Results 1 to 5 of 5
  1. #1
    Join Date
    May 2012
    Posts
    832

    Need help with UDP short packet/bad checksum exploit

    Someone has been closing important processes/applications on my server using UDP short packet/bad checksum exploit:

    Oct 19 23:13:23 ns308xxx kernel: [94000.179795] UDP: bad checksum. From 187.170.80.88:65535 to 94.23.xxx.xxx:1047 ulen 23
    Oct 19 23:15:36 ns308xxx kernel: [94132.258814] UDP: bad checksum. From 187.151.153.198:65535 to 94.23.xxx.xxx:1047 ulen 23
    ct 19 19:15:47 ns308xxx kernel: [79751.056498] UDP: short packet: From 112.135.47.60:51506 70/67 to 94.23.xxx.xxx:1035
    Oct 19 19:15:47 ns308xxx kernel: [79751.076576] UDP: short packet: From 112.135.47.60:51506 70/67 to 94.23.xxx.xxx:1035
    Oct 19 20:00:50 ns308xxx kernel: [82452.922808] UDP: short packet: From 62.165.217.91:4358 49320/66 to 94.23.xxx.xxx:1044

    I host some call of duty game servers for my own gaming community & some friends also.A few months ago, we had shifted from leaseweb & hetzner to OVH only because of the DDOS protection.But now they are using other exploits to close our servers.

    Is there anyway I can secure my server from such exploits? Any help would be highly appreciated.Thank you

  2. #2
    Join Date
    Mar 2003
    Location
    WebHostingTalk
    Posts
    16,967
    Moved > Hosting Security and Technology .
    Specially 4 You
    .
    JoneSolutions.Com ( Jones.Solutions ) is on the net 24/7 providing stable and reliable web hosting solutions and services since 2001

  3. #3
    Join Date
    Oct 2013
    Posts
    45
    Do you use the UDP Protocol in this IP you are receiving the attack ?

    If not, just drop all the UDP packets there.
    HyperFilter DDoS Protection Solutions
    Specializing in DDoS Protected Hosting Services such as:
    Dedicated Servers - Colocation - WebHosting - Domain Registration - Remote Protection Services
    Exclusive management panel for attack reporting available for all services.

  4. #4
    Join Date
    May 2012
    Posts
    832
    Quote Originally Posted by MrTony View Post
    Do you use the UDP Protocol in this IP you are receiving the attack ?

    If not, just drop all the UDP packets there.
    To the best of my knowledge, call of duty traffic uses UDP protocol to connect.So, can't drop all UDP packets unfortunately.

  5. #5
    Join Date
    Sep 2012
    Location
    Europe
    Posts
    92
    You might need to close the ports 1035-1047, if you have an access to your firewall.
    But in any case it might expand into a DDoS attack, so best advice is to get a server with ddos protection at some point and just make the hosting tech support to handle this matter.

Similar Threads

  1. Any bad experiences with (short) .ccTLD's outside Europe/US?
    By mobilespecialists in forum Domain Names
    Replies: 2
    Last Post: 02-08-2013, 09:37 AM
  2. Rootkit Hunter - bad, warning and checksum, readouts
    By Philco in forum Hosting Security and Technology
    Replies: 6
    Last Post: 08-09-2004, 01:55 PM
  3. Data Packet.Net bad
    By vggd in forum Web Hosting
    Replies: 8
    Last Post: 07-09-2004, 09:34 AM
  4. SSH: Bad Packet Length
    By SynHost in forum Hosting Security and Technology
    Replies: 8
    Last Post: 01-17-2003, 11:46 PM
  5. UDP packet requested from Windows Core Kernel?!?!?
    By Ryu91482 in forum Web Hosting Lounge
    Replies: 10
    Last Post: 08-19-2001, 08:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •