SA-MP 0.3.7 issue
#1

Sadly today I noticed a new kind of 'exploit' in the new SA-MP version.
After this MASSIVE flood:
[14:58:29] [connection] 167.216.77.249:2847 requests connection cookie.
[14:58:29] [connection] 122.62.65.173:2926 requests connection cookie.
[14:58:29] [connection] 16.169.107.62:2929 requests connection cookie.
[14:58:29] [connection] 77.77.76.199:2860 requests connection cookie.
[14:58:29] [connection] 77.231.183.159:2897 requests connection cookie.
[14:58:29] [connection] 183.24.69.141:2928 requests connection cookie.
[14:58:29] [connection] 75.135.202.167:2851 requests connection cookie.
[14:58:29] [connection] 219.152.247.90:2892 requests connection cookie.
[14:58:29] [connection] 155.41.123.136:2922 requests connection cookie.
[14:58:29] [connection] 206.142.141.22:2881 requests connection cookie.
[14:58:29] [connection] 202.123.130.17:2946 requests connection cookie.
[14:58:29] [connection] 71.253.129.227:2913 requests connection cookie.
[14:58:29] [connection] 37.235.178.107:2941 requests connection cookie.
[14:58:29] [connection] 14.71.189.206:2887 requests connection cookie.
[14:58:29] [connection] 16.83.16.70:2912 requests connection cookie.
[14:58:29] [connection] 200.65.5.230:2898 requests connection cookie.
[14:58:29] [connection] 118.212.50.77:2955 requests connection cookie.
[14:58:29] [connection] 70.167.180.227:2918 requests connection cookie.
[14:58:29] [connection] 183.202.115.223:2920 requests connection cookie.
[14:58:29] [connection] 123.9.75.185:2914 requests connection cookie.
[14:58:29] [connection] 77.85.77.242:2908 requests connection cookie.
[14:58:29] [connection] 136.199.183.41:3051 requests connection cookie.
[14:58:29] [connection] 35.183.54.123:2942 requests connection cookie.
[14:58:29] [connection] 81.152.107.45:2997 requests connection cookie.
[14:58:29] [connection] 50.90.16.83:2961 requests connection cookie.
[14:58:29] [connection] 99.227.118.32:2935 requests connection cookie.
[14:58:29] [connection] 119.77.201.135:2956 requests connection cookie.
[14:58:29] [connection] 180.227.229.142:3046 requests connection cookie.
[14:58:29] [connection] 202.236.183.3:2960 requests connection cookie.
[14:58:29] [connection] 96.182.159.199:2943 requests connection cookie.
[14:58:29] [connection] 134.227.212.107:3037 requests connection cookie.
[14:58:29] [connection] 75.90.47.183:2855 requests connection cookie.
[14:58:29] [connection] 65.110.87.16:2853 requests connection cookie.
[14:58:29] [connection] 223.145.61.73:3064 requests connection cookie.
[14:58:29] [connection] 223.228.50.5:3015 requests connection cookie.
[14:58:29] [connection] 85.43.167.121:3031 requests connection cookie.
[14:58:29] [connection] 193.233.5.254:2870 requests connection cookie.
[14:58:29] [connection] 75.29.178.180:2998 requests connection cookie.
[14:58:29] [connection] 209.53.110.101:2865 requests connection cookie.
[14:58:29] [connection] 194.38.190.173:3009 requests connection cookie.
[14:58:29] [connection] 109.230.199.102:2994 requests connection cookie.
[14:58:29] [connection] 77.243.62.229:3057 requests connection cookie.
[14:58:29] [connection] 70.182.200.50:2882 requests connection cookie.
[14:58:29] [connection] 173.252.177.233:3084 requests connection cookie.
[14:58:29] [connection] 71.229.142.109:2852 requests connection cookie.
[14:58:29] [connection] 53.85.25.71:2896 requests connection cookie.
[14:58:29] [connection] 212.43.192.171:3032 requests connection cookie.
[14:58:29] [connection] 126.140.43.155:3099 requests connection cookie.
[14:58:29] [connection] 155.81.239.233:3028 requests connection cookie.
[14:58:29] [connection] 200.84.28.237:3036 requests connection cookie.
[14:58:29] [connection] 126.27.61.254:3039 requests connection cookie.
[14:58:29] [connection] 145.2.183.134:3164 requests connection cookie.
