[ErickOwnZ]

Quote:

Originally Posted by MohanedZzZ Great job but the problem is, They can get a new false ips. Today i bought 252 static ip with 30$ from my Internet company. Thats the problem.

Yes, we know. The attack is spoofed, you will not be able to block it directly by SA-MP itself.

We had to develop a filtering scheme and C to compile with the kernel of our firewall to confirm the connections before moving to the sa-mp / server client.

One example is synproxy used by several companies as: Arbor, Cisco, Brocade, Juniper and others... It's used to mitigate TCP L7 SYN attacks.

SYNPROXY Example:



So, we have developed the same system to UDP protocol. Especially for the query / SA-MP packets.

Example of the attack:

16:20:04.046961 IP (tos 0x24, ttl 109, id 57678, offset 0, flags [none], proto UDP (17), length 32)
30.176.241.167.28966 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.046968 IP (tos 0x24, ttl 109, id 43415, offset 0, flags [none], proto UDP (17), length 32)
105.160.211.82.30292 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.046969 IP (tos 0x24, ttl 109, id 36130, offset 0, flags [none], proto UDP (17), length 32)
214.190.88.169.29204 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.046970 IP (tos 0x24, ttl 109, id 20510, offset 0, flags [none], proto UDP (17), length 32)
72.235.89.217.30287 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.046973 IP (tos 0x24, ttl 109, id 62565, offset 0, flags [none], proto UDP (17), length 32)
161.201.8.98.30494 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.046975 IP (tos 0x24, ttl 109, id 65440, offset 0, flags [none], proto UDP (17), length 32)
119.50.189.26.29202 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.046981 IP (tos 0x24, ttl 109, id 55045, offset 0, flags [none], proto UDP (17), length 32)
150.29.236.112.30579 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.046985 IP (tos 0x0, ttl 128, id 7806, offset 0, flags [none], proto UDP (17), length 39)
192.95.52.47.cbt > 189.74.61.200.59551: [udp sum ok] UDP, length 11
16:20:04.046996 IP (tos 0x24, ttl 109, id 8652, offset 0, flags [none], proto UDP (17), length 32)
112.91.138.244.30459 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.046997 IP (tos 0x24, ttl 109, id 48391, offset 0, flags [none], proto UDP (17), length 32)
3.151.36.155.29213 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.047003 IP (tos 0x24, ttl 109, id 39803, offset 0, flags [none], proto UDP (17), length 32)
202.158.192.227.30517 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.047004 IP (tos 0x24, ttl 109, id 52031, offset 0, flags [none], proto UDP (17), length 32)
190.176.9.176.30518 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.047008 IP (tos 0x24, ttl 109, id 11801, offset 0, flags [none], proto UDP (17), length 32)
84.125.96.211.30589 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.047024 IP (tos 0x24, ttl 109, id 28993, offset 0, flags [none], proto UDP (17), length 32)
209.70.169.49.30507 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.047027 IP (tos 0x24, ttl 109, id 62759, offset 0, flags [none], proto UDP (17), length 32)
70.227.245.234.30586 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.047044 IP (tos 0x24, ttl 109, id 39924, offset 0, flags [none], proto UDP (17), length 32)
49.96.89.155.30526 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.047046 IP (tos 0x24, ttl 109, id 45617, offset 0, flags [none], proto UDP (17), length 32)
108.230.209.166.30570 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.047050 IP (tos 0x24, ttl 109, id 2171, offset 0, flags [none], proto UDP (17), length 32)
80.169.246.14.30476 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.047056 IP (tos 0x24, ttl 109, id 40458, offset 0, flags [none], proto UDP (17), length 32)
193.72.190.64.30583 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4
16:20:04.047067 IP (tos 0x24, ttl 109, id 5411, offset 0, flags [none], proto UDP (17), length 32)
46.155.105.80.30601 > 192.95.52.35.cbt: [udp sum ok] UDP, length 4