1. SA-MP Forums Archive
  2. SA-MP Server
  3. Server Support

Threaded Mode
Connection flood
Kaperstone
Banned
Posts: 3,004
Threads: 12
Joined: May 2011
#181

26.08.2017, 18:47
Quote:
Originally Posted by iLearner
Посмотреть сообщение
I disagree. If you have a vps just change port and Create a default server on current port and tell your users to go there.
What is the point of this?
If he can get the ip address (a list of it, which isn't even an issue, you have an entire open source list for it), what is the problem here in switching one or two numbers?


Switching ports, nevertheless, causes a lose in players, who don't stay tuned on the forum and suddenly their favorite server appears to be offline.

The lose will be greater than living with the attack.


EDIT: I wanted to say that turning the cookies off is useless. (conncookies 0)
From personal experience, after attempting to turn off the cookies, that "requests connection cookie." turned into "Incoming Connection", or in other words, the attacker switched to ServerFullAttack (Players couldn't connect to the server because it said it was full, and only on luck they connected)
Find
Reply
adri[4]Life
Unregistered
 
#182

26.08.2017, 19:38
Please anyone do me a favor by posting today's attack ranges here.
Reply
Morpheus1992
Little Clucker
**
Posts: 38
Threads: 7
Joined: Jul 2011
Reputation: 0
#183

26.08.2017, 20:04
Quote:
Originally Posted by Dance94
Посмотреть сообщение
I don't understand why they continue with the same stupidity of block ip's in the firewall if everyone is aware that those ip's are false and the attacker can replace them with other false, this problem is not kalcor it's yours.

Kalcor cannot manage the security of your virtual server where you have stayed your server sa-mp.

Sorry if i don't understand, my native language is spanish
This is ofc not the fault of Server Owners, my Server is DDoS Protected with Anti DDoS Pro from OvH, this kind of Attack is just for SA:MP Servers, there should be a away to limit the Querys per IP as a Server Config Var or atleast a new Callback "OnQueryInfo" or something like and then block the IP with exec Plugin with iptables.

Why does other Multiplayers dont have such a Problem?
Find
Reply
Jefff
Banned
Posts: 2,593
Threads: 34
Joined: Dec 2007
#184

26.08.2017, 20:21
So does anyone knows how to block this query flood?
Find
Reply
Shaheen
Huge Clucker
***
Posts: 223
Threads: 45
Joined: Feb 2016
Reputation: 0
#185

26.08.2017, 20:24
Quote:
Originally Posted by Jefff
Посмотреть сообщение
So does anyone knows how to block this query flood?
Actually, No one could find a working and accurate solutions yet and many servers are being locked...
Find
Reply
Jefff
Banned
Posts: 2,593
Threads: 34
Joined: Dec 2007
#186

26.08.2017, 20:28
Sure but many servers working fine and im talking about query flood not incomming connection
Find
Reply
Kaperstone
Banned
Posts: 3,004
Threads: 12
Joined: May 2011
#187

26.08.2017, 20:29
Quote:
Originally Posted by Vince
View Post
Changing the minconnectiontime parameter in server.cfg might help. I believe by default this is set to 0 so there is no delay between connection requests. You can set this to 5 seconds (5000 milliseconds) or so, depending on how often players join and leave. It might help but it probably won't stop the flooding entirely.

Do these requests also trigger OnIncommingConnection? If so you might be able to filter some of them by their port numbers. Genuine clients will almost universally use a random dynamic port in the range 49152 through 65535. If the port number is lower than 49152 you can temporarily block the IP using BlockIpAddress.
The issue is that the flood doesn't reach a connection, it only requests a cookies and drops off.
There are no "Incoming Connection" as evidence to this.

It could help tho if there was something in the config to do
mincookietime to limit the cookie, which is requested before the connection.


About firewalling a range, from my last two logs (2G of this shit), this won't help.
You'll need to firewall 0 to 255

I have in my logs these ip's
Quote:

[26/08 02:24:45] [connection] incoming connection: 72.137.207.82:29501 id: 45
[26/08 02:24:45] [connection] incoming connection: 137.224.220.235:14728 id: 47
[26/08 02:24:45] [connection] incoming connection: 136.176.97.37:40778 id: 51
[26/08 02:24:45] [connection] incoming connection: 130.188.39.199:24302 id: 60
[26/08 02:24:45] [connection] incoming connection: 116.218.188.40:24880 id: 69
[26/08 02:24:45] [connection] incoming connection: 4.227.238.94:45160 id: 90
[26/08 02:24:45] [connection] incoming connection: 155.20.89.135:4243 id: 70
[26/08 02:24:45] [connection] incoming connection: 158.109.85.32:30045 id: 80
[26/08 02:24:45] [connection] incoming connection: 84.10.47.109:52085 id: 124
[26/08 02:24:45] [connection] incoming connection: 46.164.66.243:9222 id: 126
[26/08 02:24:45] [connection] incoming connection: 155.125.182.184:39582 id: 82
[26/08 02:24:45] [connection] incoming connection: 221.98.184.229:26861 id: 86
[26/08 02:24:45] [connection] incoming connection: 12.157.79.167:48454 id: 168
[26/08 02:24:45] [connection] incoming connection: 121.98.56.243:19838 id: 88
[26/08 02:24:45] [connection] incoming connection: 37.142.95.176:64620 id: 175
[26/08 02:24:45] [connection] incoming connection: 154.44.5.143:2014 id: 196
[26/08 02:24:45] [connection] incoming connection: 95.30.57.1:26757 id: 199
[26/08 02:24:46] [connection] incoming connection: 165.57.25.98:50015 id: 6
[26/08 02:24:46] [connection] incoming connection: 161.23.237.233:58871 id: 91
[26/08 02:24:46] [connection] incoming connection: 212.72.196.87:18678 id: 110
[26/08 02:24:46] [connection] incoming connection: 190.86.41.248:6581 id: 113
[26/08 02:24:46] [connection] incoming connection: 189.7.82.100:12468 id: 127
[26/08 02:24:46] [connection] incoming connection: 83.79.3.5:64839 id: 75
[26/08 02:24:46] [connection] incoming connection: 179.139.88.203:60271 id: 129
[26/08 02:24:46] [connection] incoming connection: 168.45.240.134:17075 id: 136
[26/08 02:24:46] [connection] incoming connection: 55.31.253.149:37455 id: 138
[26/08 02:24:46] [connection] incoming connection: 39.127.114.135:2574 id: 139
[26/08 02:24:46] [connection] incoming connection: 49.251.238.100:23764 id: 156
[26/08 02:24:46] [connection] incoming connection: 185.77.199.158:28161 id: 2
[26/08 02:24:46] [connection] incoming connection: 167.61.141.242:6848 id: 13
[26/08 02:24:46] [connection] incoming connection: 97.86.161.163:9094 id: 165
[26/08 02:24:46] [connection] incoming connection: 178.18.170.52:33720 id: 177
[26/08 02:24:46] [connection] incoming connection: 57.214.141.227:47863 id: 192
[26/08 02:24:47] [connection] incoming connection: 52.94.226.133:65499 id: 17
[26/08 02:24:47] [connection] incoming connection: 109.106.101.97:48340 id: 8
[26/08 02:24:47] [connection] incoming connection: 221.48.147.113:58003 id: 19
[26/08 02:24:47] [connection] incoming connection: 223.64.61.162:24609 id: 23
[26/08 02:24:47] [connection] incoming connection: 31.199.185.184:25503 id: 83
[26/08 02:24:47] [connection] incoming connection: 136.212.252.41:9113 id: 195
[26/08 02:24:47] [connection] incoming connection: 196.23.132.159:13136 id: 27
[26/08 02:24:47] [connection] incoming connection: 163.236.236.91:61266 id: 31
[26/08 02:24:47] [connection] incoming connection: 126.33.210.231:32093 id: 85
[26/08 02:24:47] [connection] incoming connection: 203.118.14.57:59577 id: 34
[26/08 02:24:47] [connection] incoming connection: 160.79.103.134:23797 id: 43
[26/08 02:24:47] [connection] incoming connection: 46.209.184.210:45653 id: 63
[26/08 02:24:47] [connection] incoming connection: 95.114.243.250:22837 id: 92
[26/08 02:24:47] [connection] incoming connection: 109.99.172.16:33482 id: 93
[26/08 02:24:47] [connection] incoming connection: 106.40.52.0:61913 id: 94
[26/08 02:24:47] [connection] incoming connection: 172.110.228.150:27597 id: 96
[26/08 02:24:47] [connection] incoming connection: 162.216.218.8:9488 id: 98
[26/08 02:24:47] [connection] incoming connection: 223.239.189.132:58889 id: 100
[26/08 02:24:47] [connection] incoming connection: 66.9.164.186:9203 id: 101
[26/08 02:24:47] [connection] incoming connection: 72.161.187.125:532 id: 5
[26/08 02:24:48] [connection] incoming connection: 78.143.2.88:21058 id: 102
[26/08 02:24:48] [connection] incoming connection: 133.12.196.94:44664 id: 25
[26/08 02:24:48] [connection] incoming connection: 110.114.194.7:12189 id: 61
[26/08 02:24:48] [connection] incoming connection: 81.82.160.57:29961 id: 103
(from the time I turned off the cookies)

