Last weeks, the spread of csdos.pl, a perl script that aimed to take down
Counter Strike 1.6 server, is on rise. One of my servers is suffered from this attack and force me to take an action to prevent them. The solutions is using
iptables with string match support. I found an example of iptables rule on the net, but it doesn’t work for the current version of Linux kernel.
After several trial and error, here is the final result of the rule:
/sbin/iptables -A INPUT -p udp --dport 27015:27020 -m string --algo kmp --string "f0ef8a36258af1bb64ed866538c9db76" -j LOG /sbin/iptables -A INPUT -p udp --dport 27015:27020 -m string --algo kmp --string "f0ef8a36258af1bb64ed866538c9db76" -j DROP |
This rule will prevent somebody send the exploit
to ports 27015 to 27020. Or, another approach is your server is behind the router and able to drop certain string like
mikrotik, just insert the rule to drop the magic string
f0ef8a36258af1bb64ed866538c9db76 as described on this forum.
0 comments:
Post a Comment