For the past couple of months, the European TF2 scene has been under attack of a rather old DoS exploit that exists in all servers running the Orange Box engine. The script kiddie floods the server with bogus requests for the server and player info. Responding to these requests takes about 4 times as much bandwidth and much more CPU power than asking for it. This makes it possible for a single attacker to take down a gameserver.
Over the past few weeks Ronny of nice-servers.com and I have worked on solutions for this problem. First I’ve created a whitelisting system, blocking all access to a gameserver except for trusted IP addresses. Meanwhile Ronny worked on a more friendly solution, and today we present the script that has kept our gameservers safe for now.
It works by limiting the amount of player and server info request that can be sent to the gameserver per second. This way an attacker can’t overwhelm the gameserver with these requests. We currently limit this to 20 request per second per server, but you might have to experiment with upping/lowering these values for best results. The only side-effect of this solution is that the server will not be visible in the server browser during an attack, but you can still connect to it normally through the ‘connect’ command in console.
If you’re one of the few people that operates a Linux dedicated server, you can implement this fix yourself by using our script. If you’re renting a gameserver from a GSP, you’ll need to contact the GSP and request that he implements our fix or a similar solution.
It’s important to note that this fix doesn’t prevent players from being attacked directly. It’s therefore still very important for players to make sure their IPs aren’t known to the attacker. The easiest way for an attacker to find out your IP is for him to hop on to Quakenet and check out your clan’s channel. By default an IP will show up using a simple ‘whois’ on the person being targeted. Please use ‘//mode $me +x’ (for mIRC users) to hide your IP on Quakenet.
View/download the script here: pastie.org