NEW VERSION BELOW (POST 3)
Like I wrote here there is a getstatus exploit activly used, which could spoil the gameserver performance.
See the link above for detailed informations.
Yada from Staatsschutz released a patch for ET 2.60B to work against the exploit by responding only one getstatus query per IP all 4 seconds.
Since not everyone is happy with the patch (server is shown as laggy in HLSW aso....), I took the time to build a (quick and dirty!!!!) bash script to check the abuse of getstatus queries and block the attacking IP (even if it is spoofed) with the linux firewall iptables.
Requirements:
To run this script , your server need the following tools:
GNU-Tools (cat, grep aso... standard for each linux)
tcpdump
iptables
View the code |
Small explaination:
The script capture a number of tcp packets (set in the line CNT= ...)
After they were captured, the script looks for request sources, where more than a limit (ALARM=...) of "getstatus" queries are originated.
If the count from an IP hit the limit, the script check if the IP is allready blocked by IPTables.
If this isn`t done yet, the script add the "new" IP to iptables, so that packets from this IP will be dropped in the future.
How to use this:
Copy the code to a textfile on your server, make it executable (chmod +x YourScriptName)
and execute it.
last changed by schnoog am 31.01.2011 - 21:47:28