Forum

Results 1 to 5 of 5
  1. #1
    Join Date
    June 2012
    Location
    Portugal
    Posts
    317

    Max size per UDP packet?

    Hi, one of my friends had a 400-500Mbits DDoS bandwidth exhaustion attack running on his port. While the attack didn't do anything in terms of packet loss, it was running for hours and ate about 1TB traffic.

    I captured traffic with tcpdump and the max packet I found for legit traffic was ~170bytes.
    Can I block packets over 200-250 bytes? The attack was all 400+ bytes per packet. If it is possible to confirm that there aren't packets larger than this I will apply the rule right now.

    Edit: By tcpdump running for a few mins it seems the max request is 542 bytes. I set a rule to accept 1 to 600 bytes packets and is working fine.
    Last edited by barricas; December 30th, 2013 at 06:26 PM.

  2. #2
    Join Date
    July 2006
    Posts
    1,600
    An udp paket can be up to 65535 bytes of size. I think one of the developers can tell us how big a regular paket can currently get with highest codec settings within the teamspeak3 protocol

  3. #3
    Join Date
    June 2012
    Location
    Portugal
    Posts
    317
    Yes I'm asking for TS related. The max I found is 542 bytes.
    Limiting max in firewall to 600 did not cause any problems yet.

  4. #4
    Join Date
    December 2013
    Location
    Brazil
    Posts
    23
    Still continue the same size? How do i add this to my firewall? Appreciate some help.

    Quote Originally Posted by barricas View Post
    Yes I'm asking for TS related. The max I found is 542 bytes.
    Limiting max in firewall to 600 did not cause any problems yet.
    How to add this to firewall rules?
    Last edited by dante696; March 8th, 2015 at 01:05 AM.

  5. #5
    Join Date
    June 2011
    Location
    Germany
    Posts
    4,371
    You cannot do anything against the incoming traffic anyway. So all you do is prevent 24 bytes ICMP, which doesn't make a notable difference. If you want to block shit, DDoS is often from below port 41952 to below port 41952, which is illegal according to RFC 6335.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Log errors (accounting read invalid packet size)
    By obvious in forum Server Support
    Replies: 3
    Last Post: January 8th, 2015, 10:48 AM
  2. read invalid packet size size
    By beerza991 in forum Windows
    Replies: 2
    Last Post: June 5th, 2011, 10:57 AM
  3. Bind Failed/invalid packet size
    By SpeedGraffx in forum Linux / FreeBSD
    Replies: 0
    Last Post: December 17th, 2010, 03:51 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •