SA-MP Forums Archive
UDP OUT FLOOD from server side - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: UDP OUT FLOOD from server side (/showthread.php?tid=466289)


UDP OUT FLOOD from server side - filth80 - 27.09.2013

Hello,

We have a problem with some SAMP servers - they are sending UDP FLOOD. Here is the output from firewall:

Time: Fri Sep 27 07:06:45 2013 +0300
UID: 32047 (username)
Hits: 11

Sample of port hits:
Sep 27 07:05:15 server1 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=94.176.***.* DST=86.125.163.* LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=7777 DPT=1666 LEN=70 UID=32047 GID=32048
Sep 27 07:05:17 server1 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=94.176.***.* DST=86.125.163.* LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=7777 DPT=1666 LEN=70 UID=32047 GID=32048
Sep 27 07:05:23 server1 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=94.176.***.* DST=177.35.241.* LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=7777 DPT=59672 LEN=70 UID=32047 GID=32048


Sep 27 06:52:15 server1 lfd[6952]: *UID Tracking* 11 blocks for UID 32047 (username)
Sep 27 06:54:15 server1 lfd[7221]: *UID Tracking* 11 blocks for UID 32047 (username)
Sep 27 06:57:15 server1 lfd[7667]: *UID Tracking* 11 blocks for UID 32047 (username)
Sep 27 06:58:55 server1 lfd[7879]: *UID Tracking* 11 blocks for UID 32047 (username)


We are encountering this problem from several servers, different GM's.
Is there any way to discover the malicious code in the files?

Thank you.

Re: UDP OUT FLOOD from server side - chencong - 27.09.2013

what firework name of that, i am very interesting of that.

Re: UDP OUT FLOOD from server side - linuxthefish - 27.09.2013

Could be normal if it's your server, csf isn't very well suited for game servers....

Quote:
Originally Posted by chencong
Посмотреть сообщение
what firework name of that, i am very interesting of that.
http://www.configserver.com/cp/csf.html

Re: UDP OUT FLOOD from server side - filth80 - 27.09.2013

Quote:
Originally Posted by chencong
Посмотреть сообщение
what firework name of that, i am very interesting of that.
It's not CSF fault. If it was CSF, this would happen with every samp server on our server. We use CSF for gameservers since 2009 without any problem.

Re: UDP OUT FLOOD from server side - Aldo. - 28.09.2013

Quote:
Originally Posted by filth80
Посмотреть сообщение
It's not CSF fault. If it was CSF, this would happen with every samp server on our server. We use CSF for gameservers since 2009 without any problem.
Have you tired it with the firewall disabled?

Re: UDP OUT FLOOD from server side - filth80 - 28.09.2013

If I disable the firewall, I won't see the UDP OUT )

The thing is I wanna know what is the cause. CSF does it's job, it blocks UDP OUT generated by this script/code.If I disable CSF it won't block UDP OUT anymore, a thing that I don't want to happen.