Respuesta: Connection flood -
adri1 - 02.09.2017
https://www.youtube.com/watch?v=0x7bUT8-msU
nice
Re: Connection flood -
Ubi - 02.09.2017
This is different problem and it can be fixed by samp.exe (browser) update. But it's not possible without changing query system concept.
Re: Connection flood -
ZapicoGT - 02.09.2017
The server behind these attacks is LS-RP.es. The owner of that shit called Sergio Mengibar.
Re: Connection flood -
Bingo - 02.09.2017
Quote:
Originally Posted by ZapicoGT
The server behind these attacks is LS-RP.es. The owner of that shit called Sergio Mengibar.
|
Are you serious?
Stop blaming dude.
Re: Connection flood -
ZapicoGT - 03.09.2017
I blame him because everything that is happening is his fault. The user who uploaded a screenshot 'Jennifer_McConnaughy' is the character I told you. Sergio Mengibar. He owns booter.xyz himself. I do not speak without knowing.
I do not speak without knowing. All is true. This person is doing a lot of damage to the SA-MP world.
You currently have access to everything LS-RP.es Host the server in your dedicated OVH GAME.
Respuesta: Connection flood -
adri1 - 03.09.2017
0.3.7 R2-2 not stopping query flood for me
server ip: 70.42.74.3:7777
Re: Connection flood -
Adzdon - 03.09.2017
Quote:
Originally Posted by ZapicoGT
The server behind these attacks is LS-RP.es. The owner of that shit called Sergio Mengibar.
|
proof?
Re: Connection flood -
siickr - 03.09.2017
Quote:
Originally Posted by ZapicoGT
I blame him because everything that is happening is his fault. The user who uploaded a screenshot 'Jennifer_McConnaughy' is the character I told you. Sergio Mengibar. He owns booter.xyz himself. I do not speak without knowing.
I do not speak without knowing. All is true. This person is doing a lot of damage to the SA-MP world.
You currently have access to everything LS-RP.es Host the server in your dedicated OVH GAME.
|
are you dumb? i can ddos a server using that name and then the attacker was LS-RP? seriously, stfu and keep trying open your server
Respuesta: Connection flood -
adri1 - 03.09.2017
0.3.7 r2-2 don't stop query flood attack
Re: Respuesta: Connection flood -
Bingo - 03.09.2017
Quote:
Originally Posted by adri1
0.3.7 r2-2 don't stop query flood attack
|
So you mean the new patch ain't working?
Re: Respuesta: Connection flood -
PrettyDiamond - 03.09.2017
Quote:
Originally Posted by PrettyDiamond
Im in same Boat as you my friend....my Debian was unmounted at all....and im still at Null Progress by all. My IP still flooded, my server still offline. I was thinking about change it to Windows, because @iLearner SV looks are working, but sometimes it is offline too, idk if he fixed at all the flood problem. IDK what more i can do, but i will search out, until i find the way to run my server again. Its funny, if i start it, in same minute some old players join it, then i look at SV CPU usage, goes to 100%, ping get high, packet loss, and finally timeout for all. So sad...nothing helps for me, i used the last Update from Kalcor, iptables rules, nothing works for me?
|
Quote:
Originally Posted by adri1
0.3.7 r2-2 don't stop query flood attack
|
Quote:
Originally Posted by Bingo
So you mean the new patch ain't working?
|
so sorry but its
CONFIRMED 0.3.7 r2-2 don't stop query flood attack
Best Regards
Re: Respuesta: Connection flood -
RDM - 03.09.2017
Quote:
Originally Posted by PrettyDiamond
so sorry but itsCONFIRMED 0.3.7 r2-2 don't stop query flood attack
Best Regards
|
kalcor can not do anything if the attack is greater than your network can handle!
kalcor only minimized the effects caused by the attack on the server!
if you do not have enough bandwidth for the attack,
nothing that kalcor does, will help you!
this does not depend on the samp at the moment depends on your hosting company, if you have not hired any, the problem is yours!
I believe most servers are online because they have enough bandwidth!
Re: Respuesta: Connection flood -
PrettyDiamond - 03.09.2017
Quote:
Originally Posted by RDM
kalcor can not do anything if the attack is greater than your network can handle!
kalcor only minimized the effects caused by the attack on the server!
if you do not have enough bandwidth for the attack,
nothing that kalcor does, will help you!
this does not depend on the samp at the moment depends on your hosting company, if you have not hired any, the problem is yours!
I believe most servers are online because they have enough bandwidth!
|
Believe me i have more bandwidth as you can ever buy.
Ever hear, read any about backbones, Cisco12400 Router? Im right now 1 step from one! My University backbone.
Ok then tell me how much bandwidth you think i need to have? And i give you a Screenshot of my last 5GB/s test, from right now? Ok?
