[ivanp00]

Connect with this flood spoof IP addresses. That is thousands of connections per second, and no IP is not repeated. At least used to be so.
Sorry for my english.

[n0minal]

Do you really believe in your attacker? Do you trust him more than people here who are trying to help you? Really? The guys know what they are talking about, its not an exploit, its obviously an ddos attack.

[James_Braga]

Again , the server does not connect the players and disables them

[James_Braga]

Quote:

Originally Posted by n0minal Do you really believe in your attacker? Do you trust him more than people here who are trying to help you? Really? The guys know what they are talking about, its not an exploit, its obviously an ddos attack.

I know what a DDoS attack , and I know what a hole, I can distinguish them , we have the server is protected from external attacks , resistant to attack 500gbgps

[Khanz]

Quote:

Originally Posted by James_Braga I know what a DDoS attack , and I know what a hole, I can distinguish them , we have the server is protected from external attacks , resistant to attack 500gbgps

You mean the whole network is protected against 500gbps not just your single server.

[James_Braga]

Quote:

Originally Posted by Khanz You mean the whole network is protected against 500gbps not just your single server.

https://www.voxility.com/shop/security/anti-ddos

[Khanz]

...

Can you connect to your FTP while the server isn't connecting?

[James_Braga]

Quote:

Originally Posted by Khanz ... Can you connect to your FTP while the server isn't connecting?

yes everything is fine with the network , the CPU is stable.

[Blast3r]

Quote:

Originally Posted by James_Braga I know what a DDoS attack , and I know what a hole, I can distinguish them , we have the server is protected from external attacks , resistant to attack 500gbgps

Guess what... My community was told the same story "Anti ddos, unlimited attacks, best one ever woot!" yet it ended us getting ddosed A LOT until we decided to switch to OVH (which so far managed to stop them) and asked these guys for a refund. So yah it could easily be a ddos attack no matter if they say it's ddos protected.



EDIT: Sorry missed the "FTP works" part.

[Tamer]

He said FTP works, if It's a DDoS attack then FTP will not work too.

As soon as you restart the server does it get fixed?

There is a group attacking servers with DoS methods not DDoS though, I can confirm their existence.

[Dairyll]

Quote:

Originally Posted by Sew_Sumi No I'm not and I won't reply to you again... Even if people put up segments of logs, and screenshots showing "an issue" doesn't mean it's actually because of the bug they are claiming. It also doesn't mean that it's something that SA-MP should be taking care of, as quite often blocking IPs is the general "fix" for anything network related... But hey, are you here looking for a fix, or simply trying to be a whinger about it? As I said, Even if 6 out of 10 people have "evidence", what says that it's actually what they think? You're often asked in these situations, for further evidence, and background information... If this isn't followed up, again, it's more likely discarded as the fact is that it doesn't seem to be affecting you as it was, and you've not updated. Simple as that... -- Edit -- http://www.abbreviations.com/OT OT means Off Topic... However the statement there seems highly plausible, and seems like the direction that should be taken to fix this. If you were being affected by the attacks, then you could test it...

Read how I used OT again, I wasn't referring to the whole thread before I said OT. Lmao.

Me being "whinger"? I've been stating facts and fact-supported opinions on my previous posts. Stop trying to be a white knight for the devs, boy.

Anyways, blocking the IP's won't fix anything. As I've said on the previous posts, they're spoofing IP's. Read up on spoofing. Legitimate players who are trying to connect to a server that's being attacked will also have their IP's recorded. Right now, there's no way of telling what is real and what isn't on this exploit.

[Sew_Sumi]

Quote:

Originally Posted by Dairyll Read how I used OT again, I wasn't referring to the whole thread before I said OT. Lmao.

I was referring to your post you ignorant idiot... How you used it was incorrect.

Quote:

Originally Posted by Dairyll Me being "whinger"? I've been stating facts and fact-supported opinions on my previous posts. Stop trying to be a white knight for the devs, boy.

You're whinging over a previously unconfirmable exploit... Nothing "White knight" about it.

Quote:

Originally Posted by Dairyll Anyways, blocking the IP's won't fix anything. As I've said on the previous posts, they're spoofing IP's. Read up on spoofing. Legitimate players who are trying to connect to a server that's being attacked will also have their IP's recorded. Right now, there's no way of telling what is real and what isn't on this exploit.