As you can see, there are 223.* and there is even one 4.* and lots of between.

What we could only do is update Gamer_Z's Anti Server Full Attack plugin, turn off the cookies and use the plugin instead.
(As of now, it seems a lot more realistic than waiting for an update from Kalcor)
But unfortunately, the plugin works only for 0.3z R4.



EDIT: I noticed that the ports are even smaller than 49152, so targeting port is also useless.
Find
Reply
dugi
Beta Tester
*****
Posts: 2,350
Threads: 96
Joined: Jun 2007
Reputation: 0
#188

26.08.2017, 21:35
Quote:
Originally Posted by Jefff
View Post
Sure but many servers working fine and im talking about query flood not incomming connection
There's multiple attack types going on at the same time it seems, query flood is something servers have dealt with for 10 years now. You have to wait it out and inform your players that they can still join your server even though they can't query it.
Find
Reply
adri1
Banned
Posts: 1,779
Threads: 126
Joined: Oct 2010
#189

26.08.2017, 21:38
My server attacked with query flood, packets:
Code:
dropped privs to tcpdump
tcpdump: 17:26:41.651735 IP (tos 0x28, ttl 160, id 58072, offset 0, flags [none], proto UDP (17), length 39)
    181.245.192.67.35322 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2d8 0000 a011 6d36 b5f5 c043  E(.'......m6...C
	0x0010:  3ffb 145b 89fa 1e61 0013 cdd6 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 69                        ?..[a.i
17:26:41.651950 IP (tos 0x28, ttl 127, id 58083, offset 0, flags [none], proto UDP (17), length 43)
    180.118.217.234.38257 > MY_SERVER_IP.7777: UDP, payload 15
	0x0000:  4528 002b e2e3 0000 7f11 75ff b476 d9ea  E(.+......u..v..
	0x0010:  3ffb 145b 9571 1e61 0017 08bc 5341 4d50  ?..[.q.a....SAMP
	0x0020:  3ffb 145b 611e 7035 693e 31              ?..[a.p5i>1
17:26:41.652117 IP (tos 0x28, ttl 160, id 58075, offset 0, flags [none], proto UDP (17), length 39)
    181.245.192.67.35322 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2db 0000 a011 6d33 b5f5 c043  E(.'......m3...C
	0x0010:  3ffb 145b 89fa 1e61 0013 cdd6 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 69                        ?..[a.i
17:26:41.652355 IP (tos 0x28, ttl 177, id 58063, offset 0, flags [none], proto UDP (17), length 43)
    180.142.121.215.59943 > MY_SERVER_IP.7777: UDP, payload 15
	0x0000:  4528 002b e2cf 0000 b111 a40e b48e 79d7  E(.+..........y.
	0x0010:  3ffb 145b ea27 1e61 0017 9260 5341 4d50  ?..[.'.a...`SAMP
	0x0020:  3ffb 145b 611e 7052 04c2 17              ?..[a.pR...
17:26:41.652713 IP (tos 0x28, ttl 131, id 58081, offset 0, flags [none], proto UDP (17), length 43)
    186.81.236.126.6080 > MY_SERVER_IP.7777: UDP, payload 15
	0x0000:  4528 002b e2e1 0000 8311 5992 ba51 ec7e  E(.+......Y..Q.~
	0x0010:  3ffb 145b 17c0 1e61 0017 ac06 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 7016 8254 da              ?..[a.p..T.
17:26:41.652760 IP (tos 0x28, ttl 59, id 58077, offset 0, flags [none], proto UDP (17), length 39)
    190.88.47.68.38488 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2dd 0000 3b11 5ace be58 2f44  E(.'....;.Z..X/D
	0x0010:  3ffb 145b 9658 1e61 0013 5015 5341 4d50  ?..[.X.a..P.SAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.653283 IP (tos 0x28, ttl 177, id 58064, offset 0, flags [none], proto UDP (17), length 43)
    180.142.121.215.59943 > MY_SERVER_IP.7777: UDP, payload 15
	0x0000:  4528 002b e2d0 0000 b111 a40d b48e 79d7  E(.+..........y.
	0x0010:  3ffb 145b ea27 1e61 0017 9260 5341 4d50  ?..[.'.a...`SAMP
	0x0020:  3ffb 145b 611e 7052 04c2 17              ?..[a.pR...
17:26:41.653301 IP (tos 0x28, ttl 73, id 58066, offset 0, flags [none], proto UDP (17), length 39)
    201.195.57.88.54656 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2d2 0000 4911 375a c9c3 3958  E(.'....I.7Z..9X
	0x0010:  3ffb 145b d580 1e61 0013 f56d 5341 4d50  ?..[...a...mSAMP
	0x0020:  3ffb 145b 611e 69                        ?..[a.i
17:26:41.653558 IP (tos 0x28, ttl 144, id 58055, offset 0, flags [none], proto UDP (17), length 32)
    186.93.183.213.58787 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e2c7 0000 9011 8154 ba5d b7d5  E(.........T.]..
	0x0010:  3ffb 145b e5a3 1e61 000c b54f 081e 77da  ?..[...a...O..w.
17:26:41.653812 IP (tos 0x28, ttl 64, id 58082, offset 0, flags [none], proto UDP (17), length 43)
    181.245.192.67.35322 > MY_SERVER_IP.7777: UDP, payload 15
	0x0000:  4528 002b e2e2 0000 4011 cd28 b5f5 c043  E(.+....@..(...C
	0x0010:  3ffb 145b 89fa 1e61 0017 b31e 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 70bc cef3 44              ?..[a.p...D
17:26:41.654011 IP (tos 0x28, ttl 43, id 58093, offset 0, flags [none], proto UDP (17), length 39)
    180.118.217.234.38257 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2ed 0000 2b11 c9f9 b476 d9ea  E(.'....+....v..
	0x0010:  3ffb 145b 9571 1e61 0013 b037 5341 4d50  ?..[.q.a...7SAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.654156 IP (tos 0x28, ttl 64, id 58085, offset 0, flags [none], proto UDP (17), length 43)
    181.245.192.67.35322 > MY_SERVER_IP.7777: UDP, payload 15
	0x0000:  4528 002b e2e5 0000 4011 cd25 b5f5 c043  E(.+....@..%...C
	0x0010:  3ffb 145b 89fa 1e61 0017 b31e 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 70bc cef3 44              ?..[a.p...D
17:26:41.654163 IP (tos 0x28, ttl 143, id 58084, offset 0, flags [none], proto UDP (17), length 32)
    181.45.54.168.16270 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e2e4 0000 8f11 0895 b52d 36a8  E(...........-6.
	0x0010:  3ffb 145b 3f8e 1e61 000c e1c2 081e 77da  ?..[?..a......w.
17:26:41.654377 IP (tos 0x28, ttl 143, id 58086, offset 0, flags [none], proto UDP (17), length 32)
