Getting attacked by a lot of UT/CS servers

Martijn79 · **Author**

Hi all,

I'm receiving reflection attacks from a huge list of game servers, mostly which are registered on game tracker / game monitor.
Most servers are CS 1.6 servers. Unreal Tournament and Call of Duty so if you run such a server and you wonder why it lags sometimes that's probably because it's attacking me (and others) and you should limit outgoing traffic.

Below is the list, I've been trying to block them with iptables and to block the packets but the traffic is so overwhelming and the PPS so high that my servers go down either way.

Code:

1.243.48.9      
2.248.114.189   
4.79.145.52     
4.79.145.198    
5.9.104.177     
5.9.107.54      
5.9.107.68      
5.9.136.39      
5.19.238.86     
5.28.58.237     
5.57.224.157    
5.57.224.158    
5.57.224.193    
5.83.128.225    
5.100.124.195   
5.128.5.124     
5.141.87.65     
5.175.135.137   
5.175.146.13    
5.175.169.110   
5.178.87.91     
5.178.87.101    
5.178.87.241    
5.231.54.233    
5.231.56.4      
5.231.59.26     
5.231.63.47     
8.2.120.205     
8.2.120.207     
8.2.121.153     
8.3.7.31        
8.3.28.30       
8.3.28.65       
8.6.3.13        
8.6.3.111       
8.6.8.194       
8.6.9.30        
8.6.9.221       
8.6.9.237       
8.6.15.8        
8.6.15.10       
8.6.15.28       
8.6.15.99       
8.6.74.100      
8.6.75.70       
8.6.75.79       
8.6.75.80       
8.6.76.29       
8.6.77.18       
14.207.145.176  
23.19.172.145   
23.19.172.149   
23.88.105.54    
23.226.230.12   
23.227.163.153  
23.227.189.117  
23.238.186.3    
23.246.204.13   
23.255.130.197  
24.6.96.111     
24.224.140.224  
24.248.94.203   
27.50.70.41     
27.50.71.21     
27.50.71.240    
27.50.72.166    
27.191.149.90   
31.13.221.70    
31.28.170.116   
31.130.201.188  
31.131.251.151  
31.133.13.31    
31.133.15.98    
31.133.15.147   
31.186.38.190   
31.186.81.18    
31.186.81.70    
31.186.82.99    
31.186.82.130   
31.186.82.137   
31.186.83.208   
31.186.84.74    
31.186.84.114   
31.186.84.219   
31.186.85.10    
31.186.85.50    
31.186.86.30    
31.204.131.91   
31.204.131.93   
31.207.72.5     
31.222.222.75   
36.2.109.15     
37.32.48.31     
37.57.154.219   
37.157.172.25   
37.193.208.99   
37.221.209.104  
37.221.209.105  
37.221.209.129  
37.221.209.131  
37.221.209.132  
37.221.210.31   
37.221.210.34   
37.252.125.195  
38.113.114.11   
38.113.114.12   
38.113.114.13   
39.180.244.23   
41.160.50.228   
41.223.53.21    
46.0.203.148    
46.4.53.149     
46.4.69.212     
46.4.112.26     
46.17.41.113    
46.20.47.46     
46.28.67.248    
46.29.20.162    
46.32.78.7      
46.39.238.100   
46.117.11.171   
46.163.109.228  
46.165.225.163  
46.165.225.177  
46.165.225.181  
46.165.225.183  
46.165.226.129  
46.174.48.39    
46.174.52.11    
46.174.52.22    
46.228.196.88   
46.228.196.209  
46.235.15.243   
46.246.28.132   
46.246.120.2    
46.252.148.68   
54.76.114.197   
54.210.164.166  
58.58.176.147   
58.59.176.113   
58.59.176.114   
59.33.36.129    
59.39.179.154   
59.90.171.202   
59.126.108.9    
60.2.251.50     
60.2.251.57     
60.18.248.14    
60.171.213.107  
60.171.213.108  
60.171.213.109  
60.214.155.8    
60.216.51.195   
60.216.52.14    
60.240.173.36   
60.251.179.134  
61.129.45.215   
61.139.175.76   
62.0.111.39     
62.21.98.148    
62.21.98.150    
62.41.20.76     
62.67.42.120    
62.68.143.165   
62.109.19.63    
62.204.141.170  
62.204.141.172  
62.210.178.64   
62.210.203.88   
62.254.68.252   
63.140.107.189  
63.208.142.113  
63.208.142.116  
63.209.32.146   
63.210.148.39   
63.215.74.124   
63.215.74.135   
64.15.185.49    
64.17.101.72    
64.17.101.78    
64.17.101.90    
64.34.198.14    
64.130.91.181   
64.150.229.163  
64.156.14.49    
66.55.131.158   
66.55.142.39    
66.55.142.133   
66.55.149.12    
66.55.149.86    
66.55.149.95    
66.55.149.189   
66.55.154.136   
66.55.154.137   
66.55.158.13    
66.55.158.23    
66.55.158.28    
66.55.158.42    
66.55.158.146   
66.55.158.154   
66.55.158.218   
66.151.15.250   
66.225.198.115  
66.225.231.166  
66.225.231.168  
66.225.231.171  
66.240.245.95   
67.162.15.4     
67.175.126.240  
68.68.66.211    
68.168.212.226  
68.232.160.46   
68.232.160.213  
68.232.161.138  
68.232.162.75   