I know that the blocking of IPs won't work on spoofed connections, but making a script that counts the connection overflow as an exploit, and shuts that IP down, as shown in that post that you linked, will cut out what attacks it can complete.

Now, as for "Legit players" being caught in the attacks "logs" is wrong... They won't cause the overflow because of the fact that they, aren't connecting thousands of times over, simply port flooding like a bitch.



Anyways kid, Sit the fuck back down... You wanna call me "boy", then I'll call you kid. Everything I've stated is my contribution, Even though I don't have any attacks or logs, it was pretty plain to see in the first reports of it that it resembled a port flood, doesn't take 10 seconds to add to that that it's possibly masqueraded (Either via the fact that the attacker uses botnets to do it, or through true masquerading), and after that, blocking the IPs, doesn't actually seem to be such a problem.

Anyone on those IPs should be told via the script to check their computer for viruses if those IPs connect. Fact is that to even counter this, being that many are on dynamic IPs and such, having a timeout for each block of the attack on that IP, with a re-check, and maybe have a week of unbanning it and re-banning if it starts attacking. 7 "hits" means perm-blocked.

Even go as far to run the server, adding all of those IPs to a list, checking for duplicates and removing the duplicates to get a more broad idea on how many IPs this thing is pumping out.


If you can't actually take heed of the advice shown in these posts, and even the post you yourself quoted, to test and advise the outcomes of those tests, then you, need to sort yourself out.

Really, DDoS protection should almost cover this attack by it's nature... Can't see why it can't be fixed via the DDoS protection everyone is paying for.

[Dairyll]

Quote:

Originally Posted by Sew_Sumi No I'm not and I won't reply to you again...

That went well.

Quote:

Originally Posted by Sew_Sumi I was referring to your post you ignorant idiot... How you used it was incorrect.

Calm down, boy. Re-read what I said. You'll figure out that I was actually going off topic (and talk about the actual thread). I wasn't using the noun "topic" to refer to the "thread". Simple English, lmao.

Anyways, let me try to respectfully break it down for you. And read what I'm going to type below in an unbiased manner so you'll be able to understand it fully.

You obviously have no idea what the exploit actually is based from what you're saying, no offense. If a simple DDoS protection can do it, then why do the "big" servers go down from this exploit as well knowing that these guys shell out $$$ on legit DDoS protection.

It's a SA-MP exploit that uses SA-MP packets. It's not a regular DDoS that targets a VPS/machine as a whole. It just attacks SA-MP.

No matter how well your DDoS protection works, you can't defend yourself from an exploit that happens in the platform/process itself.

PS: No need to start drama on here. Just PM me if you have an issue with what I'm saying.

[Sew_Sumi]

Quote:

Originally Posted by Dairyll That went well. ....... PS: No need to start drama on here. Just PM me if you have an issue with what I'm saying.

No need to be trolling on the development forum.

I'm not going to PM your sorry ass, fact is you can't even show you've done any of the tests in this thread, nor have you even shown you are being affected by it...



So again, Why are you in these threads?

Boosting your e-peen?

Quote:

Originally Posted by Dairyll No matter how well your DDoS protection works, you can't defend yourself from an exploit that happens in the platform/process itself.

Quite frankly, that's plain out bullshit... The overflows can be added to a blocking of IPs so it just removes them entirely from the situation.

After all, the log can report, and the script itself can also report what IPs are doing it, then you use scripts and powerscripts to make the firewalls drop EVERYTHING FROM THAT IP.

Even though the IP is spoofed, it can be blocked, even for a few minutes, and again, if it repeatedly attacks it can be added to a perm ignore...


Seriously, you need to stop being argumentative without supplying ANY reason on why, and how you are actually helping other than being a dick about you being called out on what you said.


In the meantime, several suggestions have been made, and if you aren't affected, aren't trying the fixes, or you aren't looking at the issue itself other than whinging that an exploit exists that doesn't affect you, then you should STFU.

[Dairyll]

Calm down Sew_Sumi. You stopped making sense when you started using cuss words, lmao. You're the one who keeps going off topic in an attempt to belittle me while I discuss what's actually the purpose of the thread. That's pretty sad, boy. Log out and get some fresh air.

But yeah, I'm on these threads so I can find a solution just in case any of the servers I host get affected. Anyone can participate in a brainstorm especially since this exploit has been going on for quite awhile now and lots of people are just anxious to get to the bottom of it. I'm trying to participate in the active discussion and you're tryna nitpick what I'm posting. LOL.