    181.45.54.168.16270 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e2e6 0000 8f11 0893 b52d 36a8  E(...........-6.
	0x0010:  3ffb 145b 3f8e 1e61 000c e1c2 081e 77da  ?..[?..a......w.
17:26:41.654431 IP (tos 0x28, ttl 193, id 58078, offset 0, flags [none], proto UDP (17), length 39)
    180.142.121.215.59943 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2de 0000 c111 9403 b48e 79d7  E(.'..........y.
	0x0010:  3ffb 145b ea27 1e61 0013 bb7c 5341 4d50  ?..[.'.a...|SAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.654773 IP (tos 0x28, ttl 50, id 58091, offset 0, flags [none], proto UDP (17), length 39)
    186.81.236.126.6080 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2eb 0000 3211 aa8c ba51 ec7e  E(.'....2....Q.~
	0x0010:  3ffb 145b 17c0 1e61 0013 157a 5341 4d50  ?..[...a...zSAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.654935 IP (tos 0x28, ttl 44, id 58087, offset 0, flags [none], proto UDP (17), length 39)
    190.88.47.68.38488 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2e7 0000 2c11 69c4 be58 2f44  E(.'....,.i..X/D
	0x0010:  3ffb 145b 9658 1e61 0013 4115 5341 4d50  ?..[.X.a..A.SAMP
	0x0020:  3ffb 145b 611e 72                        ?..[a.r
17:26:41.654986 IP (tos 0x28, ttl 160, id 58098, offset 0, flags [none], proto UDP (17), length 32)
    180.142.121.215.35141 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e2f2 0000 a011 b4f6 b48e 79d7  E(............y.
	0x0010:  3ffb 145b 8945 1e61 000c 557b 081e 77da  ?..[.E.a..U{..w.
17:26:41.655290 IP (tos 0x28, ttl 10, id 58080, offset 0, flags [none], proto UDP (17), length 43)
    201.195.57.88.54656 > MY_SERVER_IP.7777: UDP, payload 15
	0x0000:  4528 002b e2e0 0000 0a11 7648 c9c3 3958  E(.+......vH..9X
	0x0010:  3ffb 145b d580 1e61 0017 47ab 5341 4d50  ?..[...a..G.SAMP
	0x0020:  3ffb 145b 611e 7099 2a21 7c              ?..[a.p.*!|
17:26:41.655295 IP (tos 0x28, ttl 193, id 58079, offset 0, flags [none], proto UDP (17), length 39)
    180.142.121.215.59943 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2df 0000 c111 9402 b48e 79d7  E(.'..........y.
	0x0010:  3ffb 145b ea27 1e61 0013 bb7c 5341 4d50  ?..[.'.a...|SAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.655587 IP (tos 0x28, ttl 131, id 58065, offset 0, flags [none], proto UDP (17), length 32)
    186.93.183.213.58787 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e2d1 0000 8311 8e4a ba5d b7d5  E(.........J.]..
	0x0010:  3ffb 145b e5a3 1e61 000c b54f 081e 77da  ?..[...a...O..w.
17:26:41.655857 IP (tos 0x28, ttl 160, id 58099, offset 0, flags [none], proto UDP (17), length 32)
    180.142.121.215.35141 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e2f3 0000 a011 b4f5 b48e 79d7  E(............y.
	0x0010:  3ffb 145b 8945 1e61 000c 557b 081e 77da  ?..[.E.a..U{..w.
17:26:41.655909 IP (tos 0x28, ttl 145, id 58092, offset 0, flags [none], proto UDP (17), length 39)
    181.245.192.67.35322 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2ec 0000 9111 7c22 b5f5 c043  E(.'......|"...C
	0x0010:  3ffb 145b 89fa 1e61 0013 d3d6 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.656138 IP (tos 0x28, ttl 145, id 58094, offset 0, flags [none], proto UDP (17), length 39)
    181.245.192.67.35322 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2ee 0000 9111 7c20 b5f5 c043  E(.'......|....C
	0x0010:  3ffb 145b 89fa 1e61 0013 d3d6 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.656194 IP (tos 0x28, ttl 50, id 58095, offset 0, flags [none], proto UDP (17), length 32)
    181.45.54.168.16270 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e2ef 0000 3211 658a b52d 36a8  E(......2.e..-6.
	0x0010:  3ffb 145b 3f8e 1e61 000c e1c2 081e 77da  ?..[?..a......w.
17:26:41.656550 IP (tos 0x28, ttl 50, id 58096, offset 0, flags [none], proto UDP (17), length 32)
    181.45.54.168.16270 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e2f0 0000 3211 6589 b52d 36a8  E(......2.e..-6.
	0x0010:  3ffb 145b 3f8e 1e61 000c e1c2 081e 77da  ?..[?..a......w.
17:26:41.656600 IP (tos 0x28, ttl 151, id 58088, offset 0, flags [none], proto UDP (17), length 39)
    180.142.121.215.59943 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2e8 0000 9711 bdf9 b48e 79d7  E(.'..........y.
	0x0010:  3ffb 145b ea27 1e61 0013 ac7c 5341 4d50  ?..[.'.a...|SAMP
	0x0020:  3ffb 145b 611e 72                        ?..[a.r
17:26:41.656821 IP (tos 0x28, ttl 74, id 58101, offset 0, flags [none], proto UDP (17), length 39)
    186.81.236.126.6080 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2f5 0000 4a11 9282 ba51 ec7e  E(.'....J....Q.~
	0x0010:  3ffb 145b 17c0 1e61 0013 067a 5341 4d50  ?..[...a...zSAMP
	0x0020:  3ffb 145b 611e 72                        ?..[a.r
17:26:41.656870 IP (tos 0x28, ttl 154, id 58097, offset 0, flags [none], proto UDP (17), length 32)
    190.88.47.68.56216 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e2f1 0000 9a11 fbc0 be58 2f44  E(...........X/D
	0x0010:  3ffb 145b db98 1e61 000c 43f1 081e 77da  ?..[...a..C...w.
17:26:41.657046 IP (tos 0x28, ttl 193, id 58110, offset 0, flags [none], proto UDP (17), length 32)
    180.142.121.215.35141 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e2fe 0000 c111 93ea b48e 79d7  E(............y.
	0x0010:  3ffb 145b 8945 1e61 000c 557b 081e 77da  ?..[.E.a..U{..w.
17:26:41.657281 IP (tos 0x28, ttl 151, id 58089, offset 0, flags [none], proto UDP (17), length 39)
    180.142.121.215.59943 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2e9 0000 9711 bdf8 b48e 79d7  E(.'..........y.
	0x0010:  3ffb 145b ea27 1e61 0013 ac7c 5341 4d50  ?..[.'.a...|SAMP
	0x0020:  3ffb 145b 611e 72                        ?..[a.r
17:26:41.657381 IP (tos 0x28, ttl 155, id 58090, offset 0, flags [none], proto UDP (17), length 39)
