Max size per UDP packet?

[barricas]

Hi, one of my friends had a 400-500Mbits DDoS bandwidth exhaustion attack running on his port. While the attack didn't do anything in terms of packet loss, it was running for hours and ate about 1TB traffic.

I captured traffic with tcpdump and the max packet I found for legit traffic was ~170bytes.
Can I block packets over 200-250 bytes? The attack was all 400+ bytes per packet. If it is possible to confirm that there aren't packets larger than this I will apply the rule right now.

Edit: By tcpdump running for a few mins it seems the max request is 542 bytes. I set a rule to accept 1 to 600 bytes packets and is working fine.

[maxi1990]

An udp paket can be up to 65535 bytes of size. I think one of the developers can tell us how big a regular paket can currently get with highest codec settings within the teamspeak3 protocol

[barricas]

Yes I'm asking for TS related. The max I found is 542 bytes.
Limiting max in firewall to 600 did not cause any problems yet.

[giooluigii]

Still continue the same size? How do i add this to my firewall? Appreciate some help.

Yes I'm asking for TS related. The max I found is 542 bytes.
Limiting max in firewall to 600 did not cause any problems yet.

How to add this to firewall rules?

[numma_cway]

You cannot do anything against the incoming traffic anyway. So all you do is prevent 24 bytes ICMP, which doesn't make a notable difference. If you want to block shit, DDoS is often from below port 41952 to below port 41952, which is illegal according to RFC 6335.