Do you use a firewall? Check flood blocking (ICMP, TCP/IP)

i have install firewall and configure it , my rule ;

# Generated by iptables-save v1.6.0 on Wed Feb 12 10:09:18 2020
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [687:218631]

# Allow internal traffic on the loopback device
-A INPUT -i lo -j ACCEPT

# Continue connections that are already established or related to an established connection
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# Drop non-conforming packets, such as malformed headers, etc.
-A INPUT -m conntrack --ctstate INVALID -j DROP

# SSH
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
#serveur
-A INPUT -p tcp -m multiport --dports 3306,3724,6548,6541,8086 -j ACCEPT


# DHCP used by OVH
-A INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT

# DNS (bind)
-A OUTPUT -p tcp --dport 53 -j ACCEPT                                                                                                                                   -A OUTPUT -p udp --dport 53 -j ACCEPT                                                                                                                                                                                                                                                                                                           # HTTP + HTTPS


# Email (postfix + devecot)
# 25 = smtp, 587 = submission and 993 = IMAPS

# NTP

# Chain for preventing ping flooding - up to 6 pings per second from a single
# source, again with log limiting. Also prevents us from ICMP REPLY flooding
# some victim when replying to ICMP ECHO from a spoofed source.
-N ICMPFLOOD                                                                                                                                                            -A ICMPFLOOD -m recent --name ICMP --set --rsource
-A ICMPFLOOD -m recent --name ICMP --update --seconds 1 --hitcount 6 --rsource --rttl -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "iptables[ICMP-flood]:$-A ICMPFLOOD -m recent --name ICMP --update --seconds 1 --hitcount 6 --rsource --rttl -j DROP
-A ICMPFLOOD -j ACCEPT

# Permit useful IMCP packet types.
# Note: RFC 792 states that all hosts MUST respond to ICMP ECHO requests.
# Blocking these can make diagnosing of even simple faults much more tricky.
# Real security lies in locking down and hardening all services, not by hiding.
-A INPUT -p icmp --icmp-type 0  -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p icmp --icmp-type 3  -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p icmp --icmp-type 8  -m conntrack --ctstate NEW -j ICMPFLOOD
-A INPUT -p icmp --icmp-type 11 -m conntrack --ctstate NEW -j ACCEPT

# Drop all incoming malformed NULL packets
-A INPUT -p tcp --tcp-flags ALL NONE -j DROP

# Drop syn-flood attack packets
-A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
# Drop incoming malformed XMAS packets
-A INPUT -p tcp --tcp-flags ALL ALL -j DROP

COMMIT
# Completed on Wed Feb 12 10:09:18 2020

i have change port worldserver (6548) and soap (6541)

you think it secure ?

can you try crash my serveur for test please ?
my realmlist for test : logon.altaria-serveur.fr

thanks in advance for your help

I recommend UFW is very easy to use and very easy to limit spam or use the FIREWAL from OVH

You have last updates in you server ? what commit using now?

You have last updates in you server ? what commit using now?

It does not matter. Wrong packet is coming to WoW port. It may be wow-client not 3.3.5a, or lan-scanner or simply tcp-flood

1506

It's DOS for socet,use iptables and more rules

Does this happen on the current master as well?
We had some updates regarding security lately

I will close this since it has not had any updates lately, including that it could be likely that @Helias' security updates could have fixed this.

If this occurs again, feel free to either comment here or open a new ticket :)