68.232.162.108  
68.232.162.130  
68.232.162.143  
68.232.166.12   
68.232.166.15   
68.232.166.23   
68.232.166.34   
68.232.168.119  
68.232.168.134  
68.232.169.143  
68.232.170.93   
68.232.172.43   
68.232.173.194  
68.232.174.13   
68.232.174.64   
68.232.174.68   
68.232.174.227  
68.232.176.50   
68.232.177.24   
68.232.177.154  
68.232.178.105  
68.232.178.139  
68.232.178.206  
68.232.179.86   
68.232.181.108  
68.232.184.9    
68.232.184.207  
68.232.184.208  
68.233.233.142  
69.39.239.151   
69.61.125.10    
69.123.105.113  
69.147.229.162  
69.160.47.105   
69.162.123.248  
70.234.211.131  
71.188.111.160  
71.198.164.249  
71.203.171.111  
72.8.129.10     
72.8.129.13     
72.8.129.14     
72.14.187.6     
74.80.133.248   
74.108.137.250  
74.121.181.100  
74.201.240.226  
74.208.74.133   
75.127.15.250   
75.148.50.205   
77.37.144.20    
77.37.146.35    
77.37.166.22    
77.41.94.146    
77.50.220.196   
77.70.73.217    
77.75.123.214   
77.87.95.5      
77.93.57.5      
77.105.152.132  
77.111.208.200  
77.120.196.2    
77.163.218.201  
77.175.153.9    
77.232.128.238  
77.236.206.4    
77.241.192.25   
77.241.192.62   
77.241.198.84   
77.241.198.112  
77.241.198.121  
77.241.202.107  
77.243.98.228   
77.247.243.63   
78.24.222.23    
78.46.33.123    
78.46.60.144    
78.46.82.107    
78.46.88.34     
78.72.135.64    
78.129.244.230  
78.129.244.231  
78.129.244.236  
78.129.244.237  
78.142.142.7    
78.193.110.136  
79.77.27.250    
79.98.27.7      
79.98.108.75    
79.98.108.101   
79.98.108.105   
79.98.108.109   
79.98.108.143   
79.124.58.54    
79.124.58.83    
79.124.58.84    
79.124.59.250   
79.133.198.114  
79.143.181.165  
80.72.36.251    
80.72.37.10     
80.72.41.83     
80.77.173.82    
80.77.174.155   
80.77.175.115   
80.82.16.66     
80.90.240.183   
80.91.173.150   
80.160.64.154   
80.241.245.126  
80.241.245.245  
80.243.125.7    
81.9.25.22      
81.19.152.185   
81.19.208.21    
81.19.216.12    
81.19.216.110   
81.30.148.29    
81.30.148.30    
81.30.149.93    
81.88.208.157   
82.8.35.111     
82.37.255.166   
82.119.75.162   
82.127.78.106   
82.131.75.63    
82.135.154.91   
82.146.41.173   
82.146.59.155   
82.146.60.36    
82.193.150.252  
82.193.156.105  
82.199.120.232  
83.87.214.225   
83.99.233.96    
83.142.230.55   
83.142.230.110  
83.167.24.197   
83.172.0.168    
83.222.96.130   
83.222.105.86   
83.222.105.242  
83.222.109.40   
83.222.114.2    
83.222.114.74   
83.222.114.78   
83.222.117.75   
83.239.99.132   
84.19.176.50    
84.23.35.179    
84.29.239.68    
84.83.176.234   
84.106.40.211   
84.200.1.17     
84.200.1.113    
84.200.5.139    
84.200.5.173    
84.200.5.226    
84.200.38.133   
84.201.34.208   
84.234.53.78    
84.240.165.12   
84.245.69.62    
85.10.193.44    
85.14.221.179   
85.14.224.151   
85.14.225.112   
85.17.189.117   
85.21.246.246   
85.25.95.99     
85.25.108.152   
85.25.146.161   
85.25.197.26    
85.25.201.119   
85.25.209.56    
85.31.99.163    
85.52.192.213   
85.112.121.178  
85.113.39.168   
85.113.41.142   
85.114.130.91   
85.131.192.112  
85.175.194.21   
85.197.124.10   
85.214.88.92    
85.214.117.159  
85.214.219.87   
85.214.237.40   
85.236.100.43   
85.236.100.100  
85.236.100.115  
85.236.100.117  
85.236.100.140  
85.236.100.244  
85.236.105.29   
85.236.109.41   
86.110.181.156  
87.106.62.234   
87.106.139.36   
87.117.203.74   
87.119.71.143   
87.229.77.40    
87.229.77.165   
88.83.33.253    
88.83.202.107   
88.84.222.135   
88.150.231.194  
88.198.62.172   
88.198.68.172   
88.199.98.115   
88.208.118.61   
88.213.207.173  
89.25.239.3     
89.29.100.103   
89.37.189.112   
89.39.13.160    
89.105.128.107  
89.179.240.36   
89.188.109.14   
89.189.178.73   
89.189.178.88   
89.238.66.96    
89.252.108.250  
90.146.40.156   
90.157.218.164  
90.176.179.241  
90.179.164.236  
90.182.170.27   
90.188.119.152  
91.90.245.198   
91.109.25.74    
91.109.26.27    
91.185.185.32   
91.185.185.122  
91.188.34.240   
91.190.121.45   
91.200.216.81   
91.202.26.83    
91.203.134.159  
91.204.161.36   
91.204.161.168  
91.211.113.94   
91.211.116.11   
91.211.116.17   
91.211.116.32   
91.211.117.73   
91.211.118.168  
91.211.118.181  
91.211.244.5    
91.211.246.172  
91.212.99.66    