    201.195.57.88.54656 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2ea 0000 9b11 e541 c9c3 3958  E(.'.......A..9X
	0x0010:  3ffb 145b d580 1e61 0013 fb6d 5341 4d50  ?..[...a...mSAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.657823 IP (tos 0x28, ttl 193, id 58111, offset 0, flags [none], proto UDP (17), length 32)
    180.142.121.215.35141 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e2ff 0000 c111 93e9 b48e 79d7  E(............y.
	0x0010:  3ffb 145b 8945 1e61 000c 557b 081e 77da  ?..[.E.a..U{..w.
17:26:41.657894 IP (tos 0x28, ttl 222, id 58112, offset 0, flags [none], proto UDP (17), length 32)
    201.195.57.88.20044 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e300 0000 de11 a232 c9c3 3958  E(.........2..9X
	0x0010:  3ffb 145b 4e4c 1e61 000c bbbe 081e 77da  ?..[NL.a......w.
17:26:41.657936 IP (tos 0x28, ttl 145, id 58102, offset 0, flags [none], proto UDP (17), length 39)
    181.245.192.67.35322 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2f6 0000 9111 7c18 b5f5 c043  E(.'......|....C
	0x0010:  3ffb 145b 89fa 1e61 0013 c4d6 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 72                        ?..[a.r
17:26:41.658208 IP (tos 0x28, ttl 145, id 58104, offset 0, flags [none], proto UDP (17), length 39)
    181.245.192.67.35322 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2f8 0000 9111 7c16 b5f5 c043  E(.'......|....C
	0x0010:  3ffb 145b 89fa 1e61 0013 c4d6 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 72                        ?..[a.r
17:26:41.658276 IP (tos 0x28, ttl 131, id 58105, offset 0, flags [none], proto UDP (17), length 32)
    181.45.54.168.16270 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e2f9 0000 8311 1480 b52d 36a8  E(...........-6.
	0x0010:  3ffb 145b 3f8e 1e61 000c e1c2 081e 77da  ?..[?..a......w.
17:26:41.658566 IP (tos 0x28, ttl 131, id 58107, offset 0, flags [none], proto UDP (17), length 32)
    181.45.54.168.16270 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e2fb 0000 8311 147e b52d 36a8  E(.........~.-6.
	0x0010:  3ffb 145b 3f8e 1e61 000c e1c2 081e 77da  ?..[?..a......w.
17:26:41.658648 IP (tos 0x0, ttl 64, id 60440, offset 0, flags [DF], proto UDP (17), length 43)
    MY_SERVER_IP.7777 > 181.245.192.67.35322: UDP, payload 15
	0x0000:  4500 002b ec18 4000 4011 841a 3ffb 145b  E..+..@.@...?..[
	0x0010:  b5f5 c043 1e61 89fa 0017 cab7 5341 4d50  ...C.a......SAMP
	0x0020:  3ffb 145b 611e 70bc cef3 44              ?..[a.p...D
17:26:41.658653 IP (tos 0x0, ttl 64, id 60441, offset 0, flags [DF], proto UDP (17), length 43)
    MY_SERVER_IP.7777 > 181.245.192.67.35322: UDP, payload 15
	0x0000:  4500 002b ec19 4000 4011 8419 3ffb 145b  E..+..@.@...?..[
	0x0010:  b5f5 c043 1e61 89fa 0017 cab7 5341 4d50  ...C.a......SAMP
	0x0020:  3ffb 145b 611e 70bc cef3 44              ?..[a.p...D
17:26:41.658661 IP (tos 0x0, ttl 64, id 60442, offset 0, flags [DF], proto UDP (17), length 41)
    MY_SERVER_IP.7777 > 181.245.192.67.35322: UDP, payload 13
	0x0000:  4500 0029 ec1a 4000 4011 841a 3ffb 145b  E..)..@.@...?..[
	0x0010:  b5f5 c043 1e61 89fa 0015 cab5 5341 4d50  ...C.a......SAMP
	0x0020:  3ffb 145b 611e 6300 00                   ?..[a.c..
17:26:41.658667 IP (tos 0x0, ttl 64, id 60443, offset 0, flags [DF], proto UDP (17), length 41)
    MY_SERVER_IP.7777 > 181.245.192.67.35322: UDP, payload 13
	0x0000:  4500 0029 ec1b 4000 4011 8419 3ffb 145b  E..)..@.@...?..[
	0x0010:  b5f5 c043 1e61 89fa 0015 cab5 5341 4d50  ...C.a......SAMP
	0x0020:  3ffb 145b 611e 6300 00                   ?..[a.c..
17:26:41.658672 IP (tos 0x0, ttl 64, id 60444, offset 0, flags [DF], proto UDP (17), length 145)
    MY_SERVER_IP.7777 > 181.245.192.67.35322: UDP, payload 117
	0x0000:  4500 0091 ec1c 4000 4011 83b0 3ffb 145b  E.....@.@...?..[
	0x0010:  b5f5 c043 1e61 89fa 007d cb1d 5341 4d50  ...C.a...}..SAMP
	0x0020:  3ffb 145b 611e 7206 0007 6c61 6763 6f6d  ?..[a.r...lagcom
	0x0030:  7002 4f6e 076d 6170 6e61 6d65 0b53 616e  p.On.mapname.San
	0x0040:  2041 6e64 7265 6173 0776 6572 7369 6f6e  .Andreas.version
	0x0050:  0830                                     .0
17:26:41.658686 IP (tos 0x0, ttl 64, id 60445, offset 0, flags [DF], proto UDP (17), length 145)
    MY_SERVER_IP.7777 > 181.245.192.67.35322: UDP, payload 117
	0x0000:  4500 0091 ec1d 4000 4011 83af 3ffb 145b  E.....@.@...?..[
	0x0010:  b5f5 c043 1e61 89fa 007d cb1d 5341 4d50  ...C.a...}..SAMP
	0x0020:  3ffb 145b 611e 7206 0007 6c61 6763 6f6d  ?..[a.r...lagcom
	0x0030:  7002 4f6e 076d 6170 6e61 6d65 0b53 616e  p.On.mapname.San
	0x0040:  2041 6e64 7265 6173 0776 6572 7369 6f6e  .Andreas.version
	0x0050:  0830                                     .0
17:26:41.658895 IP (tos 0x28, ttl 170, id 58109, offset 0, flags [none], proto UDP (17), length 32)
    190.88.47.68.56216 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e2fd 0000 aa11 ebb4 be58 2f44  E(...........X/D
	0x0010:  3ffb 145b db98 1e61 000c 43f1 081e 77da  ?..[...a..C...w.
17:26:41.658988 IP (tos 0x28, ttl 126, id 58115, offset 0, flags [none], proto UDP (17), length 32)
    180.118.217.234.40657 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e303 0000 7e11 76ea b476 d9ea  E(......~.v..v..
	0x0010:  3ffb 145b 9ed1 1e61 000c dff3 081e 77da  ?..[...a......w.
17:26:41.658992 IP (tos 0x28, ttl 85, id 58120, offset 0, flags [none], proto UDP (17), length 39)
    180.118.217.234.38257 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e308 0000 5511 9fde b476 d9ea  E(.'....U....v..
	0x0010:  3ffb 145b 9571 1e61 0013 aa37 5341 4d50  ?..[.q.a...7SAMP
	0x0020:  3ffb 145b 611e 69                        ?..[a.i
17:26:41.659159 IP (tos 0x28, ttl 82, id 58121, offset 0, flags [none], proto UDP (17), length 32)
    180.142.121.215.35141 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e309 0000 5211 02e0 b48e 79d7  E(......R.....y.
