Register
Events
Popular
More
Post #1
In the past week of playing garrysmod, there have been at least five people who got banned or kicked for griefing and their response is DDoSing the server, making it unplayable even ever after they have disconnected. I would make this myself if I had any knowledge of source, but I don't, so I would be really grateful if this was made and given to garry to add to the game, or even better, given to valve to stop the problem for all source games. I've already sent valve a request for their stance on DDoS and I'll post it when I get a response.
I don't really know the technical details behind DDoS so I understand if it may not be possible to defend against, but to anyone who does have an idea and makes it, everyone will be very grateful.
Perhaps this will help with finding solutions.
http://wiki.alliedmods.net/SRCDS_Hardening#Lag.2FDOS
-
-
Most DDoS attacks can't be dealt with at the application level, they need to be mitigated at the network level.
-
The source engine is flawed.
The GSP's are helpless software doesn't always help.
Using iptables doesn't always help.
Anyone can obtain access to dos ability now.
-
Protip: Blacklist CoD4 master server.
cod4master.activision.com
-
that just stops your server being used in a drdos
-
It stops DevNull's reflected dos system from working properly. Since Stan relies on cod4 servers.
-
This little shit that got his admin demoted keeps ddosing my favorite server. FUCK. I hope valve gets back with my request soon.
-
What I do when my box is attacked is first start wireshark if I can access the box, then call my datacenter to mitigate the attack. If I have his IP I will email his ISP regarding it and with enough complaints they will do something about it.
You also should make sure people aren't spamming A2S_INFO packets, which will crash your server, you can find a mod on AlliedModers that will protect it.
There isn't much you can do about a DDoS except mitigate it or wait it out.
Also, valve wont be able to help me.
-
That doesn't work. That just prevents you from looking up CoD4 servers. Stan can still lookup the masterlist and get a list of servers to use against you.
-
AFAIK what he does is send a packet to the CoD4 master server with your IP spoofed and it sends you the full server list consistently.
[editline]
I guess I am wrong.
-
A server i'm helping with has been getting hit by cod4, 'statusRespone', attacks at 580mbit/s. Then there's the generic 22mbit source engine query attack which removes the server from the master list.
-
no, he gets the master serverlist for himself, and then uses this list to get every single COD4 server to send their status info to your server constantly, which allows him to multiply his amount of data sent to you
Example: his server sends a relatively short phrase that looks like this €€€€200 in a packet that says it's from the target server, and then the server replies to you it it's entire playerlist, pings, frags, map, gamemode, etc. which is quite a big jump in how much data is being sent to you
now calculate in the... 900 COD4 servers online right now according to gametracker.com
--edit--
oh nvm, it decided to filter out nonUS servers, 6350 servers
-
Having some sort of automatic system where you get all cod4 and quake3 servers and block all the ips would be pretty sweet
-
the problem isn't ignoring the requests as much as it is that the sheer amount of data makes it impossible to process everything to ignore it in the first place
-
Why doesn't Activision filter out this problem, then?
-
Because if they fixed it they wouldn't make any more money than if they left it
-
I think the better question is why wouldn't they add some sort of anti spam to begin with
-
As long as they make money they won't care about that problem.
Or they are too busy with releasing the next 20 CoD games.
-
That's wrong, if you block the servers in your firewall or iptables or however you do it, it can't send you the data. it's not like the server takes in all your data and then goes "Ohhh....nvm, hes blocked delete that !".
-
No matter if you have a firewall, iptables, etc., the only thing it can do is prevent traffic from reaching the applications. The packets are still present, and they are still saturating your line. In some cases, those CoD status packets are enough to knock a normal server offline just by purely over-saturating the line.
-
This is what I meant, I was just simplifying it because he probably doesn't know what saturating the line means
and JustSoFaded, if you don't think your computer takes these packets in when it tries to filter them, how do you think iptables works? at some point in time it has to process the header information of the packet to decide whether to allow, drop, or deny it.