[14:58:29] [connection] 80.252.167.235:3137 requests connection cookie.
[14:58:29] [connection] 192.182.5.71:2910 requests connection cookie.
[14:58:29] [connection] 53.236.239.96:2903 requests connection cookie.
[14:58:29] [connection] 165.62.165.180:3097 requests connection cookie.
[14:58:29] [connection] 75.37.97.223:3063 requests connection cookie.
[14:58:29] [connection] 32.229.252.28:3139 requests connection cookie.
[14:58:29] [connection] 24.3.242.235:3044 requests connection cookie.
[14:58:29] [connection] 190.118.212.103:2925 requests connection cookie.
[14:58:29] [connection] 27.229.247.192:3067 requests connection cookie.
[14:58:29] [connection] 171.217.108.182:3151 requests connection cookie.
[14:58:29] [connection] 76.119.130.230:3088 requests connection cookie.
[14:58:29] [connection] 70.238.118.240:3079 requests connection cookie.
[14:58:29] [connection] 142.219.142.127:2948 requests connection cookie.
[14:58:29] [connection] 50.120.5.202:2931 requests connection cookie.
[14:58:29] [connection] 129.171.85.50:3142 requests connection cookie.
[14:58:29] [connection] 84.120.101.74:3104 requests connection cookie.
[14:58:29] [connection] 85.62.96.242:2958 requests connection cookie.
[14:58:29] [connection] 155.24.45.29:3073 requests connection cookie.
[14:58:29] [connection] 50.155.62.251:2971 requests connection cookie.
[14:58:29] [connection] 92.194.61.171:3175 requests connection cookie.
[14:58:29] [connection] 32.108.2.45:3091 requests connection cookie.
[14:58:29] [connection] 85.87.25.229:3095 requests connection cookie.
[14:58:29] [connection] 15.177.180.25:2924 requests connection cookie.
[14:58:29] [connection] 118.200.239.252:3108 requests connection cookie.
[14:58:29] [connection] 158.227.183.141:2938 requests connection cookie.
[14:58:29] [connection] 5.131.237.71:3128 requests connection cookie.
[14:58:29] [connection] 84.202.15.54:3177 requests connection cookie.
[14:58:29] [connection] 101.14.74.229:3179 requests connection cookie.
[14:58:29] [connection] 183.215.108.41:2972 requests connection cookie.
[14:58:29] [connection] 197.229.109.119:3112 requests connection cookie.
[14:58:29] [connection] 75.247.234.21:2954 requests connection cookie.
[14:58:29] [connection] 85.233.100.29:2959 requests connection cookie.
[14:58:29] [connection] 85.5.17.164:3204 requests connection cookie.
[14:58:29] [connection] 84.11.230.145:3162 requests connection cookie.
[14:58:29] [connection] 71.248.197.41:3003 requests connection cookie.
[14:58:29] [connection] 209.41.56.254:3163 requests connection cookie.
[14:58:29] [connection] 169.155.159.21:3181 requests connection cookie.
[14:58:29] [connection] 124.234.141.118:3195 requests connection cookie.
[14:58:29] [connection] 197.85.54.238:2975 requests connection cookie.
[14:58:29] [connection] 136.186.83.41:3014 requests connection cookie.
[14:58:29] [connection] 15.62.219.235:2979 requests connection cookie.
[14:58:29] [connection] 123.74.25.16:3140 requests connection cookie.
[14:58:29] [connection] 219.5.197.21:2993 requests connection cookie.
[14:58:29] [connection] 165.144.56.101:3035 requests connection cookie.
[14:58:29] [connection] 124.228.124.38:3247 requests connection cookie.
[14:58:29] [connection] 88.171.45.130:2978 requests connection cookie.
[14:58:29] [connection] 90.192.50.118:3168 requests connection cookie.
[14:58:29] [connection] 165.180.158.109:3024 requests connection cookie.
[14:58:29] [connection] 182.15.108.144:3154 requests connection cookie.
[14:58:29] [connection] 92.108.230.43:3230 requests connection cookie.
[14:58:29] [connection] 217.239.167.27:3052 requests connection cookie.
[14:58:29] [connection] 85.236.36.140:3058 requests connection cookie.
[14:58:29] [connection] 107.25.200.229:3004 requests connection cookie.
[14:58:29] [connection] 125.134.247.155:3212 requests connection cookie.
[14:58:29] [connection] 87.238.209.195:3017 requests connection cookie.