91.215.156.78   
91.217.254.206  
91.230.204.209  
91.234.146.75   
91.234.217.6    
92.39.54.97     
92.48.124.251   
92.51.132.225   
92.104.63.23    
92.240.234.20   
92.240.236.20   
92.240.237.11   
92.240.237.43   
92.240.237.185  
92.240.237.191  
92.241.234.179  
93.81.245.3     
93.81.250.64    
93.91.240.118   
93.116.70.45    
93.126.64.205   
93.126.65.103   
93.157.234.83   
93.170.12.34    
93.170.130.20   
93.183.216.169  
93.184.69.132   
93.186.198.74   
93.186.199.40   
93.188.8.77     
93.188.8.88     
93.188.8.188    
93.191.11.58    
93.191.11.60    
93.191.11.143   
93.191.11.212   
93.191.12.237   
94.100.104.125  
94.102.53.184   
94.199.180.130  
94.245.155.26   
94.249.132.42   
94.249.132.45   
94.249.132.48   
94.249.132.49   
94.249.132.217  
94.249.254.11   
94.250.250.65   
94.250.255.227  
94.255.232.158  
95.31.9.249     
95.31.20.140    
95.31.21.31     
95.47.161.66    
95.47.161.115   
95.79.30.19     
95.96.21.14     
95.104.10.204   
95.140.34.152   
95.141.226.42   
95.154.113.83   
95.156.228.10   
95.156.230.70   
95.156.230.72   
95.156.230.73   
95.156.230.74   
95.158.36.27    
95.167.110.199  
95.170.68.21    
95.172.154.162  
95.188.89.228   
95.191.130.232  
95.215.0.37     
96.8.119.194    
96.44.142.146   
101.227.68.5    
101.227.68.6    
101.227.68.8    
103.2.238.181   
103.2.238.222   
103.8.78.109    
103.22.181.186  
104.128.239.115 
104.130.2.82    
104.130.65.125  
104.156.244.138 
104.156.246.10  
104.156.246.219 
106.177.11.62   
107.150.39.18   
107.150.39.19   
107.150.39.22   
107.155.75.72   
107.181.153.88  
107.191.126.145 
108.33.72.181   
108.49.139.93   
108.61.50.203   
108.61.97.5     
108.61.98.149   
108.61.98.162   
108.61.100.82   
108.61.102.45   
108.61.109.179  
108.61.116.193  
108.61.119.201  
108.61.120.67   
108.61.121.18   
108.61.139.76   
108.61.151.174  
108.61.204.178  
108.61.227.216  
108.61.230.75   
108.61.230.81   
108.223.36.170  
109.70.146.178  
109.70.149.78   
109.70.149.96   
109.70.149.99   
109.70.149.158  
109.70.149.162  
109.71.214.72   
109.87.105.127  
109.95.44.44    
109.196.178.10  
109.230.231.26  
109.230.239.210 
109.236.89.182  
109.238.81.81   
111.67.16.116   
111.89.168.226  
111.95.249.116  
111.240.167.126 
113.28.30.154   
113.105.152.214 
113.200.249.0   
113.200.249.1   
113.200.249.10  
113.200.251.187 
113.200.251.189 
113.252.135.220 
117.146.156.152 
117.240.103.202 
118.70.243.10   
118.163.217.253 
119.235.250.10  
119.247.236.43  
119.252.189.13  
119.252.191.97  
120.193.10.24   
120.196.171.198 
120.218.0.190   
121.12.118.36   
121.12.127.193  
121.12.168.158  
121.73.101.37   
121.161.85.242  
122.228.236.209 
123.138.29.229  
124.115.220.30  
124.117.230.37  
124.232.140.188 
125.0.161.217   
125.63.50.165   
125.63.61.22    
125.63.61.53    
125.64.98.250   
125.64.98.251   
125.72.41.230   
125.72.41.237   
125.93.81.68    
125.93.183.23   
125.93.183.186  
125.211.197.228 
129.71.209.26   
130.185.109.115 
130.185.109.180 
144.76.1.49     
144.76.2.180    
144.76.31.251   
144.76.38.98    
144.76.94.125   
144.76.134.155  
146.0.32.72     
146.255.194.186 
148.251.32.171  
148.251.36.182  
148.251.78.214  
149.154.64.92   
149.154.155.172 
149.154.157.94  
151.64.239.106  
151.159.6.226   
154.127.50.28   
157.181.175.40  
158.58.172.3    
158.58.172.28   
159.100.176.114 
159.100.176.126 
159.100.176.127 
159.224.141.62  
162.217.144.110 
162.248.92.241  
162.248.93.128  
162.248.93.129  
162.248.93.130  
162.248.93.199  
171.212.96.122  
171.212.96.123  
171.212.96.124  
171.212.96.125  
171.212.96.126  
172.245.8.12    
172.245.62.116  
173.16.205.0    
173.22.146.40   
173.45.74.2     
173.52.222.176  
173.74.237.80   
173.199.66.49   
173.199.66.68   
173.199.66.105  
173.199.73.221  
173.199.73.226  
173.199.73.244  
173.199.75.208  
173.199.76.43   
173.199.77.203  
173.199.84.47   
173.199.84.62   
173.199.84.74   
173.199.94.14   
173.199.100.36  
173.199.100.119 
173.199.100.140 
173.199.100.164 
173.199.100.165 
173.199.100.168 
173.199.100.184 
173.199.100.186 
173.199.101.103 
173.199.101.161 
173.199.101.181 
173.199.101.215 
173.199.101.218 
173.199.101.245 
173.199.110.36  
173.208.190.202 
173.234.245.50  
173.234.245.53  
174.34.132.100  
