Solution to attacks abusing connection packets?

Note: Sorry if I am not giving enough information, I don’t know much about networking.

My server has been offline for around 3 days so far, the information I have from my host (NFOServers) is that the packet they are spamming is a “connection packet” so blocking it would block legit traffic also so that isn’t much of a solution.

It’s been 3 days and I really would like to find a solution, the game server is Garry’s Mod.

Packet example from wireshark capture: http://puu.sh/9h41v/144c5fc457.png

Any help you can provide is much appreciated.

Is it possible to get a copy of the whole dump?

I’m not sure if will be possible to block this kind of attack though :confused:

Does nfo servers allow you to enter iptables entries manually?

Pretty sure the client port is always 27005 unless they change it in the console. I know nfo has the ability to play with iptables.

drop any udp packets of length 62 to port 27015 that aren’t from port 27005.

I wouldn’t have said that in public in case the attackers were watching this thread.
But the packet length for the one shown is actually 48 bytes

Would that stop any serverqueries? From what I can see they’re not originating from 27005.

No it wouldn’t.

Server queries are shorter than 62 bytes.
But also, this attack is not 62 bytes so it wouldn’t stop that either.