Mitigating and Handling Medal of Honor Server Specific Attacks (getstatus, getchallenge, getinfo)
Linux Servers:
If your Linux game server is getting DDoS'd through getstatus and getchallenge requests, you may want to first try the below iptables rules:
Code:
iptables -A INPUT -p UDP -m length --length 20:512 -m recent --set --name getstatus_cod
iptables -A INPUT -p UDP -m string --algo bm --string "getstatus" -m recent --update --seconds 1 --hitcount 2 --name getstatus_cod -j DROP
iptables -A INPUT -p UDP -m string --algo bm --string "getchallenge" -m recent --update --seconds 1 --hitcount 2 --name getstatus_cod -j DROP
These rules can be deleted by running the following commands:
Code:
iptables -D INPUT -p UDP -m string --algo bm --string "getstatus" -m recent --update --seconds 1 --hitcount 2 --name getstatus_cod -j DROP
iptables -D INPUT -p UDP -m string --algo bm --string "getchallenge" -m recent --update --seconds 1 --hitcount 2 --name getstatus_cod -j DROP
iptables -D INPUT -p UDP -m length --length 20:512 -m recent --set --name getstatus_cod
If those rules do NOT help, I found this very interesting link with several ideas on how to handle getstatus and getchallenge flooding on Linux servers.
http://icculus.org/pipermail/cod/2012-March/016028.html
Windows Servers:
For Windows servers, I would recommend trying ESET Smart Security. It has a decent firewall that may be able to help with this issue. You can also try Joto's GSProtector.
Comodo's free firewall also seems pretty good if you're looking for a free possible solution:
https://www.comodo.com/home/internet...y/firewall.php
It is just initially very annoying due to all of its alerts, but it is quite powerful.