Like I said before, if anyone knows how to replicate these attacks, please come out. I'm willing to run tests on a dedi.

[Sew_Sumi]

Quote:

Originally Posted by Dairyll Calm down Sew_Sumi. You stopped making sense when you started using cuss words, lmao. You're the one who keeps going off topic in an attempt to belittle me while I discuss what's actually the purpose of the thread. That's pretty sad, boy. Log out and get some fresh air. But yeah, I'm on these threads so I can find a solution just in case any of the servers I host get affected. Anyone can participate in a brainstorm especially since this exploit has been going on for quite awhile now and lots of people are just anxious to get to the bottom of it. I'm trying to participate in the active discussion and you're tryna nitpick what I'm posting. LOL. Like I said before, if anyone knows how to replicate these attacks, please come out. I'm willing to run tests on a dedi.

You need to stop trolling.

You also need to stop passing the buck... You were the one who started name calling when I pointed out inaccuracies in what you'd stated...

If you can't handle having the facts pointed back to you, then you should stop replying now, as it's only going to get worse for you.

Quote:

Originally Posted by Dairyll I seriously doubt the fix will happen soon.

That's a very positive and re-enforcing statement right there... So why exactly should the devs REALLY fix that at your beck and call?

Quote:

Originally Posted by Dairyll You were asking for proofs/evidences awhile ago and now you're saying they're not "really required"? (Read below)

Now, just to clarify, you've actually mis-understood what was stated... Bigger servers PROVIDE THE INFORMATION THAT THE SA-MP TEAM NEED, WITHOUT BEING PROMPTED. Meaning that THEY AUTOMATICALLY KNOW WHAT INFO _WILL_ BE NEEDED WITHOUT BEING ASKED AND SUPPLY IT ACCORDINGLY.


Now either through you not reading things properly, or you simply not caring to, you've got the wrong end of the stick, and since the post above NOTHING you have stated has been related to the actual threads topic, except for your last post, which is really just you backtracking to "stay in topic rule guidelines"...

Quote:

Originally Posted by Dairyll PM Topic "Take a chill pill" You seem upset, boy. No need to ruin a good thread in your attempt to harass me.

You absolutely need to stop trolling, it's pretty obvious now you need to be reprimanded.

[Dairyll]

Like I said in the PM, stop ruining a good thread in your attempt to harass me, boy.

Stay on topic now please. Stop tryna change the course of the thread. If you're not going to contribute with fixing, then you should leave. Lmao.

PS: Typing it in all caps doesn't help at all with the point you're trying to make.

Edit: I sent you a PM. Stop being a child Sew_Sumi and actually contribute to this thread instead of making false claims that you are.

[Sew_Sumi]

Quote:

Originally Posted by Dairyll Like I said in the PM, stop ruining a good thread in your attempt to harass me, boy. Stay on topic now please. Lmao. PS: Typing it in all caps doesn't help at all with the point you're trying to make.

Since you're not being affected and all you've put up is third hand, I can guess you're doing nothing in this thread.


I've already explained how you can block the spoofed IP, yet you didn't reply to that part huh.


I'm on-topic, you're the one making out it's not... I've just been disagreeing with what you've posted on a few occasions, and if you can't handle that, then you need to take a time out, and learn some socialization skills, and some respect.

I'm still on topic, as I'm advising you that you, continuing to be argumentative and dismissive of the things pointed out to you because you aren't actually being affected, shows that you're simply in here to cause trouble...

You sending unsolicited PMs, is trolling considering the problem you are having... That is, that you're not caring to re-read what's been stated and you've been running with it for the whole time... yet you don't actually understand what was said, which isn't my issue, and you continue to troll for a response...

Quote:

Originally Posted by Dairyll Edit: I sent you a PM. Stop being a child Sew_Sumi and actually contribute to this thread instead of making false claims that you are.

More trolling after this was posted...

And another PM when it's absolutely clear that I'm not wanting to PM him...

Quote:

Originally Posted by Dairyll I'm just gonna stop replying to you on that thread. You're hopeless, lmao. Log out and get some fresh air. It'll be good for you since you seem so upset with me. LOL.

I think you're about ready to be banned...

[dugi]

This has gone too off-topic so I'm locking it.

Please post in https://sampforum.blast.hk/showthread.php?tid=549061 if you've issues with it and/or can provide more info.