROP

[DJEarthQuake]

Please be advised. If not locally connected --flush, will sever your SSH connection and the only way in is serial console if installed. It also will disable everything network like web server, DNS, and MAIL. Make a bash script or better just lay out the rules without flush.

Quote:

Originally Posted by jeremyvillanueva I want to share this iptables It works for my 93 tickrate server, btw it also blocks rcon listening sudo iptables --flush sudo iptables -t nat -F sudo iptables -t nat -X sudo iptables -t mangle -F sudo iptables -t mangle -X sudo iptables -t raw -F sudo iptables -t raw -X sudo iptables -t security -F sudo iptables -t security -X sudo iptables -F sudo iptables -X sudo iptables --new-chain RATE-LIMIT sudo iptables -P INPUT ACCEPT sudo iptables -P FORWARD ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -A INPUT -p udp --destination-port 27015 --jump RATE-LIMIT sudo iptables --append RATE-LIMIT --match hashlimit --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-upto 93/sec --hashlimit-burst 20 --hashlimit-name conn_rate_limit --hashlimit-htable-expire 30000 --hashlimit-htable-max 65535 --jump ACCEPT sudo iptables --append RATE-LIMIT --match limit --limit 1/sec --limit-burst 1 --jump LOG --log-prefix "IPTables-Dropped: " sudo iptables --append RATE-LIMIT --jump DROP sudo iptables -A INPUT -p tcp --destination-port 27015 -j DROP

[c2qute]

i'm running into this, any ideas? servers are started via docker, which should not be an issue imo

Code:

2021-04-02 10:21:54,675 [INFO] [sqproxy.config] Confdir not found: /root/conf.d/conf.d
2021-04-02 10:21:54,675 [WARNING] [sqproxy] No one server to run. Please check config

i have both 00-globals and 01-csgo.yml as stated in the example