[14:58:29] [connection] 68.105.27.43:3027 requests connection cookie.
[14:58:29] [connection] 167.192.177.74:3218 requests connection cookie.
[14:58:29] [connection] 85.88.182.90:3094 requests connection cookie.
[14:58:29] [connection] 5.164.22.224:3282 requests connection cookie.
[14:58:29] [connection] 199.100.16.197:3284 requests connection cookie.
[14:58:29] [connection] 122.108.253.239:3055 requests connection cookie.
[14:58:29] [connection] 96.85.253.102:3262 requests connection cookie.
[14:58:29] [connection] 180.231.102.118:3296 requests connection cookie.
[14:58:29] [connection] 155.41.238.115:3042 requests connection cookie.
[14:58:29] [connection] 85.107.90.83:3209 requests connection cookie.
[14:58:29] [connection] 84.206.54.239:3066 requests connection cookie.
[14:58:29] [connection] 61.20.193.178:3246 requests connection cookie.
[14:58:29] [connection] 65.247.17.135:3250 requests connection cookie.
[14:58:29] [connection] 73.17.159.183:3071 requests connection cookie.
[14:58:29] [connection] 216.182.216.165:2874 requests connection cookie.
[14:58:29] [connection] 40.230.185.194:3277 requests connection cookie.
[14:58:29] [connection] 17.103.71.208:3109 requests connection cookie.
[14:58:29] [connection] 129.252.223.29:3237 requests connection cookie.
[14:58:29] [connection] 14.192.70.35:3117 requests connection cookie.
[14:58:29] [connection] 209.5.14.61:3305 requests connection cookie.
[14:58:29] [connection] 208.108.21.16:3239 requests connection cookie.
[14:58:29] [connection] 141.27.52.142:3234 requests connection cookie.
[14:58:29] [connection] 163.43.164.155:3266 requests connection cookie.
[14:58:29] [connection] 85.141.29.56:3258 requests connection cookie.
[14:58:29] [connection] 197.61.97.88:3263 requests connection cookie.
[14:58:29] [connection] 36.164.136.254:3279 requests connection cookie.
[14:58:29] [connection] 54.92.173.126:3092 requests connection cookie.
[14:58:29] [connection] 155.233.158.237:3293 requests connection cookie.
[14:58:29] [connection] 37.21.84.228:3100 requests connection cookie.
[14:58:29] [connection] 73.239.198.27:3115 requests connection cookie.
[14:58:29] [connection] 195.167.235.248:3149 requests connection cookie.
[14:58:29] [connection] 15.185.75.252:3110 requests connection cookie.
[14:58:29] [connection] 90.180.14.167:3286 requests connection cookie.
[14:58:29] [connection] 75.144.252.131:3123 requests connection cookie.
[14:58:29] [connection] 24.50.169.50:3396 requests connection cookie.
[14:58:29] [connection] 65.70.25.28:3171 requests connection cookie.
[14:58:29] [connection] 90.248.252.115:3132 requests connection cookie.
[14:58:29] [connection] 186.229.25.25:3166 requests connection cookie.
[14:58:29] [connection] 77.248.123.54:3121 requests connection cookie.
[14:58:29] [connection] 50.27.199.85:3314 requests connection cookie.
[14:58:29] [connection] 183.182.230.235:2967 requests connection cookie.
[14:58:29] [connection] 54.200.72.173:3134 requests connection cookie.
[14:58:29] [connection] 96.100.124.16:2947 requests connection cookie.
[14:58:29] [connection] 96.5.223.167:3334 requests connection cookie.
[14:58:29] [connection] 85.36.61.201:3394 requests connection cookie.
[14:58:29] [connection] 180.45.102.131:3408 requests connection cookie.
[14:58:29] [connection] 186.198.54.252:3141 requests connection cookie.
[14:58:29] [connection] 167.216.233.34:3146 requests connection cookie.
[14:58:29] [connection] 87.54.230.239:3395 requests connection cookie.
[14:58:29] [connection] 81.83.50.199:3206 requests connection cookie.
[14:58:29] [connection] 190.75.183.248:2953 requests connection cookie.
[14:58:29] [connection] 193.173.5.70:3367 requests connection cookie.
[14:58:29] [connection] 101.50.95.185:3207 requests connection cookie.
[14:58:29] [connection] 185.14.180.71:3354 requests connection cookie.
