Preventing Counter Strike DoS with iptables
Last weeks, the spread of csdos.pl, a perl script that aimed to take down Counter Strike 1.6 server, is on rise. One of my servers is suffered from this attack and force me to take an action to prevent them. The solutions is using iptables with string match support. I found an example of iptables rule on the net, but it doesn’t work for the current version of Linux kernel.
After several trial and error, here is the final result of the rule:
/sbin/iptables -A INPUT -p udp --dport 27015:27020 -m string --algo kmp --string "f0ef8a36258af1bb64ed866538c9db76" -j LOG /sbin/iptables -A INPUT -p udp --dport 27015:27020 -m string --algo kmp --string "f0ef8a36258af1bb64ed866538c9db76" -j DROP
This rule will prevent somebody send the exploit to ports 27015 to 27020. Or, another approach is your server is behind the router and able to drop certain string like mikrotik, just insert the rule to drop the magic string f0ef8a36258af1bb64ed866538c9db76 as described on this forum.
Random Posts:
← Menyembelih Kambing Postfix TLS dan SASL Dengan Menggunakan MySQL →
on 8 January 2008 10:01:47 WIB
Mozilla Firefox 1.5.0.13pre on 
Ubuntu Linux
1 Comment