BlockUnexpectedPackets

This script automatically blocks DDoS attacks that are spamming your BungeeCord server with invalid packets.

[08:33:01] [Netty Worker IO Thread #23/ERROR]: [/IpHere:1693] <-> InitialHandler - encountered exception: net.md_5.bungee.util.QuietException: Unexpected packet received during login process! 4554202f20485454502f312e310d0a48

The script reads the BungeeCord logs and blocks the IP if...

• A unexpected packet was received during login process.
• If too many read timeouts are triggered in a short period of time.

Of course, you should host your server in a hosting provider that has Anti-DDoS (like OVH)! However if you don't block the IPs in your firewall, your BungeeCord ends up overloading due to too much CPU usage, causing issues to your players.

This script is very crude, you should use this as base for your own script!

Using the Script

Create the IPSet

/etc/ipset.conf

create badips hash:ip family inet hashsize 1024 maxelem 65536

Drop invalid IP connections if the IP is present in the badips list

/etc/iptables/rules.v4

# Generated by iptables-save v1.8.5 on Tue Jan  4 14:49:32 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m set --match-set badips src -j DROP
COMMIT
# Completed on Tue Jan  4 14:49:32 2022

Change the DISCORD_WEBHOOK variable in the block_unexpected.py script

Used to log blocked IPs and restarts to a Discord channel!

Create a screen and run the block_unexpected.sh

By default the script will restart every 30 minutes, because the tail code stops working if the file is rotated (new day, BungeeCord restart, etc).

I think this could've been handled in a better way, but hey, it works!