[14:58:29] [connection] 190.144.31.16:3182 requests connection cookie.
[14:58:29] [connection] 14.124.212.199:3421 requests connection cookie.
[14:58:29] [connection] 167.115.230.122:3221 requests connection cookie.
[14:58:29] [connection] 178.159.38.70:3203 requests connection cookie.
[14:58:29] [connection] 141.69.180.186:3375 requests connection cookie.
[14:58:29] [connection] 80.124.233.185:3410 requests connection cookie.
[14:58:29] [connection] 72.25.194.194:3242 requests connection cookie.
[14:58:29] [connection] 219.199.87.20:3226 requests connection cookie.
[14:58:29] [connection] 200.129.141.228:3445 requests connection cookie.
[14:58:29] [connection] 65.101.195.194:3502 requests connection cookie.
[14:58:29] [connection] 71.62.199.90:3479 requests connection cookie.
[14:58:29] [connection] 197.40.130.182:3407 requests connection cookie.
[14:58:29] [connection] 69.9.185.200:3473 requests connection cookie.
[14:58:29] [connection] 178.16.177.16:3372 requests connection cookie.
[14:58:29] [connection] 96.37.14.189:3405 requests connection cookie.
[14:58:29] [connection] 141.206.45.169:3214 requests connection cookie.
[14:58:29] [connection] 186.223.15.230:3468 requests connection cookie.
[14:58:29] [connection] 194.121.118.164:3416 requests connection cookie.
[14:58:29] [connection] 201.77.130.36:3495 requests connection cookie.
[14:58:29] [connection] 122.84.252.231:3270 requests connection cookie.
[14:58:29] [connection] 84.101.5.77:3433 requests connection cookie.
[14:58:29] [connection] 32.144.36.144:3432 requests connection cookie.
[14:58:29] [connection] 182.70.190.206:3381 requests connection cookie.
[14:58:29] [connection] 134.9.192.80:3235 requests connection cookie.
[14:58:29] [connection] 61.170.173.173:3273 requests connection cookie.
[14:58:29] [connection] 212.243.73.155:3261 requests connection cookie.
[14:58:29] [connection] 71.144.180.96:3278 requests connection cookie.
[14:58:29] [connection] 96.41.62.252:3257 requests connection cookie.
[14:58:29] [connection] 173.72.71.109:3510 requests connection cookie.
[14:58:29] [connection] 72.230.127.31:3400 requests connection cookie.
[14:58:29] [connection] 16.252.183.100:3276 requests connection cookie.
[14:58:29] [connection] 118.52.62.62:3300 requests connection cookie.
[14:58:29] [connection] 61.121.77.202:3508 requests connection cookie.
[14:58:29] [connection] 200.101.179.217:3437 requests connection cookie.
[14:58:29] [connection] 185.29.216.38:3310 requests connection cookie.
[14:58:29] [connection] 36.32.251.2:3506 requests connection cookie.
[14:58:29] [connection] 69.123.101.231:3304 requests connection cookie.
[14:58:29] [connection] 131.136.216.155:3443 requests connection cookie.
[14:58:29] [connection] 80.251.194.209:3527 requests connection cookie.
[14:58:29] [connection] 200.236.90.9:3458 requests connection cookie.
[14:58:29] [connection] 155.155.140.88:3318 requests connection cookie.
[14:58:29] [connection] 5.201.240.68:3309 requests connection cookie.
[14:58:29] [connection] 109.24.155.56:3343 requests connection cookie.
[14:58:29] [connection] 152.186.134.54:3087 requests connection cookie.
[14:58:29] [connection] 140.131.164.155:3254 requests connection cookie.
[14:58:29] [connection] 95.90.224.115:3093 requests connection cookie.
[14:58:29] [connection] 70.31.68.163:3450 requests connection cookie.
[14:58:29] [connection] 158.173.180.37:3486 requests connection cookie.
[14:58:29] [connection] 54.186.185.102:3561 requests connection cookie.
[14:58:29] [connection] 62.236.73.173:3059 requests connection cookie.
[14:58:29] [connection] 171.85.40.243:3311 requests connection cookie.
[14:58:29] [connection] 203.183.38.201:3491 requests connection cookie.
[14:58:29] [connection] 69.62.227.25:3577 requests connection cookie.
[14:58:29] [connection] 200.130.17.185:3566 requests connection cookie.