174.140.167.61  
174.140.167.160 
174.140.167.238 
174.140.168.100 
174.140.168.217 
175.103.60.27   
176.9.15.10     
176.9.35.138    
176.9.54.140    
176.9.104.176   
176.9.176.59    
176.56.10.50    
176.57.128.40   
176.57.128.207  
176.57.139.176  
176.57.141.11   
176.57.141.67   
176.57.142.99   
176.57.142.154  
176.57.142.179  
176.57.142.200  
176.57.143.79   
176.57.143.107  
176.57.143.207  
176.57.143.208  
176.57.184.25   
176.57.184.27   
176.57.184.42   
176.57.184.43   
176.57.184.44   
176.57.184.45   
176.57.184.62   
176.57.184.64   
176.57.184.80   
176.57.184.86   
176.57.184.90   
176.57.184.91   
176.57.184.95   
176.57.184.100  
176.57.184.110  
176.57.184.111  
176.57.184.120  
176.57.184.121  
176.57.184.125  
176.57.184.137  
176.57.184.138  
176.57.188.4    
176.57.188.13   
176.57.188.17   
176.57.188.24   
176.57.188.30   
176.57.188.43   
176.103.49.24   
176.123.163.103 
176.126.244.90  
177.124.43.232  
177.124.244.162 
177.229.188.31  
178.18.17.13    
178.19.105.107  
178.19.105.108  
178.19.105.110  
178.19.106.68   
178.19.106.70   
178.19.106.138  
178.19.106.146  
178.19.108.214  
178.19.110.98   
178.45.251.164  
178.46.164.222  
178.63.46.176   
178.74.17.28    
178.124.130.32  
178.124.161.195 
178.130.21.168  
178.162.199.214 
178.162.199.219 
178.171.68.129  
178.200.188.135 
178.205.252.122 
178.213.0.168   
178.218.20.58   
178.238.40.112  
178.238.40.113  
178.238.217.25  
178.248.200.34  
178.254.21.11   
178.254.42.113  
179.60.219.54   
180.51.34.14    
180.211.95.221  
181.14.207.125  
181.41.210.129  
181.41.214.234  
181.41.214.245  
181.177.203.180 
181.177.204.5   
181.177.204.6   
181.177.204.9   
181.177.204.12  
181.177.204.21  
181.177.204.36  
181.177.204.38  
181.177.204.101 
181.177.204.102 
181.177.204.113 
181.177.204.123 
181.177.204.200 
181.177.204.205 
181.177.204.211 
181.177.204.218 
181.177.204.221 
181.177.204.222 
181.177.204.236 
182.48.253.89   
182.180.155.112 
182.213.160.249 
183.60.227.156  
183.87.110.10   
183.87.110.11   
183.87.110.12   
183.87.110.18   
183.87.110.19   
183.87.110.20   
183.87.110.21   
183.87.110.27   
183.136.213.33  
183.212.14.130  
184.183.14.135  
185.4.149.11    
185.4.149.16    
185.4.149.17    
185.5.99.128    
185.10.208.30   
185.11.244.245  
185.12.14.98    
185.16.85.10    
185.17.65.33    
185.19.217.89   
185.22.64.141   
185.22.64.161   
185.22.234.222  
185.25.150.240  
185.36.169.109  
185.36.170.7    
185.36.170.231  
185.38.148.37   
187.243.18.196  
188.40.40.165   
188.40.52.207   
188.64.170.134  
188.65.67.86    
188.68.252.134  
188.93.232.43   
188.93.232.152  
188.93.232.160  
188.126.64.25   
188.127.255.137 
188.134.8.248   
188.138.1.124   
188.138.91.193  
188.213.212.163 
188.226.50.52   
188.226.246.219 
188.231.155.58  
189.1.171.22    
189.1.171.46    
189.1.171.47    
189.1.171.48    
189.1.171.56    
189.1.171.61    
189.1.171.83    
189.1.171.88    
189.1.171.98    
189.1.171.108   
189.1.172.15    
190.8.110.132   
190.12.72.50    
190.54.62.90    
190.100.223.232 
190.114.225.14  
190.153.188.168 
190.210.12.147  
190.210.176.14  
190.210.176.70  
190.210.176.93  
190.210.176.123 
190.210.176.155 
190.210.176.156 
190.210.176.192 
190.210.176.231 
190.210.177.78  
190.210.177.150 
190.210.177.151 
190.210.177.205 
190.210.177.213 
191.101.3.61    
192.3.19.22     
192.3.19.228    
192.3.19.237    
192.73.238.66   
192.73.238.196  
192.111.155.210 
192.199.184.22  
192.210.215.140 
192.211.53.34   
192.211.53.36   
192.211.53.40   
192.223.28.171  
192.223.28.177  
192.227.136.147 
193.0.159.203   
193.19.82.128   
193.19.82.130   
193.26.217.2    
193.26.217.3    
193.26.217.4    
193.26.217.9    
193.26.217.15   
193.26.217.16   
193.26.217.18   
193.26.217.19   
193.26.217.22   
193.26.217.30   
193.26.217.33   
193.26.217.35   
193.26.217.42   
193.26.217.47   
193.26.217.62   
193.26.217.69   
193.26.217.91   
193.26.217.101  
193.46.210.8    
193.84.64.115   
193.104.68.12   
193.104.68.14   
193.104.68.16   
193.104.68.18   
193.104.68.27   
193.104.68.34   
193.104.68.46   
193.104.68.47   
193.104.68.49   
193.104.68.63   
193.111.11.5    
193.111.156.2   
193.143.121.99  
193.143.121.251 
193.183.98.73   
193.192.58.34   
193.192.58.53   
193.192.58.55   
