[last_hope]

Quote:

Originally Posted by guven5 i am not sure update solve flood attack, i did update but all looks like same

Of course! Because all servers must be updated!!!
You updated your server, so, bad guyz can't use your server, but they still can use thousands other...

[lickshot]

Bad news guys - some server admins noticed that their outgoing upload was much higher than normal with 0 players in their servers. This doesn't affect the lag or ping of the players in the servers. Today I also noticed a rise in the outgoing upload on all of my servers so I made a traffic dump of a server with 0 players. My server was receiving packets from random IPs and was answering to them with the same info (1400 length) packets which we receive when being flooded. I am with the latest 5758 build on all of my servers.

[asherkin]

Quote:

Originally Posted by Zephyrus if this is the case, its not an exploit, its a simple reflected DDOS attack and has nothing to do with valve and hlds

Amplification vectors for DRDoS attacks are exploits. Which this is.

[joropito]

The latest update doesn't fix the bug.

I was able to block this using iptables.

For those who can prove they have STEAM SERVERS and they are running under linux, I will share this information.

I will not post here in public because this information let you reproduce the exploit.

EDIT:

I was testing with a non up to date server. After updating I found it's fixed.

[lickshot]

Quote:

Originally Posted by joropito The latest update doesn't fix the bug. I was able to block this using iptables. For those who can prove they have STEAM SERVERS and they are running under linux, I will share this information. I will not post here in public because this information let you reproduce the exploit.

You have a pm.

[mabaclu]

joropito said it is fixed in the new update
@lickshot thanks for reporting it in the mailing lists and ignoring people that say "it's just a ddos"

[guven5]

attack from Quad ip in same time, also 2 different packet lenght... length 9 and length 5 (for me)
attack algorythm always changing, it never try banned ip again

God mercy us

[joropito]

Users having the same behaviour after updating engine are using dproto.

Disable dproto an you will be safe.

[lickshot]

Quote:

Originally Posted by joropito Users having the same behaviour after updating engine are using dproto. Disable dproto an you will be safe.

No dproto, 4mbps outgoing from the port without any players in the server?

[joropito]

Quote:

Originally Posted by lickshot No dproto, 4mbps outgoing from the port without any players in the server?

Show the output of

rcon meta list
rcon version