Connection flood - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: Connection flood (/showthread.php?tid=639868)

---

Re: Connection flood - Paulice - 25.08.2017

Whoever is experiencing this issue and wants to create a solution, PM me! All I need is access to a blank public server being flooded 24/7, I have an idea in mind that just may work.

Just need one person. You'll receive the solution with no charge!

---

Re: Connection flood - Ubi - 25.08.2017

Well.. It's not exploited. There is some "requests per second limit" hardcoded in sa-mp executable and that's all. The attackers are reaching the limit and that's why it's not responding.

---

Re: Connection flood - azzerking - 25.08.2017

I'm actually certain there is no limit, There seems to be a limit in place for connections from the same IP, but not for loads of random IP's. So thats where the limit will be based on your network devices / OS network interfaces.

It's possible that RakNet has a connection limit in place, that may refuse a connections made within a set period of time, I believe most are if you have more then 30 connections within 1ms - 15ms then it would refuse the connection. I know a lot of third party multi-player add-ons follow the same pattern.

Which is why it then becomes easier for these people to attack, since they can make delays between connections and just have the server send useless packets. UDP is a bitch to work against, there no real way to identify or even analyses the host, which makes it so much harder to protect against DDos attacks.

---

Re: Connection flood - Th3_P4dr1n0 - 25.08.2017

It's FZ-fenixzone, some years ago they attacked all latin american servers on hosted tab with similar shit that is happening now and they were blacklisted in samp, their servers removed from hosted and internet tab. When this shit starts yesterday, on hosted tab was only a few servers, big servers from Rusia and of course all FZ servers, only they were not affected in start.

---

Re: Connection flood - denNorske - 25.08.2017

Whatever you would like to do locally on a samp server will 99% likely not work, sorry for disappointing you.

What's happening, and what is been explained above, is network related UDP traffic. These are things that has to be sorted out before reaching the server. Unless you can somehow change the way the servers report status to the Internet and/or hosted tab client wise.

---

Re: Connection flood - Andre02 - 25.08.2017

A good way of fighting this attacks is to go outside and have fun alongside with that saying bye to SAMP
Thank me later for the solution!

This is where we see that Kalcor needs to update SAMP and make everything more secure, even if it's just a security update with some add-ons, it'd be enough for everyone.
But we see that's not near to happening, Kalcor gave up on SAMP and left it here. Like this. The playerbase will start dropping until there's a total of 10 servers and 100 players globally, until it dies, sad but true if there is no update in the near future.

OT: Keeping the calm and giving solutions alongside everyone will only make it better for everyone, attackers will get bored at one point and stop this shit, until then, we only have to wait and co-operate.

---

Re: Connection flood - RDM - 25.08.2017

This attack is different from the attack performed by the FZ-fenixzone server!

This attack is totally spoofed!

The attack performed by the FZ-fenixzone server was of simple mitigation my firewall kept several servers protected!

I'm about to get an effective solution against this current attack ..

Tip: the attacker sends the 4 querys followed and after sending the connection packet,
A normal client sends the 4 querys packages and more than 1 second then sends the connection packet !!

It is possible to drop the connection packet, which causes more damage to the server!

---

Re: Connection flood - PrettyDiamond - 25.08.2017

my beloved server its now since 2 days under this attack, and so many dudes are waiting for play...

---

Re: Connection flood - RDM - 25.08.2017

I'm doing my best to test the firewall I developed this afternoon!

If I get success I will make it available in github!

---

Re: Connection flood - Christofski - 25.08.2017

Can confirm this is happening on our server also, same ips etc, taken multiple steps to defending against it but nothing possible via server script/firewall. this issue is a samp issue and needs to be addressed.

---

Re: Connection flood - RDM - 25.08.2017

Really is, this has happened for more than 1 year, but now they have found hosting that allow spoofed and it is almost impossible to block ...

---

Re: Connection flood - Paulice - 25.08.2017

I stand in that 1%. Offer still stands!

---

Re: Connection flood - morris91 - 25.08.2017

No one can disagree on this not being annoying. but once again it just seems to bring up the now old aged question of "Where is Kalcor?"

Most other Multiplayer communities you would atleast have a response from someone high up about the problem atleast acknowledging it or suggestion idea's on how to help the community.
But sadly here its seemed to of become the norm for server owners just to bite their lip and get on with it.

Sad really, From seeing this community in 2007 to now. Alots changed, In in attitudes more than anything.

Anyway, Hope there's a help in hand soon or idea's on how to prevent from fellow members. Cos i sure need something because i'm all out of idea's.

---

Re: Connection flood - cuber - 26.08.2017

Why would the attacker(s) give up, when "the attacker(s)" is(are) enjoying that all of you are discussing about "the attacker(s)" and how to protect your server. The "the attacker(s)" now already knows how to do it.

---

Re: Connection flood - DTV - 26.08.2017

Just post what you think might work rather than have it as an offer.

---

Re: Connection flood - Paulice - 26.08.2017

Is it weird that I want someone to attack a server of mine to be able to create a solution? No-one is cooperating on the previous offer. Someone able to, please PM me!

---

Re: Connection flood - RDM - 26.08.2017

Hello with great effort after 7 hours analyzing the traffic of this attack managed to significantly minima it!

Protection from attack! https://sampforum.blast.hk/showthread.php?tid=639962

---

Re: Connection flood - Noir - 26.08.2017

Can you create this also for a Windows server?

---

Re: Connection flood - wallee - 26.08.2017

if samp was querying the servers instead of clients (so clients are just viewers) would that "fix" the problem?

---

Re: Connection flood - denNorske - 26.08.2017

It's more likely to work yes. Or if the servers reported their status to a masterlist directly, avoiding the problems regarding UDP packets drowning in requests

But there again, this is kalcor stuff to sort out. I am not sure what else to do, it's difficult to distinguish the fake packets :/

---