193.192.58.66   
193.192.58.74   
193.192.58.82   
193.192.58.97   
193.192.58.116  
193.192.58.147  
193.192.58.189  
193.192.58.191  
193.192.58.216  
193.192.58.224  
193.192.59.7    
193.192.59.19   
193.192.59.62   
193.192.59.72   
193.192.59.74   
193.192.59.153  
193.192.59.162  
193.192.59.179  
193.192.59.222  
193.192.59.225  
193.192.59.227  
193.219.1.235   
193.224.130.190 
194.50.85.25    
194.143.137.198 
194.187.130.152 
194.213.199.31  
194.246.86.32   
195.3.216.36    
195.3.216.37    
195.3.216.65    
195.3.217.136   
195.3.217.162   
195.3.217.163   
195.13.246.182  
195.26.159.90   
195.42.112.19   
195.62.17.35    
195.88.178.222  
195.90.102.60   
195.122.134.7   
195.128.18.217  
195.154.172.83  
195.158.0.126   
195.244.128.236 
195.245.9.170   
196.25.210.12   
197.221.28.66   
197.221.28.67   
197.242.147.245 
198.35.44.14    
198.46.157.131  
198.46.157.166  
198.46.157.167  
198.74.231.100  
198.199.125.105 
199.48.164.102  
199.175.53.42   
199.175.53.150  
199.189.87.77   
200.43.192.101  
200.43.192.103  
200.43.192.105  
200.43.192.111  
200.43.192.119  
200.43.192.125  
200.43.192.126  
200.43.192.133  
200.43.192.145  
200.43.192.146  
200.43.192.150  
200.43.192.152  
200.43.192.160  
200.43.192.168  
200.43.192.172  
200.43.192.180  
200.43.192.183  
200.43.192.188  
200.43.192.191  
200.43.192.199  
200.43.192.200  
200.43.192.202  
200.43.192.208  
200.43.192.214  
200.43.192.233  
200.43.192.235  
200.43.192.246  
200.70.24.62    
201.73.7.20     
201.238.222.41  
201.238.222.64  
202.97.171.132  
203.26.189.30   
203.26.189.239  
203.33.121.202  
203.33.121.205  
203.34.37.87    
203.34.186.101  
203.46.105.57   
203.46.105.60   
203.86.206.100  
203.88.202.40   
203.155.170.78  
203.160.54.28   
204.10.109.3    
206.123.66.210  
207.191.212.31  
207.244.73.38   
208.64.38.53    
208.67.252.147  
208.78.165.224  
208.78.165.225  
208.78.165.226  
208.78.165.227  
208.78.165.228  
208.84.155.86   
208.100.42.65   
208.100.42.66   
208.100.42.68   
208.100.42.73   
208.100.42.74   
208.100.42.76   
208.167.232.147 
208.167.240.101 
208.167.240.183 
208.167.243.124 
208.167.248.172 
208.167.250.18  
208.167.250.60  
208.167.250.103 
208.167.251.111 
208.167.251.148 
209.147.114.92  
209.247.83.90   
209.247.83.102  
209.247.83.227  
209.247.83.230  
210.174.202.90  
211.143.132.92  
211.154.151.6   
211.223.75.138  
212.2.154.154   
212.12.14.61    
212.16.194.66   
212.72.155.72   
212.72.155.122  
212.73.152.77   
212.76.128.3    
212.76.128.4    
212.76.128.117  
212.76.129.250  
212.76.130.138  
212.76.130.205  
212.76.137.3    
212.76.137.58   
212.76.137.86   
212.76.137.98   
212.76.137.108  
212.76.153.22   
212.80.69.60    
212.83.145.163  
212.83.151.103  
212.106.139.154 
212.106.139.165 
212.129.13.238  
212.129.28.86   
212.129.37.155  
212.168.2.34    
212.182.25.89   
212.187.208.196 
212.232.72.237  
212.233.253.99  
212.233.253.100 
212.233.253.133 
213.21.5.9      
213.64.187.197  
213.64.187.245  
213.64.252.73   
213.113.201.7   
213.135.165.234 
213.136.74.253  
213.141.143.77  
213.141.248.212 
213.175.157.26  
213.178.38.139  
213.189.52.253  
213.213.186.130 
213.234.216.138 
213.239.219.76  
213.239.219.93  
216.24.85.142   
216.52.143.56   
216.226.147.100 
216.244.76.132  
216.245.210.125 
216.246.108.212 
217.11.249.78   
217.11.249.83   
217.11.249.89   
217.11.249.92   
217.12.210.9    
217.13.106.41   
217.16.178.37   
217.18.138.23   
217.19.212.9    
217.23.5.189    
217.24.29.11    
217.67.31.247   
217.73.17.23    
217.73.17.24    
217.73.17.220   
217.73.17.221   
217.76.183.80   
217.79.184.24   
217.79.189.239  
217.79.190.111  
217.106.106.107 
217.106.106.108 
217.106.106.141 
217.112.171.103 
217.114.212.50  
217.114.212.52  
217.147.84.102  
217.147.235.161 
217.163.10.152  
217.163.23.232  
217.163.29.25   
217.163.31.230  
217.199.212.10  
217.199.213.11  
217.210.155.201 
218.18.101.18   
218.21.228.252  
218.27.19.153   
218.28.192.74   
218.61.125.43   
218.61.195.27   
218.66.238.82   
218.75.17.198   
218.90.167.178  
218.92.78.181   
218.108.56.218  
219.135.26.204  
219.138.184.92  
220.165.49.6    
221.214.164.147 
221.238.228.76  
222.73.42.24    
222.73.42.188   
222.80.142.66   
222.154.250.194