So can you please stop to quote me for things about you havent any knowledge? Like what bandwidth my rootserver have? Thank you
Please Back to the Roots!
Re: Respuesta: Connection flood -
Sgt.TheDarkness - 03.09.2017
Quote:
Originally Posted by RDM
kalcor can not do anything if the attack is greater than your network can handle!
kalcor only minimized the effects caused by the attack on the server!
if you do not have enough bandwidth for the attack,
nothing that kalcor does, will help you!
this does not depend on the samp at the moment depends on your hosting company, if you have not hired any, the problem is yours!
I believe most servers are online because they have enough bandwidth!
|
This has nothing to do with bandwidth at all.... Actually, as explained in previous posts, this attacks recreates the connection process to the sa-mp server and abruptly stops it. In addition, with the spoofed source address, the sa-mp server is aimlessly sending cookies out to bogon IP addresses. This is a CPU based attack, bandwidth is NOT affected, this attack is less than 1-2 megabytes of packets, not even CLOSE to a real bandwidth attack. You could theoretically reach larger packet sizes but I doubt those kids know anything about real packeting.
I've tested both of his patches locally with my tools and confirm his patches do NOT work, and I have a gigabit home-network. Fixing this would require an overhaul of the SA-MP querying system, which I doubt kalcor has time nor feels like doing. Get Ubi's plugin, compile it & add it to your server, this is the ONLY method that's stopped this attack.
EDIT: My mistake, the released patches were not for cookie flooding.
Re: Connection flood -
dugi - 03.09.2017
Quote:
Originally Posted by Sgt.TheDarkness
This has nothing to do with bandwidth at all.... Actually, as explained in previous posts, this attacks recreates the connection process to the sa-mp server and abruptly stops it. In addition, with the spoofed source address, the sa-mp server is aimlessly sending cookies out to bogon IP addresses. This is a CPU based attack, bandwidth is NOT affected, this attack is less than 1-2 megabytes of packets, not even CLOSE to a real bandwidth attack. You could theoretically reach larger packet sizes but I doubt those kids know anything about real packeting.
|
The recent server changes are related to query flood only, nothing changed regarding connection flood, you seem to have 2 different attack methods confused.
Re: Respuesta: Connection flood -
RDM - 03.09.2017
Quote:
Originally Posted by PrettyDiamond
Believe me i have more bandwidth as you can ever buy.
Ever hear, read any about backbones, Cisco12400 Router? Im right now 1 step from one! My University backbone.
Ok then tell me how much bandwidth you think i need to have? And i give you a Screenshot of my last 5GB/s test, from right now? Ok?
So can you please stop to quote me for things about you havent any knowledge? Like what bandwidth my rootserver have? Thank you
Please Back to the Roots!
|
Hello, or your bandwidth is insufficient, or your hardware, cpu / ram, are not supporting the attack!
there is no logic since your server should be online using the UBI plugin and the Kalcor update!
I think you do not know what a DDOs attack is!
the attack received is layer 7, however with the fixes this is not a problem!
if you have enough network and hardware to support the attack your server will be online!
Because UBI in your plugin has taken the limits and kalcor has improved the query control!
that is the question,
I did the simple control using iptables,
when an ip tries to send the packets for 1 second its packets will be blocked, blocking all the first packets of the queries and cookie,
except for query i, in the case of query i I only accept the first package in the interval of 1 second,
this in theory blocks 90% of malicious packages,
after sending the first packets the client ip will be released and no longer blocked by the firewall!
a spoofed attack is not impossible to block!
all attacks are anomalies, although the packets are the same as the client samp.
Unfortunately it is not possible to see the effects of the firewall on the same server node!
ie the firewall must be placed a node earlier than the samp server is.
Example: I own a dedicated, add iptables rules in this dedicated, and create a vps and host my samp server!
in this way it will be possible to see that 90% of the attack is not redirected to the vps server, that is, blocked by iptables!
you live by saying that I do not know about things, however my servers are completely online under attack while yours is offline!
Review your concepts friend!
Re: Respuesta: Connection flood -
Hansrutger - 03.09.2017
Quote:
Originally Posted by FelipeAndres
they pull me out of the hosted tab, and I still do not know why ...
they involve me in what I have not done
|
Best thing to do is tp try to contact them, that's what people recommended me doing at least.
Re: Respuesta: Connection flood - Astralis - 03.09.2017
Quote:
Originally Posted by Hansrutger
Best thing to do is tp try to contact them, that's what people recommended me doing at least.
|
support@game-mp.com
Respuesta: Connection flood -
FelipeAndres - 03.09.2017
I sent a mp to kalcor but it does not respond, is there any other faster way to contact them?
Re: Connection flood -
iLearner - 03.09.2017
I am happy to see I've both of my servers on list.