Thank you for your help and the patched ELF, however it segfaults on my server. possibly because I run 64 bit Linux with 32 bit libs. I watched for packets from outside and came up with an additional rule for users with similar problems. Here are the 2 firewall rules that I am using
iptables -I INPUT -p udp --dport 23073 -m string --algo kmp --hex-string '|64 29 77 00|' -j DROP
iptables -I INPUT -p udp --dport 23073 -m length --length 1 -m string --algo kmp --hex-string '|64|' -j DROP
I strongly suspect that there will be other packets that could crash the server but for now this is working for me. As of today the packets are coming from 35.196.253.60. Looks like the server list is scanned an then the servers are attacked. My server was brand new never on the internet before and it crashed within minutes of going up.
GeoIP shows the following
35.196.253.60 US Mountain View,
California,
United States,
North America 94043 37.419200000000004,
-122.0574 1000 Google Cloud Google Cloud
Probably some Google services user being an a$$, seriously people need better hobbies. When can we expect an officially released binary patch? (ie available on downloads page) I cant imagine this issue is good for the community.
All the best.
Enrico Zanolin