L33TGaming · 09-26-2014 , 08:49 Re: Getting attacked by a lot of UT/CS servers

Your getting a DrDOS due to one quake engine's exploit of unintentionally amplifying query messages. Your best bet is to opt for a provider with DDOS protection or else the VPS you are using is going to get null-routed regardless of what software firewall you are using. Iptables only work for DOS attacks where the attack isn't filling up your bandwidth. Once it does, iptables is only going to cause a further slowdown due to the vast amount of CPU power to automatically block the IPs.

Martijn79 · 09-26-2014 , 08:55 Re: Getting attacked by a lot of UT/CS servers

Quote:

Originally Posted by L33TGaming

Your getting a DrDOS due to one quake engine's exploit of unintentionally amplifying query messages. Your best bet is to opt for a provider with DDOS protection or else the VPS you are using is going to get null-routed regardless of what software firewall you are using. Iptables only work for DOS attacks where the attack isn't filling up your bandwidth. Once it does, iptables is only going to cause a further slowdown due to the vast amount of CPU power to automatically block the IPs.

Yeah I do have ddos protection with OVH, the incoming traffic is only up to 100 mbit which fills my pipe for 1/10th (gigabit) but my servers are going down either way despite fail2ban/iptables. I've tried almost everything but I got like 3 or 4 different type of attacks incoming and nothing helps. If someone could help I would really appreciate it.

It's a 6-core dedi btw.

nikooo777 · 09-26-2014 , 11:47 Re: Getting attacked by a lot of UT/CS servers

on what port are you getting attacked?

use tcpdump -n -X to get more details on the attacks and then you can implement efficient rules for your firewall.

If the port is something you don't use, then block it on router level (if you are with OVH, you have access to the firewall there)

I'd suggest you to contact the support aswell, they will help you.

Martijn79 · *Last edited by Martijn79; 09-26-2014 at 12:19.*

The attack is going to my game server port, I found out which attack is causing the game servers to go down.

I can easily limit and drop the DrDos packets with the following rule which works perfectly:

iptables -A INPUT -p udp -m udp --dport 27016 -m string --algo bm --hex-string '|ffffffff41|' -m limit --limit 1/s --limit-burst 1 -j LOG --log-prefix "HEX41: " --log-ip-options
iptables -A INPUT -p udp -m udp --dport 27016 -m string --algo bm --hex-string '|ffffffff41|' -m limit --limit 1/s --limit-burst 1 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 27016 -m string --algo bm --hex-string '|ffffffff41|' -j DROP

However, I found out that another attack is running with very large UDP packets, 300 - 600 length (I used tcpdump and wireshark). OVH filters the majority of them but some get through, about 6 - 10 MB/s

The packets come from random ports between 1024 and 65535 and they all start with:

HTTP/1.1 200 OK..CACHE-CONTROL : max-age=1800.. DATE: Sun, 11 Jan 1970...etc and a bunch more data

It seems like they come from people's home routers as every IP leads to a web interface. They all have the word UPNP in it as well, so it's probably UPNP enabled routers.
Now the max age and DATE is always different so I figured I would filter these packets out by doing:

iptables -A INPUT -p udp --dport 27016 -m string --to 75 --algo bm --string 'HTTP/1.1 200 OK' -j DROP

But that doesn't seem to work for some reason.

Then I ran another test and I did: iptables -A INPUT -p udp --dport 27016 -m length --length 300:600 -j DROP

And BOOM, the server came back online! However I was dropping a lot of legit packets with that as well, so the cure turned out being worse than the disease.
I feel like I'm getting very close though!

nikooo777 · 09-26-2014 , 18:20 Re: Getting attacked by a lot of UT/CS servers

can you capture some logs using tcpdump -n -X and post a link to them here? (filter them please)

I'd be more than glad to try and help you.

I lately had many DDoS attacks and i've gained some experience.

By the way, don't use bm's algorithm, it's less efficient in small strings. KMP is better in this case

Martijn79 · 09-27-2014 , 06:35 Re: Getting attacked by a lot of UT/CS servers

Quote:

Originally Posted by nikooo777

can you capture some logs using tcpdump -n -X and post a link to them here? (filter them please)

I'd be more than glad to try and help you.

I lately had many DDoS attacks and i've gained some experience.

By the way, don't use bm's algorithm, it's less efficient in small strings. KMP is better in this case

Alright that's the first change I'll make. I just got attacked again and have a tcpdump right here:

https://mega.co.nz/#!bl1F2JgC!NhzLba...UEiliN3-4i9TsM

Thanks for helping out I really appreciate it!