	0x0010:  3ffb 145b 8945 1e61 000c 557b 081e 77da  ?..[.E.a..U{..w.
17:26:41.659532 IP (tos 0x28, ttl 58, id 58100, offset 0, flags [none], proto UDP (17), length 39)
    201.195.57.88.54656 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2f4 0000 3a11 4638 c9c3 3958  E(.'....:.F8..9X
	0x0010:  3ffb 145b d580 1e61 0013 ec6d 5341 4d50  ?..[...a...mSAMP
	0x0020:  3ffb 145b 611e 72                        ?..[a.r
17:26:41.659887 IP (tos 0x28, ttl 132, id 58122, offset 0, flags [none], proto UDP (17), length 39)
    186.208.142.148.42085 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e30a 0000 8411 b5d8 bad0 8e94  E(.'............
	0x0010:  3ffb 145b a465 1e61 0013 e03f 5341 4d50  ?..[.e.a...?SAMP
	0x0020:  3ffb 145b 611e 69                        ?..[a.i
17:26:41.659936 IP (tos 0x28, ttl 82, id 58123, offset 0, flags [none], proto UDP (17), length 32)
    180.142.121.215.35141 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e30b 0000 5211 02de b48e 79d7  E(......R.....y.
	0x0010:  3ffb 145b 8945 1e61 000c 557b 081e 77da  ?..[.E.a..U{..w.
17:26:41.659948 IP (tos 0x28, ttl 184, id 58125, offset 0, flags [none], proto UDP (17), length 32)
    201.195.57.88.20044 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e30d 0000 b811 c825 c9c3 3958  E(.........%..9X
	0x0010:  3ffb 145b 4e4c 1e61 000c bbbe 081e 77da  ?..[NL.a......w.
17:26:41.660090 IP (tos 0x28, ttl 19, id 58106, offset 0, flags [none], proto UDP (17), length 39)
    180.54.98.44.32336 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2fa 0000 1311 59eb b436 622c  E(.'......Y..6b,
	0x0010:  3ffb 145b 7e50 1e61 0013 3957 5341 4d50  ?..[~P.a..9WSAMP
	0x0020:  3ffb 145b 611e 69                        ?..[a.i
17:26:41.660346 IP (tos 0x28, ttl 19, id 58108, offset 0, flags [none], proto UDP (17), length 39)
    180.54.98.44.32336 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e2fc 0000 1311 59e9 b436 622c  E(.'......Y..6b,
	0x0010:  3ffb 145b 7e50 1e61 0013 3957 5341 4d50  ?..[~P.a..9WSAMP
	0x0020:  3ffb 145b 611e 69                        ?..[a.i
17:26:41.660720 IP (tos 0x28, ttl 132, id 58124, offset 0, flags [none], proto UDP (17), length 39)
    186.208.142.148.42085 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e30c 0000 8411 b5d6 bad0 8e94  E(.'............
	0x0010:  3ffb 145b a465 1e61 0013 e03f 5341 4d50  ?..[.e.a...?SAMP
	0x0020:  3ffb 145b 611e 69                        ?..[a.i
17:26:41.661068 IP (tos 0x28, ttl 127, id 58132, offset 0, flags [none], proto UDP (17), length 43)
    180.118.217.234.38257 > MY_SERVER_IP.7777: UDP, payload 15
	0x0000:  4528 002b e314 0000 7f11 75ce b476 d9ea  E(.+......u..v..
	0x0010:  3ffb 145b 9571 1e61 0017 08bc 5341 4d50  ?..[.q.a....SAMP
	0x0020:  3ffb 145b 611e 7035 693e 31              ?..[a.p5i>1
17:26:41.661080 IP (tos 0x28, ttl 52, id 58128, offset 0, flags [none], proto UDP (17), length 32)
    180.118.217.234.40657 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e310 0000 3411 c0dd b476 d9ea  E(......4....v..
	0x0010:  3ffb 145b 9ed1 1e61 000c dff3 081e 77da  ?..[...a......w.
17:26:41.661565 IP (tos 0x28, ttl 131, id 58113, offset 0, flags [none], proto UDP (17), length 32)
    186.81.236.126.19582 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e301 0000 8311 597d ba51 ec7e  E(........Y}.Q.~
	0x0010:  3ffb 145b 4c7e 1e61 000c 19d8 081e 77da  ?..[L~.a......w.
17:26:41.662053 IP (tos 0x28, ttl 167, id 58117, offset 0, flags [none], proto UDP (17), length 43)
    180.54.98.44.32336 > MY_SERVER_IP.7777: UDP, payload 15
	0x0000:  4528 002b e305 0000 a711 c5db b436 622c  E(.+.........6b,
	0x0010:  3ffb 145b 7e50 1e61 0017 bd16 5341 4d50  ?..[~P.a....SAMP
	0x0020:  3ffb 145b 611e 706c 00cc 74              ?..[a.pl..t
17:26:41.662140 IP (tos 0x28, ttl 223, id 58135, offset 0, flags [none], proto UDP (17), length 32)
    201.195.57.88.20044 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e317 0000 df11 a11b c9c3 3958  E(............9X
	0x0010:  3ffb 145b 4e4c 1e61 000c bbbe 081e 77da  ?..[NL.a......w.
17:26:41.662309 IP (tos 0x28, ttl 167, id 58118, offset 0, flags [none], proto UDP (17), length 43)
    180.54.98.44.32336 > MY_SERVER_IP.7777: UDP, payload 15
	0x0000:  4528 002b e306 0000 a711 c5da b436 622c  E(.+.........6b,
	0x0010:  3ffb 145b 7e50 1e61 0017 bd16 5341 4d50  ?..[~P.a....SAMP
	0x0020:  3ffb 145b 611e 706c 00cc 74              ?..[a.pl..t
17:26:41.663007 IP (tos 0x28, ttl 157, id 58138, offset 0, flags [none], proto UDP (17), length 39)
    186.93.183.213.2680 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e31a 0000 9d11 73fa ba5d b7d5  E(.'......s..]..
	0x0010:  3ffb 145b 0a78 1e61 0013 515f 5341 4d50  ?..[.x.a..Q_SAMP
	0x0020:  3ffb 145b 611e 69                        ?..[a.i
17:26:41.663130 IP (tos 0x28, ttl 43, id 58147, offset 0, flags [none], proto UDP (17), length 39)
    180.118.217.234.38257 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e323 0000 2b11 c9c3 b476 d9ea  E(.'.#..+....v..
	0x0010:  3ffb 145b 9571 1e61 0013 b037 5341 4d50  ?..[.q.a...7SAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.663136 IP (tos 0x28, ttl 222, id 58140, offset 0, flags [none], proto UDP (17), length 39)
    181.108.51.199.65481 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e31c 0000 de11 bbf7 b56c 33c7  E(.'.........l3.
	0x0010:  3ffb 145b ffc9 1e61 0013 e50c 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 69                        ?..[a.i
17:26:41.663194 IP (tos 0x28, ttl 157, id 58141, offset 0, flags [none], proto UDP (17), length 32)
    180.118.217.234.40657 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e31d 0000 9d11 57d0 b476 d9ea  E(........W..v..
	0x0010:  3ffb 145b 9ed1 1e61 000c dff3 081e 77da  ?..[...a......w.
