1. SA-MP Forums Archive
  2. SA-MP Server
  3. Server Support

Threaded Mode
UDP OUT FLOOD from server side
filth80
Little Clucker
**
Posts: 3
Threads: 1
Joined: Sep 2013
Reputation: 0
#1

27.09.2013, 04:50
Hello,

We have a problem with some SAMP servers - they are sending UDP FLOOD. Here is the output from firewall:

Time: Fri Sep 27 07:06:45 2013 +0300
UID: 32047 (username)
Hits: 11

Sample of port hits:
Sep 27 07:05:15 server1 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=94.176.***.* DST=86.125.163.* LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=7777 DPT=1666 LEN=70 UID=32047 GID=32048
Sep 27 07:05:17 server1 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=94.176.***.* DST=86.125.163.* LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=7777 DPT=1666 LEN=70 UID=32047 GID=32048
Sep 27 07:05:23 server1 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=94.176.***.* DST=177.35.241.* LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=7777 DPT=59672 LEN=70 UID=32047 GID=32048


Sep 27 06:52:15 server1 lfd[6952]: *UID Tracking* 11 blocks for UID 32047 (username)
Sep 27 06:54:15 server1 lfd[7221]: *UID Tracking* 11 blocks for UID 32047 (username)
Sep 27 06:57:15 server1 lfd[7667]: *UID Tracking* 11 blocks for UID 32047 (username)
Sep 27 06:58:55 server1 lfd[7879]: *UID Tracking* 11 blocks for UID 32047 (username)


We are encountering this problem from several servers, different GM's.
Is there any way to discover the malicious code in the files?

Thank you.
Find
Reply
chencong
Little Clucker
**
Posts: 22
Threads: 10
Joined: Aug 2012
Reputation: 0
#2

27.09.2013, 12:02
what firework name of that, i am very interesting of that.
Find
Reply
linuxthefish
High-roller
*****
Posts: 2,857
Threads: 62
Joined: Dec 2010
Reputation: 0
#3

27.09.2013, 12:08
Could be normal if it's your server, csf isn't very well suited for game servers....

Quote:
Originally Posted by chencong
Посмотреть сообщение
what firework name of that, i am very interesting of that.
http://www.configserver.com/cp/csf.html
Find
Reply
filth80
Little Clucker
**
Posts: 3
Threads: 1
Joined: Sep 2013
Reputation: 0
#4

27.09.2013, 16:21
Quote:
Originally Posted by chencong
Посмотреть сообщение
what firework name of that, i am very interesting of that.
It's not CSF fault. If it was CSF, this would happen with every samp server on our server. We use CSF for gameservers since 2009 without any problem.
Find
Reply
Aldo.
Huge Clucker
****
Posts: 404
Threads: 7
Joined: Jan 2011
Reputation: 0
#5

28.09.2013, 09:35
Quote:
Originally Posted by filth80
Посмотреть сообщение
It's not CSF fault. If it was CSF, this would happen with every samp server on our server. We use CSF for gameservers since 2009 without any problem.
Have you tired it with the firewall disabled?
Find
Reply
filth80
Little Clucker
**
Posts: 3
Threads: 1
Joined: Sep 2013
Reputation: 0
#6

28.09.2013, 18:29
If I disable the firewall, I won't see the UDP OUT )

The thing is I wanna know what is the cause. CSF does it's job, it blocks UDP OUT generated by this script/code.If I disable CSF it won't block UDP OUT anymore, a thing that I don't want to happen.
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Server
  3. Server Support