Martijn79 · 09-27-2014 , 06:52 Re: Getting attacked by a lot of UT/CS servers

HUGE UPDATE! Switching to algo kmp looks like it did the trick!!! These are my rules now and work! (for now) I got a huge log now of SSPD floods:

Code:

Sep 27 12:51:21 rbx02 kernel: [137289.347613] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=213.119.107.55 DST=178.33.138.8 LEN=375 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=UDP SPT=37908 DPT=27016 LEN=355
Sep 27 12:51:21 rbx02 kernel: [137289.347722] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=180.138.100.186 DST=178.33.138.8 LEN=397 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=38041 DPT=27016 LEN=377
Sep 27 12:51:21 rbx02 kernel: [137289.347771] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=180.138.100.186 DST=178.33.138.8 LEN=397 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=38043 DPT=27016 LEN=377
Sep 27 12:51:21 rbx02 kernel: [137289.347793] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=171.104.168.58 DST=178.33.138.8 LEN=411 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=60019 DPT=27016 LEN=391
Sep 27 12:51:21 rbx02 kernel: [137289.347842] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=171.104.168.58 DST=178.33.138.8 LEN=411 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=60018 DPT=27016 LEN=391
Sep 27 12:51:21 rbx02 kernel: [137289.347922] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=1.81.153.215 DST=178.33.138.8 LEN=524 TOS=0x00 PREC=0x00 TTL=45 ID=14085 PROTO=UDP SPT=52932 DPT=27016 LEN=504
Sep 27 12:51:21 rbx02 kernel: [137289.348010] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=222.181.175.28 DST=178.33.138.8 LEN=309 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=32773 DPT=27016 LEN=289
Sep 27 12:51:21 rbx02 kernel: [137289.348080] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=180.138.106.191 DST=178.33.138.8 LEN=417 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=45032 DPT=27016 LEN=397
Sep 27 12:51:21 rbx02 kernel: [137289.348264] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=222.65.225.64 DST=178.33.138.8 LEN=417 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=36996 DPT=27016 LEN=397
Sep 27 12:51:21 rbx02 kernel: [137289.348391] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=220.177.197.64 DST=178.33.138.8 LEN=367 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=37023 DPT=27016 LEN=347
Sep 27 12:51:21 rbx02 kernel: [137289.348551] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=111.73.67.150 DST=178.33.138.8 LEN=426 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=58992 DPT=27016 LEN=406
Sep 27 12:51:21 rbx02 kernel: [137289.348618] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=222.71.61.245 DST=178.33.138.8 LEN=411 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=52468 DPT=27016 LEN=391
Sep 27 12:51:21 rbx02 kernel: [137289.348638] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=94.224.37.74 DST=178.33.138.8 LEN=365 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=UDP SPT=49628 DPT=27016 LEN=345
Sep 27 12:51:21 rbx02 kernel: [137289.348821] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=113.15.82.129 DST=178.33.138.8 LEN=417 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=52819 DPT=27016 LEN=397
Sep 27 12:51:21 rbx02 kernel: [137289.349034] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=27.17.244.215 DST=178.33.138.8 LEN=516 TOS=0x00 PREC=0x00 TTL=45 ID=12566 PROTO=UDP SPT=63224 DPT=27016 LEN=496
Sep 27 12:51:21 rbx02 kernel: [137289.349095] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=186.151.214.45 DST=178.33.138.8 LEN=296 TOS=0x00 PREC=0x00 TTL=48 ID=13277 DF PROTO=UDP SPT=3264 DPT=27016 LEN=276
Sep 27 12:51:21 rbx02 kernel: [137289.349190] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=180.165.107.144 DST=178.33.138.8 LEN=358 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=54350 DPT=27016 LEN=338
Sep 27 12:51:21 rbx02 kernel: [137289.349269] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=187.127.117.214 DST=178.33.138.8 LEN=423 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=3108 DPT=27016 LEN=403
Sep 27 12:51:21 rbx02 kernel: [137289.349350] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=171.104.106.240 DST=178.33.138.8 LEN=422 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=35279 DPT=27016 LEN=402
Sep 27 12:51:21 rbx02 kernel: [137289.349410] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=183.128.121.165 DST=178.33.138.8 LEN=309 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=32773 DPT=27016 LEN=289
Sep 27 12:51:21 rbx02 kernel: [137289.349493] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=78.20.192.12 DST=178.33.138.8 LEN=301 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=38163 DPT=27016 LEN=281
Sep 27 12:51:21 rbx02 kernel: [137289.350069] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=186.151.165.81 DST=178.33.138.8 LEN=335 TOS=0x00 PREC=0x00 TTL=47 ID=19873 DF PROTO=UDP SPT=1748 DPT=27016 LEN=315
Sep 27 12:51:21 rbx02 kernel: [137289.350189] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=171.104.224.134 DST=178.33.138.8 LEN=358 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=34864 DPT=27016 LEN=338
Sep 27 12:51:21 rbx02 kernel: [137289.350331] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=178.94.161.158 DST=178.33.138.8 LEN=300 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=32768 DPT=27016 LEN=280
Sep 27 12:51:21 rbx02 kernel: [137289.350557] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=111.113.205.9 DST=178.33.138.8 LEN=504 TOS=0x00 PREC=0x00 TTL=44 ID=39020 PROTO=UDP SPT=4971 DPT=27016 LEN=484
Sep 27 12:51:21 rbx02 kernel: [137289.350813] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=171.110.170.72 DST=178.33.138.8 LEN=417 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=37951 DPT=27016 LEN=397
Sep 27 12:51:21 rbx02 kernel: [137289.351241] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=180.119.229.190 DST=178.33.138.8 LEN=442 TOS=0x00 PREC=0x00 TTL=44 ID=57022 PROTO=UDP SPT=4032 DPT=27016 LEN=422
Sep 27 12:51:21 rbx02 kernel: [137289.351247] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=180.157.23.44 DST=178.33.138.8 LEN=397 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=57829 DPT=27016 LEN=377
Sep 27 12:51:21 rbx02 kernel: [137289.351289] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=180.119.229.190 DST=178.33.138.8 LEN=506 TOS=0x00 PREC=0x00 TTL=44 ID=57023 PROTO=UDP SPT=4032 DPT=27016 LEN=486
Sep 27 12:51:21 rbx02 kernel: [137289.351327] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=180.157.56.65 DST=178.33.138.8 LEN=397 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=59823 DPT=27016 LEN=377
Sep 27 12:51:21 rbx02 kernel: [137289.351460] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=78.21.40.148 DST=178.33.138.8 LEN=365 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=UDP SPT=46259 DPT=27016 LEN=345
Sep 27 12:51:21 rbx02 kernel: [137289.354486] SSPD-FLOOD: IN=eth0 OUT= MAC=0c:c4:7a:0f:1c:de:c8:f9:f9:59:b7:00:08:00 SRC=179.25.163.240 DST=178.33.138.8 LEN=412 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=36180 DPT=27016 LEN=392