17:26:41.663549 IP (tos 0x28, ttl 222, id 58144, offset 0, flags [none], proto UDP (17), length 39)
    181.108.51.199.65481 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e320 0000 de11 bbf3 b56c 33c7  E(.'.........l3.
	0x0010:  3ffb 145b ffc9 1e61 0013 e50c 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 69                        ?..[a.i
17:26:41.663720 IP (tos 0x28, ttl 125, id 58126, offset 0, flags [none], proto UDP (17), length 32)
    186.81.236.126.19582 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e30e 0000 7d11 5f70 ba51 ec7e  E(......}._p.Q.~
	0x0010:  3ffb 145b 4c7e 1e61 000c 19d8 081e 77da  ?..[L~.a......w.
17:26:41.664079 IP (tos 0x28, ttl 92, id 58130, offset 0, flags [none], proto UDP (17), length 39)
    180.54.98.44.32336 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e312 0000 5c11 10d3 b436 622c  E(.'....\....6b,
	0x0010:  3ffb 145b 7e50 1e61 0013 3f57 5341 4d50  ?..[~P.a..?WSAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.664138 IP (tos 0x28, ttl 213, id 58148, offset 0, flags [none], proto UDP (17), length 39)
    186.208.142.148.42085 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e324 0000 d511 64be bad0 8e94  E(.'.$....d.....
	0x0010:  3ffb 145b a465 1e61 0013 e63f 5341 4d50  ?..[.e.a...?SAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.664263 IP (tos 0x28, ttl 117, id 58114, offset 0, flags [none], proto UDP (17), length 32)
    181.245.192.67.7997 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e302 0000 7511 9813 b5f5 c043  E(......u......C
	0x0010:  3ffb 145b 1f3d 1e61 000c 77b0 081e 77da  ?..[.=.a..w...w.
17:26:41.664342 IP (tos 0x28, ttl 92, id 58131, offset 0, flags [none], proto UDP (17), length 39)
    180.54.98.44.32336 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e313 0000 5c11 10d2 b436 622c  E(.'....\....6b,
	0x0010:  3ffb 145b 7e50 1e61 0013 3f57 5341 4d50  ?..[~P.a..?WSAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.664637 IP (tos 0x28, ttl 117, id 58116, offset 0, flags [none], proto UDP (17), length 32)
    181.245.192.67.7997 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e304 0000 7511 9811 b5f5 c043  E(......u......C
	0x0010:  3ffb 145b 1f3d 1e61 000c 77b0 081e 77da  ?..[.=.a..w...w.
17:26:41.664813 IP (tos 0x28, ttl 213, id 58149, offset 0, flags [none], proto UDP (17), length 39)
    186.208.142.148.42085 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e325 0000 d511 64bd bad0 8e94  E(.'.%....d.....
	0x0010:  3ffb 145b a465 1e61 0013 e63f 5341 4d50  ?..[.e.a...?SAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.665051 IP (tos 0x28, ttl 71, id 58151, offset 0, flags [none], proto UDP (17), length 43)
    186.93.183.213.2680 > MY_SERVER_IP.7777: UDP, payload 15
	0x0000:  4528 002b e327 0000 4711 c9e9 ba5d b7d5  E(.+.'..G....]..
	0x0010:  3ffb 145b 0a78 1e61 0017 84ba 5341 4d50  ?..[.x.a....SAMP
	0x0020:  3ffb 145b 611e 70a8 07f4 bd              ?..[a.p....
17:26:41.665201 IP (tos 0x28, ttl 47, id 58152, offset 0, flags [none], proto UDP (17), length 43)
    181.108.51.199.65481 > MY_SERVER_IP.7777: UDP, payload 15
	0x0000:  4528 002b e328 0000 2f11 6ae8 b56c 33c7  E(.+.(../.j..l3.
	0x0010:  3ffb 145b ffc9 1e61 0017 a4ce 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 707f 35b7 03              ?..[a.p.5..
17:26:41.665523 IP (tos 0x28, ttl 129, id 58155, offset 0, flags [none], proto UDP (17), length 32)
    180.54.98.44.49437 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e32b 0000 8111 ebc0 b436 622c  E(...+.......6b,
	0x0010:  3ffb 145b c11d 1e61 000c 35a6 081e 77da  ?..[...a..5...w.
17:26:41.665590 IP (tos 0x28, ttl 47, id 58154, offset 0, flags [none], proto UDP (17), length 43)
    181.108.51.199.65481 > MY_SERVER_IP.7777: UDP, payload 15
	0x0000:  4528 002b e32a 0000 2f11 6ae6 b56c 33c7  E(.+.*../.j..l3.
	0x0010:  3ffb 145b ffc9 1e61 0017 a4ce 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 707f 35b7 03              ?..[a.p.5..
17:26:41.665739 IP (tos 0x28, ttl 129, id 58156, offset 0, flags [none], proto UDP (17), length 32)
    180.54.98.44.49437 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e32c 0000 8111 ebbf b436 622c  E(...,.......6b,
	0x0010:  3ffb 145b c11d 1e61 000c 35a6 081e 77da  ?..[...a..5...w.
17:26:41.665754 IP (tos 0x28, ttl 128, id 58142, offset 0, flags [none], proto UDP (17), length 39)
    180.170.106.90.48754 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e31e 0000 8011 e424 b4aa 6a5a  E(.'.......$..jZ
	0x0010:  3ffb 145b be72 1e61 0013 f092 5341 4d50  ?..[.r.a....SAMP
	0x0020:  3ffb 145b 611e 69                        ?..[a.i
17:26:41.665761 IP (tos 0x28, ttl 4, id 58137, offset 0, flags [none], proto UDP (17), length 32)
    186.81.236.126.19582 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e319 0000 0411 d865 ba51 ec7e  E(.........e.Q.~
	0x0010:  3ffb 145b 4c7e 1e61 000c 19d8 081e 77da  ?..[L~.a......w.
17:26:41.666080 IP (tos 0x28, ttl 167, id 58158, offset 0, flags [none], proto UDP (17), length 39)
    186.208.142.148.42085 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e32e 0000 a711 92b4 bad0 8e94  E(.'............
	0x0010:  3ffb 145b a465 1e61 0013 d73f 5341 4d50  ?..[.e.a...?SAMP
	0x0020:  3ffb 145b 611e 72                        ?..[a.r
17:26:41.666180 IP (tos 0x28, ttl 206, id 58145, offset 0, flags [none], proto UDP (17), length 39)
    180.54.98.44.32336 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e321 0000 ce11 9ec3 b436 622c  E(.'.!.......6b,
	0x0010:  3ffb 145b 7e50 1e61 0013 3057 5341 4d50  ?..[~P.a..0WSAMP
	0x0020:  3ffb 145b 611e 72                        ?..[a.r
17:26:41.666308 IP (tos 0x28, ttl 238, id 58127, offset 0, flags [none], proto UDP (17), length 32)
