[Blackaslan]

Code:

[17:41:40]Warning: dropping a split packet from client
17:41:40] Warning: dropping a split packet from client
[17:41:40] Warning: dropping a split packet from client
[17:41:40] Warning: dropping a split packet from client
[17:41:40] Warning: dropping a split packet from client
[17:41:40] Warning: dropping a split packet from client
[17:41:40] Warning: dropping a split packet from client

Any Info will be usefull

[Abagail]

I don't really think it's an error: just a warning. Possibly a lagging player, or what not. Not a not of people claim to have this issue, so information regarding it is quite limited.

Although, it says whats wrong in plaintext: A split packet was dropped by the server from the client.

[Blackaslan]

Quote:

Originally Posted by Abagail I don't really think it's an error: just a warning. Possibly a lagging player, or what not. Not a not of people claim to have this issue, so information regarding it is quite limited. Although, it says whats wrong in plaintext: A split packet was dropped by the server from the client.

Yes , I thinks it's a kind of DDOS , but also can be something like this "Invisible bot attack" anyways this turn off my server because is overloaded

[Abagail]

Its not really a type-of-ddoss. How-ever: from the small information(which may not be accurate) it seems like a client is modifying a packet. Is there a certain player connected everytime this happens, that may be doing this?

[Blackaslan]

Quote:

Originally Posted by Abagail Its not really a type-of-ddoss. How-ever: from the small information(which may not be accurate) it seems like a client is modifying a packet. Is there a certain player connected everytime this happens, that may be doing this?

Answer from my VPS:

Quote:

Inbound DDoS Detected Hi there, Our system has automatically detected an inbound DDoS against your droplet named XXXXX with the following IP Address: x.x.x.x.x As a precautionary measure, we have temporarily disabled network traffic to your droplet to protect our network and other customers. Once the attack subsides, networking will be automatically reestablished to your droplet. The networking restriction is in place for three hours and then removed. Please note that we take this measure only as a last resort when other filtering, routing, and network configuration changes have not been effective in routing around the DDoS attack. Please let us know if there are any questions, we're happy to help.

So I think it is

[Abagail]

Someone may be modifying packets, aswell as dosing your services. Note: plain DOS won't show anything(especially not a split packet warning) in the log: so I think it's safe to say whatever it is isn't technicially related to the attack.

It may be an exploit, are you using 0.3z-R4?

[Blackaslan]

Quote:

Originally Posted by Abagail Someone may be modifying packets, aswell as dosing your services. Note: plain DOS won't show anything(especially not a split packet warning) in the log: so I think it's safe to say whatever it is isn't technicially related to the attack. It may be an exploit, are you using 0.3z-R4?

(thanks for your help buddy) Yes I'm Using 0.3Z-R4 , and I agree with you , this can be an exploit

Maybe some Iptables can fix this? or a script against invisible bots?

Edit : https://sampforum.blast.hk/showthread.php?tid=494414&page=23

[Blackaslan]

My server is under attack yet :

Quote:

[18:43:45] Warning: dropping a split packet from client [18:43:45] Warning: dropping a split packet from client [18:43:45] Warning: dropping a split packet from client [18:43:45] Warning: dropping a split packet from client [18:43:45] Warning: dropping a split packet from client [18:43:45] Warning: dropping a split packet from client [18:43:45] Warning: dropping a split packet from client [18:43:45] Warning: dropping a split packet from client [18:43:45] Warning: dropping a split packet from client

Help?