Here's my rules now:

Code:

# Flush rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F PREROUTING
iptables -t raw -F OUTPUT

# List policies
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# SSPD redirection attack
iptables -A INPUT -p udp --dport 27016 -m string --to 75 --algo kmp --string 'HTTP/1.1 200 OK' -j LOG --log-prefix "SSPD-FLOOD: " --log-ip-options
iptables -A INPUT -p udp --dport 27016 -m string --to 75 --algo kmp --string 'HTTP/1.1 200 OK' -j DROP

# Drop invalid UDP packets
iptables -A INPUT -p udp --dport 27016 -m length --length 0:32 -j DROP
iptables -A INPUT -p udp --dport 27016 -m length --length 2521:65535 -j DROP

# HEX 41
iptables -A INPUT -p udp -m udp --dport 27016 -m string --algo bm --hex-string '|ffffffff41|' -m limit --limit 1/s --limit-burst 1 -j LOG --log-prefix "HEX41: " --log-ip-options
iptables -A INPUT -p udp -m udp --dport 27016 -m string --algo bm --hex-string '|ffffffff41|' -m limit --limit 1/s --limit-burst 1 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 27016 -m string --algo bm --hex-string '|ffffffff41|' -j DROP

# HEX 44
iptables -A INPUT -p udp -m udp --dport 27016 -m string --algo bm --hex-string '|ffffffff44|' -m limit --limit 1/s --limit-burst 1 -j LOG --log-prefix "HEX44: " --log-ip-options
iptables -A INPUT -p udp -m udp --dport 27016 -m string --algo bm --hex-string '|ffffffff44|' -j DROP

# Connection tracking
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow public services
iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 22 -j ACCEPT

# Accept filtered game server port
iptables -A INPUT -p udp --dport 27016 -j ACCEPT

# Drop anything else not matching above rules
iptables -A INPUT -p udp -j DROP
iptables -A INPUT -p tcp -j DROP
iptables -A INPUT -j DROP

OMG man I don't know how to thank you! This is awesome server is getting major hits and they all just keep playing!!

Martijn79 · 09-27-2014 , 07:34 Re: Getting attacked by a lot of UT/CS servers

Well, the minute I dropped the attack I got a new one, something with all 00000000

http://s27.************/d1xysas2b/Untitled.png

nikooo777 · *Last edited by nikooo777; 09-27-2014 at 14:35.*

easy to null as well!

by the way your rules there still use bm, i'd suggest you to switch to kmp too ;)

also if you know where to look at, then use --from and --to to limit the CPU usage when searching for the match.

here is an example i implemented to block source queries on multiple ports (DON'T do that unless you know what it does)

Code:

iptables -A INPUT -p udp -m udp -m multiport --dports 25015,27025,27035,27045,27055,27065,27075,27085,27095 -m state --state NEW --match string --algo kmp --from 32 --to 48 --hex-string '|54536f7572636520456e67696e652051|' -j DROP

Code:

22:45:17.034811 IP (tos 0x24, ttl 111, id 2673, offset 0, flags [none], proto UDP (17), length 53)
    85.218.205.237.21908 > XXX.XXX.142.159.27085: [udp sum ok] UDP, length 25
	0x0000:  4524 0035 0a71 0000 6f11 6901 55da cded  E$.5.q..o.i.U...
	0x0010:  25bb 8e9f 5594 69cd 0021 a96e ffff ffff  %...U.i..!.n....
	0x0020:  5453 6f75 7263 6520 456e 6769 6e65 2051  TSource.Engine.Q
	0x0030:  7565 7279 00                             uery.

Edit: it's good that you log what happens, but logging an attack is not a good idea. if he sends something like 200Kpps you'll end up filling up your HDD/SSD quickly! (other than waste CPU cycles and HDD IO cycles)