LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to block too many UDP connections to certain ports (http://www.linuxquestions.org/questions/linux-security-4/how-to-block-too-many-udp-connections-to-certain-ports-4175422542/)

farenheitcx 08-16-2012 11:56 PM

How to block too many UDP connections to certain ports
 
Hi guys, I have a dedicated server for Counter Strike, sure you know the game, but my problem is not the game, is about the security of the server.
Today I noticed that my server is under a kind of flood attacks over udp ports, but this not causing high traffic in network bandwith or server resources like CPU or RAM. Otherwise the ports used by the game server have many packets connects at the same time, more than 1000 and that cause high ping response for server status querys.

This is the netstat output:

Code:

udp    5888      0 192.168.0.100:15811      0.0.0.0:*
udp    3680      0 192.168.0.100:15816      0.0.0.0:*

How I can prevent this with iptables? What is the exactly steaps to prevent against this kind of attack? Thanks in adavance

Noway2 08-17-2012 08:47 AM

Game servers can be tricky beasts that are frequently targeted for attacks. Responding to them can be even more tricky, making a simply "do this" answer to your question difficult. My recommendation, assuming you haven't already, would be to review these threads, some of which go into great detail regarding stopping UDP floods on game servers.

http://www.linuxquestions.org/questi...attack-908100/
and
http://www.linuxquestions.org/questi...tables-910971/


All times are GMT -5. The time now is 09:01 AM.