    181.245.192.67.7997 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e30f 0000 ee11 1f06 b5f5 c043  E(.............C
	0x0010:  3ffb 145b 1f3d 1e61 000c 77b0 081e 77da  ?..[.=.a..w...w.
17:26:41.666316 IP (tos 0x28, ttl 206, id 58146, offset 0, flags [none], proto UDP (17), length 39)
    180.54.98.44.32336 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e322 0000 ce11 9ec2 b436 622c  E(.'.".......6b,
	0x0010:  3ffb 145b 7e50 1e61 0013 3057 5341 4d50  ?..[~P.a..0WSAMP
	0x0020:  3ffb 145b 611e 72                        ?..[a.r
17:26:41.666693 IP (tos 0x28, ttl 238, id 58129, offset 0, flags [none], proto UDP (17), length 32)
    181.245.192.67.7997 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e311 0000 ee11 1f04 b5f5 c043  E(.............C
	0x0010:  3ffb 145b 1f3d 1e61 000c 77b0 081e 77da  ?..[.=.a..w...w.
17:26:41.666856 IP (tos 0x28, ttl 167, id 58159, offset 0, flags [none], proto UDP (17), length 39)
    186.208.142.148.42085 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e32f 0000 a711 92b3 bad0 8e94  E(.'./..........
	0x0010:  3ffb 145b a465 1e61 0013 d73f 5341 4d50  ?..[.e.a...?SAMP
	0x0020:  3ffb 145b 611e 72                        ?..[a.r
17:26:41.667089 IP (tos 0x28, ttl 169, id 58161, offset 0, flags [none], proto UDP (17), length 39)
    186.93.183.213.2680 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e331 0000 a911 67e3 ba5d b7d5  E(.'.1....g..]..
	0x0010:  3ffb 145b 0a78 1e61 0013 575f 5341 4d50  ?..[.x.a..W_SAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.667274 IP (tos 0x28, ttl 186, id 58162, offset 0, flags [none], proto UDP (17), length 39)
    181.108.51.199.65481 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e332 0000 ba11 dfe1 b56c 33c7  E(.'.2.......l3.
	0x0010:  3ffb 145b ffc9 1e61 0013 eb0c 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.667610 IP (tos 0x28, ttl 46, id 58164, offset 0, flags [none], proto UDP (17), length 32)
    180.54.98.44.49437 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e334 0000 2e11 3eb8 b436 622c  E(...4....>..6b,
	0x0010:  3ffb 145b c11d 1e61 000c 35a6 081e 77da  ?..[...a..5...w.
17:26:41.667622 IP (tos 0x28, ttl 186, id 58165, offset 0, flags [none], proto UDP (17), length 39)
    181.108.51.199.65481 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e335 0000 ba11 dfde b56c 33c7  E(.'.5.......l3.
	0x0010:  3ffb 145b ffc9 1e61 0013 eb0c 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.667786 IP (tos 0x28, ttl 46, id 58166, offset 0, flags [none], proto UDP (17), length 32)
    180.54.98.44.49437 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e336 0000 2e11 3eb6 b436 622c  E(...6....>..6b,
	0x0010:  3ffb 145b c11d 1e61 000c 35a6 081e 77da  ?..[...a..5...w.
17:26:41.668055 IP (tos 0x28, ttl 172, id 58136, offset 0, flags [none], proto UDP (17), length 39)
    181.130.105.231.40929 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e318 0000 ac11 b7c5 b582 69e7  E(.'..........i.
	0x0010:  3ffb 145b 9fe1 1e61 0013 0ebf 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 69                        ?..[a.i
17:26:41.668104 IP (tos 0x28, ttl 126, id 58167, offset 0, flags [none], proto UDP (17), length 32)
    180.118.217.234.40657 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e337 0000 7e11 76b6 b476 d9ea  E(...7..~.v..v..
	0x0010:  3ffb 145b 9ed1 1e61 000c dff3 081e 77da  ?..[...a......w.
17:26:41.669164 IP (tos 0x28, ttl 48, id 58171, offset 0, flags [none], proto UDP (17), length 39)
    186.93.183.213.2680 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e33b 0000 3011 e0d9 ba5d b7d5  E(.'.;..0....]..
	0x0010:  3ffb 145b 0a78 1e61 0013 485f 5341 4d50  ?..[.x.a..H_SAMP
	0x0020:  3ffb 145b 611e 72                        ?..[a.r
17:26:41.669315 IP (tos 0x28, ttl 89, id 58172, offset 0, flags [none], proto UDP (17), length 39)
    181.108.51.199.65481 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e33c 0000 5911 40d8 b56c 33c7  E(.'.<..Y.@..l3.
	0x0010:  3ffb 145b ffc9 1e61 0013 dc0c 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 72                        ?..[a.r
17:26:41.669606 IP (tos 0x28, ttl 87, id 58174, offset 0, flags [none], proto UDP (17), length 32)
    180.54.98.44.49437 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e33e 0000 5711 15ae b436 622c  E(...>..W....6b,
	0x0010:  3ffb 145b c11d 1e61 000c 35a6 081e 77da  ?..[...a..5...w.
17:26:41.669698 IP (tos 0x28, ttl 89, id 58176, offset 0, flags [none], proto UDP (17), length 39)
    181.108.51.199.65481 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e340 0000 5911 40d4 b56c 33c7  E(.'.@..Y.@..l3.
	0x0010:  3ffb 145b ffc9 1e61 0013 dc0c 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 72                        ?..[a.r
17:26:41.669864 IP (tos 0x28, ttl 87, id 58177, offset 0, flags [none], proto UDP (17), length 32)
    180.54.98.44.49437 > MY_SERVER_IP.7777: UDP, payload 4
	0x0000:  4528 0020 e341 0000 5711 15ab b436 622c  E(...A..W....6b,
	0x0010:  3ffb 145b c11d 1e61 000c 35a6 081e 77da  ?..[...a..5...w.
17:26:41.669870 IP (tos 0x28, ttl 58, id 58163, offset 0, flags [none], proto UDP (17), length 39)
    180.170.106.90.48754 > MY_SERVER_IP.7777: UDP, payload 11
	0x0000:  4528 0027 e333 0000 3a11 2a10 b4aa 6a5a  E(.'.3..:.*...jZ
	0x0010:  3ffb 145b be72 1e61 0013 f692 5341 4d50  ?..[.r.a....SAMP
	0x0020:  3ffb 145b 611e 63                        ?..[a.c
17:26:41.670078 IP (tos 0x28, ttl 169, id 58150, offset 0, flags [none], proto UDP (17), length 43)
    181.130.105.231.40929 > MY_SERVER_IP.7777: UDP, payload 15
	0x0000:  4528 002b e326 0000 a911 bab3 b582 69e7  E(.+.&........i.
	0x0010:  3ffb 145b 9fe1 1e61 0017 b9be 5341 4d50  ?..[...a....SAMP
	0x0020:  3ffb 145b 611e 707e db79 72              ?..[a.p~.yr