About 2 millions of lines, it is too massive, the server then come offline for 1 minute.
If this is not related with a SAMP exploit then: I'll pay for anyone that setup me a good firewall rules (iptables) or something similar. Or if you have a good trick to avoid this I'll pay you (going to?)(PayPal - USD)
Kind regards
Reply
#2

this is a flood to your server. Now what could be a possible exploit is the IPs could be spoofed, which was a common problem at the end of 0.3z and Gamer_Z has claimed that the exploit was not fixed.
Reply
#3

If your game server is hosted on your own VPS/Dedicated server i can solve this problem for you (Linux only). (Go private)

If your game server is hosted on a shared game hosting plan, contact your hosting provider.
Reply
#4

to anyone helping him: limit incoming connection to a few seconds, if persistent drop the incoming connection
Reply
#5

few usd're charging?
Reply
#6

Quote:

at the end of 0.3z and Gamer_Z has claimed that the exploit was not fixed.

The fix implemented by Kalcor is working in this example. It succesfully prevented arbitary connection from holding RakNet's resources. What happens now is because every time someone requests handshake from your server, it prints that information to log, and printing that to log is what takes fair amount of CPU time, not responding to handshake. The information in log was probably left as a simplistic solution to a bigger problem where someone could use your server as proxy to flood random targets with random data (although there is no case of amplified attack it is still neat way to hide your real source of attak). The easiest way to fix it for now would be creating plugin with a hook connected directly to function in server that handles cookie exchange and end it before it goes to file operation - you'll lose ability to tell if someone is flooding your server but at the same time attacker will need a way more resources to waste the same amount of CPU time as it would be the case with logging that data, and amount of resources required to do that would propably be too large to actually care about implementing such attack (this needs checking - i'm not sure how efficient is current implementation). Bear in mind that this will propably get fixed in 0.3.7 R2 which is just around the corner. If you, however need immediate fix, please contact me on PM and i'll try to arrange something.
Reply
#7

This might sound silly but did you try minconnectiontime in your server.cfg ?
Reply
#8

Quote:
Originally Posted by XxBaDxBoYxX
Посмотреть сообщение
This might sound silly but did you try minconnectiontime in your server.cfg ?
That is for a single IP.
Reply
#9

Quote:
Originally Posted by eider
Посмотреть сообщение
The fix implemented by Kalcor is working in this example. It succesfully prevented arbitary connection from holding RakNet's resources. What happens now is because every time someone requests handshake from your server, it prints that information to log, and printing that to log is what takes fair amount of CPU time, not responding to handshake. The information in log was probably left as a simplistic solution to a bigger problem where someone could use your server as proxy to flood random targets with random data (although there is no case of amplified attack it is still neat way to hide your real source of attak). The easiest way to fix it for now would be creating plugin with a hook connected directly to function in server that handles cookie exchange and end it before it goes to file operation - you'll lose ability to tell if someone is flooding your server but at the same time attacker will need a way more resources to waste the same amount of CPU time as it would be the case with logging that data, and amount of resources required to do that would propably be too large to actually care about implementing such attack (this needs checking - i'm not sure how efficient is current implementation). Bear in mind that this will propably get fixed in 0.3.7 R2 which is just around the corner. If you, however need immediate fix, please contact me on PM and i'll try to arrange something.
Couldn't you temporarily save log to RAM, and then write it to file log only once per second or something? A few thousand lines would probably not take noticable amount of memory.
Reply
#10

i get it too
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)