Good Afternoon,

I have a Windows 2008 dedicated server which runs a server daemon for the video game "Renegade".  This daemon has a serious flaw, any large quantity of any size UDP packets will cause it to crash.  Lately I have been experiencing serious problems with this, as one small computer can use a simple perl script to send several small (2-byte) packets to the server on port 5000 and crash it, in spite of the actual dedicated box being unaffected.

I have searched for the best solution for this, and the only thing I can come up with is to create a Snort rule using rate limiting to drop packets from an IP that has been sending a large number of them in a short time, however Snot is a bit difficult to learn.

I was hoping someone here might be able to provide me with a Snort rule to accomplish this, or perhaps another alternative to keep the server from crashing under this load.  It must be run on Windows and cannot be moved to Linux, where iptables would offer a simple solution.

asked 05/12/2011 04:58

PrivateKey's gravatar image

PrivateKey ♦♦

3 Answers:
The following snort rule will drop udp packets to your W2K8 server with payload size of more than 2 bytes .

drop udp any -> W2k8-IP/24 5000 (dsize:> 2; msg: "UDP Packet attack";)

expert_tanmay's gravatar image


I think my answer is correct using snort. The other way around is to switch on windows firewall which comes by default on W2K8..

expert_tanmay's gravatar image


This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
younghv's gravatar image


Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments



Asked: 05/12/2011 04:58

Seen: 622 times

Last updated: 10/18/2011 09:16