[DDOS] Random Attacks (Packets) HELP! (IPTABLE EXPERT)

help me plzzzz

Seeing as he is spoofing the ip I doubt you are going to be able to get his real ip unless you can somehow get his ip from when he is in game.
[Might be wrong though]

I may be able to help, having successfully stopped attacks such as these on my own server in the past - I’ve added you on Steam

i need help for

You can drop or block the ip(s) by doing: route add -host IPHERE reject

i blocked the ip

Yes but start blocking a few and he should start to stop sooner or later.

thanks it not working but why

Usually stopping a few will stop most of the attack. And if on the same machine maybe the whole attack.

Is it a Real DDoS (overloading the server) or is it just overloading srcds ?

If it’s just overloading Srcds, you can use serversecure3 as a source plugin.

i tried but not work

I’ve taken a look at the dumps and the rules you have in place, I basically came up with the same rule you already had in place that should be working, but you seem to have added extra stuff that’s breaking your working rule.

Something like this might work:



iptables -F
iptables -X
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p udp --dport 27015 -m length --length 0:32 -j DROP
iptables -A INPUT -p tcp -m multiport --dports 22,27015 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp --dport 27015 -m string --to 40 --algo bm --hex-string '|fffffffe|' -j DROP
iptables -A INPUT -p udp --dport 27015 -m length --length 2521:65535 -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --dport 27015 -m state --state NEW -m string --to 40 --algo bm --hex-string '|ffffffff|' -j ACCEPT
iptables -A INPUT -j DROP


still not works helps

-snip snap-

i still can’t k,ow

oops, i just saw, i’ll take it back.
Please rate me dumb

Anyways, my friend was working on a custom firewall software which redirects all bigger packets and tries to keep the legit one.

Not sure if he is still working on it, i’ll ask him asap

help me please guys ! i really need you

That’s a query spam attack, I think there’s a plugin you can get that caches query responses, I’ll have a look later if you can’t find anything.

plzzzz guys i need help

why it is not work for me or not