100 packets captured
Find
Reply
RDM
Huge Clucker
***
Posts: 234
Threads: 36
Joined: Apr 2014
Reputation: 0
#190

26.08.2017, 22:01
Quote:
Originally Posted by dugi
View Post
There's multiple attack types going on at the same time it seems, query flood is something servers have dealt with for 10 years now. You have to wait it out and inform your players that they can still join your server even though they can't query it.
The attacker sends the cookie request packet also not just query flood !!
Soon it is often not possible for the player to connect to the server!

My mitigation tactic is to block the first package of every query and cookie request from all the clients after the second package I release the connection!


Or to receive the querys [i, r, c] the client must make 2 requisitions of the same!

Query C hex string: 53414d50a772c94a611e63
Query I hex string: 53414d50a772c94a611e69
Query R hex string: 53414d50a772c94a611e72
Cookie connect Packet hex string: 081e77da


Iptables Rules: https://github.com/Edresson/SAMP-Firewall/

Unfortunately it does not work if it is on the same vps / dedicated node! Because the packets will cause slow connection on the VPS / dedicated!

If you have any tips to improve I would be grateful!

If I can not post this here, please let me know!
Find
Reply
Jefff
Banned
Posts: 2,593
Threads: 34
Joined: Dec 2007
#191

26.08.2017, 22:05
Quote:
Originally Posted by dugi
View Post
There's multiple attack types going on at the same time it seems, query flood is something servers have dealt with for 10 years now. You have to wait it out and inform your players that they can still join your server even though they can't query it.
I know there are 2 types but query is worst because server is not in hosted tab and how long i must wait? xd week, month? cmon ;d it should be fixed somehow
Find
Reply
Crystallize
Banned
Posts: 1,498
Threads: 110
Joined: Aug 2013
#192

26.08.2017, 22:07
I'd like to know from a beta tester if Kye is aware of this.
Find
Reply
Ubi
Little Clucker
**
Posts: 33
Threads: 0
Joined: Sep 2011
Reputation: 0
#193

26.08.2017, 23:16
Quote:
Originally Posted by Morpheus1992
View Post
Why does other Multiplayers dont have such a Problem?
It's not like that. Read about a2s_info attack or similar. The "cookie" attack is currently not affecting server at all when logging is disabled. If you have any problems with CONNECTING (not query), then it's probably your iptables fault or just kernel conntrack table full. The main problem is with query packets.. Responding to these packets is limited internally to not perform self-ddos. The attackers are just hitting the limit and that's why legit players are unable to query server. There should be possibility to change the limit or just disable it for "i" packets.

Pseudocode for those saying there's no internal limit:

Code:
if ( dword_515D28 != a1 )
  {
    if ( sub_48DBD0((int)dword_4F5FB8) - dword_515D24 < 25 )
      return 1;
Find
Reply
niCe
Huge Clucker
****
Posts: 391
Threads: 46
Joined: Mar 2008
Reputation: 0
#194

27.08.2017, 06:31
So basically the only proper solution for this query flood is a server patch, which enables to adjust the query limit, right?
Find
Reply
Sew_Sumi
Banned
Posts: 6,242
Threads: 8
Joined: Jun 2008
#195

27.08.2017, 06:55
Quote:
Originally Posted by niCe
View Post
So basically the only proper solution for this query flood is a server patch, which enables to adjust the query limit, right?
Don't tell them that, we've only just stemmed the flow of cries for an update without throwing this to them to have an aneurysm about...
Find
Reply
Paulice
Huge Clucker
****
Posts: 435
Threads: 2
Joined: Jul 2017
Reputation: 0
#196

27.08.2017, 08:27
This can only be stopped with a firewall (despite a client update) as blocking all IP addresses with BlockIpAddress stops incoming connections but still affects the server. The amount of data being constantly sent itself is the issue.
Find
Reply
Ghazal
Gangsta
****
Posts: 523
Threads: 32
Joined: Oct 2013
Reputation: 0
#197

27.08.2017, 08:29
I can see servers with port different than 7777 are working fine on hosted tab, How is that logical?
Find
Reply
Jayse
Big Clucker
***
Posts: 76
Threads: 1
Joined: Sep 2016
Reputation: 0
#198

27.08.2017, 08:33
I just saw a post where people block an entire /8, please don't. This is blocking roughly 16777216 IPv4 addresses, a /24 would be more than enough, which would just block 255 IPs.
Find
Reply
Shaheen
Huge Clucker
***
Posts: 223
Threads: 45
Joined: Feb 2016
Reputation: 0
#199

27.08.2017, 08:58
Quote:
Originally Posted by Ghazal
View Post
I can see servers with port different than 7777 are working fine on hosted tab, How is that logical?
so what about me then ??
Find
Reply
PrettyDiamond
Big Clucker
***
Posts: 53
Threads: 4
Joined: Jun 2015
Reputation: 0
#200

27.08.2017, 14:53
I have moved the server to many other PORTS in my root server, this doesnt matter, because the ip its targeted.
I am busy the last days with fail2ban + Suricata, and believe me ppl, im working hard to find a way out, i dont go sleep or eat anymore.

So my appeal to the ppl beyond of this...stop it in name of any what is important for you, please!

I am really sad because someone just comes and takes me and my friends our fun! For no reason? I suggest the attackers please attack the whole 400 servers MASTERLIST not only the Hosted Tabed servers, maybe everyone here in Team move their ass in our direction and help us out of this! So sad...so sad...really sad...im really really sad...really!!!
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 2 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Server
  3. Server Support