sArAkUzZa Posted September 28, 2011 Author Share Posted September 28, 2011 Hi, can you leave some contact so we can go through this. I am ready to work with you about that. Link to comment Share on other sites More sharing options...
omnigenus Posted September 28, 2011 Share Posted September 28, 2011 Click on my nick and mail me? Link to comment Share on other sites More sharing options...
omnigenus Posted September 28, 2011 Share Posted September 28, 2011 Thank you very much for sharing Omni No problem... I have two "guinea pigs" at the moment testing this fix. If it works for them too, i'll upload everything Link to comment Share on other sites More sharing options...
ViolentCrimes Posted September 29, 2011 Share Posted September 29, 2011 Sorry I might have miss understood this. But is this for the host server protection or is this for the servers that are getting attacked? Link to comment Share on other sites More sharing options...
omnigenus Posted September 29, 2011 Share Posted September 29, 2011 Sorry I might have miss understood this. But is this for the host server protection or is this for the servers that are getting attacked? For the host, of course. After all this is TCADMIN forum, is it not? Link to comment Share on other sites More sharing options...
Bubka3 Posted September 29, 2011 Share Posted September 29, 2011 Has the fix been released yet? Link to comment Share on other sites More sharing options...
peace Posted September 29, 2011 Share Posted September 29, 2011 I noticed 100% network usage about one hour ago. I started new traffic capture using Microsoft Network Manager 3.4. I thought it was UDP flood to our server but i was mistaken. There was a huge UDP outgoing traffic from gameservers IP:port sources to different destination IP's with port 80. This was solved by blocking UDP traffic to port 80 from all server IP's. Now its normal 30% network usage. I believe this is what Omnigenus was talking about. UPD: I guess the best practice is to deny all traffic and manually set all rules that are needed for game servers and other services. In Windows its a little more complicated to do but in Iptables in Linux is the perfect solution. Link to comment Share on other sites More sharing options...
omnigenus Posted September 29, 2011 Share Posted September 29, 2011 @peace Yep, that's it, but port 80 isn't the only destination port and your game server will process that query anyway. Link to comment Share on other sites More sharing options...
sArAkUzZa Posted September 30, 2011 Author Share Posted September 30, 2011 Testing patch with omni...it looks that it is really working!!! Thanks to him. Link to comment Share on other sites More sharing options...
omnigenus Posted September 30, 2011 Share Posted September 30, 2011 Ok guys, here's a small fix i made...it well help you with this problem. So, what is this all about? I'll try to keep it short... This fix will allow only one getstatus response per second, per IP. So, if someone sends 100 getstatus queries to your server, in a single second, your CoD4 server will respond with a single serverstatus message. So, if you do the basic math, your server will send just 1 kB/s instead of 100kB/sec...multiply that by the number of affected servers on your machines and by the number of possible simultaneous attacks....yeah Now you're able to put a smile on your face ==================== THE GOOD PART ==================== 1. Download 2. Read the readme file ZIP file includes my getstatus flood testing tool... If your servers are vulnerable, like this random german server i tested this on, you'll get something like this: If your server are protected, you'll get something like this: CoD4_Getstatus_Flood_Fix.zip Link to comment Share on other sites More sharing options...
peace Posted September 30, 2011 Share Posted September 30, 2011 Does it limit getstatus queries from 1 IP per second or how does it work? Link to comment Share on other sites More sharing options...
omnigenus Posted September 30, 2011 Share Posted September 30, 2011 Does it limit getstatus queries from 1 IP per second or how does it work? Exactly...limits getstatus queries to 1 query per IP, per second Link to comment Share on other sites More sharing options...
peace Posted September 30, 2011 Share Posted September 30, 2011 Any chance to get source code? I know how to set this rule in IPTables but on Windows it's more complicated. Link to comment Share on other sites More sharing options...
omnigenus Posted September 30, 2011 Share Posted September 30, 2011 Sorry, but i'll keep my coding for myself. Nothing personal, i just feel like i did enough already My work on this is done and it's completely free...you can simply take it or leave it. Feel free to look into Luigi Auriemma's Proxocket tool...it's opensource and you'll get the hang of it, if you know c. If you don't, you wouldn't have any real use of my code anyway. Link to comment Share on other sites More sharing options...
peace Posted October 1, 2011 Share Posted October 1, 2011 Testing patch with omni...it looks that it is really working!!! Thanks to him. Did it solve the problem? Any issues? Link to comment Share on other sites More sharing options...
leetservers Posted October 2, 2011 Share Posted October 2, 2011 Works great, thanks omni! -bobby Link to comment Share on other sites More sharing options...
Goran Posted October 2, 2011 Share Posted October 2, 2011 tested and solves the problem, gj. to the coder Link to comment Share on other sites More sharing options...
wes540 Posted October 24, 2011 Share Posted October 24, 2011 tested a works, thanks saves having loads of ipsec rules for outgoing udp traffic Link to comment Share on other sites More sharing options...
omnigenus Posted October 24, 2011 Share Posted October 24, 2011 Well, as i said, this is a quick fix and it's not the final solution for this problem. It helps a great deal, yes, but it's far from being perfect. I have some new ideas and i'm working on them, but don't want to have gs performance trouble...if i finish it, i'll give you an update Link to comment Share on other sites More sharing options...
ViolentCrimes Posted October 24, 2011 Share Posted October 24, 2011 What about quake 3 it has the same exploit. Link to comment Share on other sites More sharing options...
omnigenus Posted October 25, 2011 Share Posted October 25, 2011 What about quake 3 it has the same exploit. This fix should work on Q3 as well Link to comment Share on other sites More sharing options...
gemcneill Posted November 5, 2011 Share Posted November 5, 2011 This fix for cod2 only works for a while and then they attack can start again. It lasts for a few min at a time then seems to stop working. Any one have any ideas? George Link to comment Share on other sites More sharing options...
Brett Posted November 7, 2011 Share Posted November 7, 2011 Thank you for this. Someone had turned one of our COD4 servers into a DDoS bot, so glad to have it resolved. Link to comment Share on other sites More sharing options...
Drakar Posted November 11, 2011 Share Posted November 11, 2011 Any news about gemcneill comment? Thank you This fix for cod2 only works for a while and then they attack can start again. It lasts for a few min at a time then seems to stop working. Any one have any ideas? George Link to comment Share on other sites More sharing options...
omnigenus Posted November 11, 2011 Share Posted November 11, 2011 Shouldn't be happening as it has no corelation to time. There are some limitations to the number of IP addresses kept in memory in any given time but still Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.