samp exploit? heavy outgoing flood. - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: samp exploit? heavy outgoing flood. (/showthread.php?tid=547570)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: samp exploit? heavy outgoing flood. (/showthread.php?tid=547570)
samp exploit? heavy outgoing flood. - ColonelBurton - 23.11.2014
I'm suffering this since morning, i suspected that it is the update(possible infinite loop) and undone today's update but still ingoing.
The outgoing traffic suddenly increase & lagging out all players for 20-30 mins. it happened 5 times already.
I already have ddos protection, before someone say it is a ddos.
usual traffic
today's traffic
Re: samp exploit? heavy outgoing flood. - Sgt.TheDarkness - 23.11.2014
I'm experiencing similar issues, my outgoing traffic is almost triple than what I'm receiving, however I've yet to see my players time out, nor crash.
Re: samp exploit? heavy outgoing flood. - rm0203 - 26.11.2014
Well, I know about an "exploit" that has been around for some time, it attacks using UDP ports and only SA-MP server is affected, happened to a server that I was managing today. Take a look on some logs:
I think IP is src.sport.
...
03:05:51.309938 IP 209.105.233.*.54889 > 198.50.252.***: UDP, length 64
03:05:51.309940 IP 209.105.233.*.54883 > 198.50.252.***: UDP, length 64
03:05:51.309988 IP 209.105.233.*.54887 > 198.50.252.***: UDP, length 64
03:05:51.309992 IP 209.105.233.*.54881 > 198.50.252.***: UDP, length 64
03:05:51.309993 IP 209.105.233.*.54884 > 198.50.252.***: UDP, length 64
03:05:51.309994 IP 209.105.233.*.54890 > 198.50.252.***: UDP, length 64
...
Fixed by making a rule on iptables for that IP.
Re: samp exploit? heavy outgoing flood. - cm666 - 26.11.2014
Quote:
|
Originally Posted by rm0203
 Fixed by making a rule on iptables for that IP.
|
Re: samp exploit? heavy outgoing flood. - rm0203 - 26.11.2014
Well, I am not a linux expert but I did it by using the command tcpdump. This showed me an IP flooding UDP port, just link I showed above. So, I used:
iptables -A INPUT -s 209.105.233.* -j DROP
I saw a player doing this to big servers and they got offline instantly.