1

My servers are getting UDP-flooded with spoofed source IP addresses. They flood with real user packets so I cannot rate limit or block these packets.

Is there a way to drop the first packet received from an IP and accept the next ones?

They only send 1 packet per random IP. This may help me to filter this attack.

Mat
  • 1,536
  • 1
  • 17
  • 21
Emin Altintas
  • 11
  • 1
  • I don't know if iptables can do what you are asking for. What I can tell you is that any implementation of what you ask for (iptables or otherwise) is only going to make the attack marginally harder for the attacker to pull off. Moreover it will introduce three new ways your service could become inaccessible to legitimate users. Instead of trying to treat symptoms, you should focus on the real problem, which is the protocol you are running on top of UDP. I can only give you more advice once I know what protocol that is. – kasperd Oct 26 '15 at 16:54
  • 1
    How is the flood harming you? Is it overwhelming the CPU? Congesting a link? Or what? Where is the firewall relative to the server that is under attack? You're asking how to implement something that you think will solve the problem without explaining to us what the problem is, and that's likely to get you answers that won't solve the actual problem. – David Schwartz Oct 26 '15 at 18:36
  • Sorry i forgot to specify that. i am running CSGO Game Servers. – Emin Altintas Oct 26 '15 at 20:36
  • it won't make the service inaccessable as CSGO Retrys to send packets until it gets the query result to user this wouldn't even effect anything. – Emin Altintas Oct 26 '15 at 20:37

0 Answers0