-
Ugh, how I hate cod :(
With a 1GB line (and a decent host, one who will actually give you 1gb) then you could probably eat a cod4 drdos. I'd still expect some decent lag though.
I'm playing with linux atm to swap my UK host over to it, but alas gmod with linux :(
-
If isps were smart enough to help block (d)doses, their solution is to just shut the client off the network
-
Same rule applies for them as it does for Activision that was stated earlier:
-
If ISP blocked spoofed UDP packets at the network level it would stop this method altogether.
Or take stan to court but unsure how would you turn chinese whispers into something that would hold in court.
-
Welcome to the club! Sethhack skiddies hit our server almost daily for 2 weeks over the holidays. Our solution? Get LSN to put up a filter :P. They even said some of them got up to 200+ MBPS. Even WITHOUT LSN's filters, they failed to fully take down a single one of our servers :V
-
They get mad when you get 8Gbit thoughWelcome to the club! Sethhack skiddies hit our server almost daily for 2 weeks over the holidays. Our solution? Get LSN to put up a filter :P. They even said some of them got up to 200+ MBPS. Even WITHOUT LSN's filters, they failed to fully take down a single one of our servers :V
-
This... Very much this...
-
Listen bud, if you have a good firewall, raw socket bull shit isn't going to effect you (except for the first couple of seconds for the exact reason you just stated). Obviously is has to look into the packet header, but smart firewalls will look at packet consistencies etc
Also, quit being a punk. Looking at your past threads it seems your programming knowledge is pretty..limited, at best, and you don't seem to know exactly what you are talking about.
-
Network Security != Programming Knowledge
-
So what needs to happen is Activision be sued for being an accomplice in malicious internet use if they fail to fix the problem. They provided the exploited software so that makes them an accomplice. They are providing the way for uncontrollable internet spam by making these servers exploitable. That should be illegal right? All you'd need to do to prove it is to run the same shit everyone else is doing and record the packet traffic.
-
I can use the Ping command to flood others, does that mean I can sue Microsoft for including this command? No. You can't sue a company simply because they do not fix a bug/exploit in their system. It's the users that are held at fault for abusing any exploits.
-
Ping requests are blockable, cod4 drdos is not. Unless patched somehow with linux or an addon.
-
If I hit you with a statusResponse DRDoS, and you go into your firewall (for example say some variant of Linux, Windows' is shit) and you say something like
then yes, packets will be blocked from reaching your applications but that 100MB internet connection you have between your server and the internet is still being used. Unless you are filtering these packets out well before they reach your line, it really doesn't make a difference.Code:iptables -A INPUT -m string --string 'statusResponse' -j DROP
If the attack is larger than your connection, then you are essentially fucked, no matter how many filters or firewalls you have in place. If you can't block it before it reaches your line, it still saturates it.
For my next post, if needed, I will paint a pretty picture...
-
Man, where do you people find these admins? The circle of build/wire servers I frequent have never had problems like this.
-
You don't have to be specific about it, that was merely an example. Nontheless, I'm pretty sure it is blockable as Revenge282 mentioned as these kind of ping requests have some kind of unique identifier.
-
Since we got our new server we have banned 65 people using Sethhack in 61 days, a few of them even added me and were all like 'HURR DURR DEVNULL TIME FGT', yet we have experienced no lag or crashes, so I can only assume that either the connection can handle it or PlugPayPlay know what they are doing.
-
You do have to be specific about it, if you had a COD4 server with an anti-spam query system which disallows the ip from requesting info for lets say... 5 minutes, then that would stop the outcoming traffic from the server being high, as the server downloads very little, it uploads much much more.
-
You clearly are not getting my point at all. I am not telling you how/what you can do to block them, that was not my focus of topic. I was only using an example to state that you cannot sue a company over bugs that can be unintended used for malicious reasons by users.
-
Because he probably query's one server, then the next, then the next until the list is over.
Funny x 9
Optimistic x 4
Friendly x 2
Agree x 21
Lua King x 1
Disagree x 1
Dumb x 1
x 1
Zing x 2
Winner x 1
Artistic x 1
