Rules in iptables [Anti Tsource querry]

This is used for general discussion that is not necessarily server-related.
Post Reply
cesita04
New to forums
New to forums
Posts: 3
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Mon Jul 11, 2016 5:26 am

Rules in iptables [Anti Tsource querry]

Post by cesita04 »

attack type TSource.Engine.Query

Code: Select all

01:49:43.277412 IP (tos 0x28, ttl 61, id 32425, offset 0, flags [none], proto UDP (17), length 53)
    186.182.110.156.20385 > 74.91.127.xx.xxxxx: UDP, payload 25
    0x0000:  4528 0035 7ea9 0000 3d11 0be3 bab6 6e9c  E(.5~...=.....n.
    0x0010:  4a5b 7f56 4fa1 6984 0021 94c8 ffff ffff  J[.VO.i..!......
    0x0020:  5453 6f75 7263 6520 456e 6769 6e65 2051  TSource.Engine.Q
    0x0030:  7565 7279 00                             uery.
01:49:43.277459 IP (tos 0x28, ttl 32, id 63877, offset 0, flags [none], proto UDP (17), length 53)
    186.18.56.242.24573 > 74.91.127.xx.xxxxx: UDP, payload 25
    0x0000:  4528 0035 f985 0000 2011 e454 ba12 38f2  E(.5.......T..8.
    0x0010:  4a5b 7f56 5ffd 6984 0021 baba ffff ffff  J[.V_.i..!......
    0x0020:  5453 6f75 7263 6520 456e 6769 6e65 2051  TSource.Engine.Q
    0x0030:  7565 7279 00                             uery.
01:49:43.277466 IP (tos 0x28, ttl 54, id 5278, offset 0, flags [none], proto UDP (17), length 53)
    186.143.192.186.25446 > 74.91.127.xx.xxxxx: UDP, payload 25
    0x0000:  4528 0035 149e 0000 3611 2af7 ba8f c0ba  E(.5....6.*.....
    0x0010:  4a5b 7f56 6366 6984 0021 2f0c ffff ffff  J[.Vcfi..!/.....
    0x0020:  5453 6f75 7263 6520 456e 6769 6e65 2051  TSource.Engine.Q
    0x0030:  7565 7279 00                             uery.
01:49:43.277469 IP (tos 0x0, ttl 233, id 25187, offset 0, flags [none], proto UDP (17), length 53)
    186.150.42.68.25284 > 74.91.127.xx.xxxxx: UDP, payload 25
    0x0000:  4500 0035 6263 0000 e911 c0c8 ba96 2a44  E..5bc........*D
    0x0010:  4a5b 7f56 62c4 6984 0021 c61d ffff ffff  J[.Vb.i..!......
    0x0020:  5453 6f75 7263 6520 456e 6769 6e65 2051  TSource.Engine.Q
these configurations helped me to prevent these attacks, I hope that it will be useful to all

iptables -I INPUT -p udp -m u32 --u32 "26&0xFFFF=0xfeff" -j DROP
iptables -I INPUT -p udp -m u32 --u32 "24&0xffff=0x0000" -j DROP

or

block udp in firewall nfo

of this length/range: 53

with bpf applying these tests: ip[28:4]=0xffffffff and ip[32]=0x54
Top
User avatar
Edge100x
Founder
Founder
Posts: 12947
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:
Contact Edge100x

Re: Rules in iptables [Anti Tsource querry]

Post by Edge100x »

As an important note, blocking all these queries (which are called A2S_INFO queries by Valve and Source engine queries in some places, like our Firewall page) is not advisable if you run a game that uses them, as it will make clients unable to see the server. In that case, it is usually best to rate-limit them or use a more specific filter. Our Firewall page has an example rule for rate-limiting Source queries.
Top
cesita04
New to forums
New to forums
Posts: 3
Joined: Mon Jul 11, 2016 5:26 am

Re: Rules in iptables [Anti Tsource querry]

Post by cesita04 »

If that also helps but the way I put it also helped me because they were attacking me daily :? When you can read my ticket 836713 please, I urge your help :cry:
Top
Post Reply

Return to “General”