Connection flood

So is there any difference in the bad packets from legitimate traffic? Because if there is filtering packets at a firewall level could work. But if not, is there away we can fix this and ad some sort of checksum?
Reply

good
Reply

with new version my npc's dont connect (linux)
Reply

Quote:
Originally Posted by iLearner
Посмотреть сообщение
with new version my npc's dont connect (linux)
Isn't FCNPC a memory hacking plugin?
Reply

Quote:
Originally Posted by wallee
Посмотреть сообщение
Isn't FCNPC a memory hacking plugin?
oh damn! yes!

Ziggi please!
Reply

Still getting cookie mass requests, and eventually the server crashing, but process still running, if this is related to the issue people are having?

Can't quite tell if the update even worked, as the server log just says R2 loaded instead of R2-2
Reply

Quote:
Originally Posted by Redirect Left
Посмотреть сообщение
Still getting cookie mass requests, and eventually the server crashing, but process still running, if this is related to the issue people are having?

Can't quite tell if the update even worked, as the server log just says R2 loaded instead of R2-2
This functioning perfectly, verify that you have updated the files correctly.
Reply

Quote:
Originally Posted by Redirect Left
Посмотреть сообщение
Still getting cookie mass requests, and eventually the server crashing, but process still running, if this is related to the issue people are having?

Can't quite tell if the update even worked, as the server log just says R2 loaded instead of R2-2
It only fixes the server querying, it does not prevent their requests.
Reply

Quote:
Originally Posted by Kalcor
Посмотреть сообщение
I've been working on a temporary fix. Anything better than this would require a client/server update, which would take a lot longer to get out to players. I want to be clear again that nothing added to the SA-MP server code can stop network attacks. There's a point where your host will fold from too many packets, no matter whether you're running a SA-MP server, an IRC server, a MUD, linx, a usenet mirror, color terminal, bitchx etc.

Feedback is requested.

Update 0.3.7 R2-2 (testing):

- Changes the query flood control to deal with different query types independently.
- Connection cookie logging is disabled by default.

Downloads (testing):

SA-MP 0.3.7 R2-2 Linux Server: http://files.sa-mp.com/samp037svr_R2-2.tar.gz
SA-MP 0.3.7 R2-2 Windows Server: http://files.sa-mp.com/samp037_svr_R2-2_win32.zip
When I run server on this version, in client rules are invisible (linux).
Reply

Quote:
Originally Posted by Kalcor
Посмотреть сообщение
I've been working on a temporary fix. Anything better than this would require a client/server update, which would take a lot longer to get out to players. I want to be clear again that nothing added to the SA-MP server code can stop network attacks. There's a point where your host will fold from too many packets, no matter whether you're running a SA-MP server, an IRC server, a MUD, linx, a usenet mirror, color terminal, bitchx etc.

Feedback is requested.

Update 0.3.7 R2-2 (testing):

- Changes the query flood control to deal with different query types independently.
- Connection cookie logging is disabled by default.

Downloads (testing):

SA-MP 0.3.7 R2-2 Linux Server: http://files.sa-mp.com/samp037svr_R2-2.tar.gz
SA-MP 0.3.7 R2-2 Windows Server: http://files.sa-mp.com/samp037_svr_R2-2_win32.zip
Tested, Didn't work |
Reply

Ну наконец-то. Помолимся за новую версию SA-MP. Аминь.
Reply

Quote:
Originally Posted by adrianlouise
Посмотреть сообщение
Tested, Didn't work |
Yes it's working! If your network does not support the attack!
Hire a vps with a better link, I'm with 1gbps and I have no problems with the attack!
Reply

Quote:
Originally Posted by adrianlouise
Посмотреть сообщение
Tested, Didn't work |
You should provide some more information.
Reply

Quote:
Originally Posted by Chaprnks
Посмотреть сообщение
Thank you! I had over 200gb's of server_log.txt from those floods. I'm interested in weather they're actual IP's (like a MASSIVE botnet), or a crafty spoofed IP's.. cause the floods never used a same IP twice (not even after 100,000 IP's).
In the previous version it was enough to add in your server.cfg the following lines:

conncookies 1
cookielogging 0


This will cause the server to not save the cookie connection logs



The attacks are totally spoofed! They will never repeat the same ip!
Reply

Quote:
Originally Posted by Kalcor
Посмотреть сообщение
I've been working on a temporary fix. Anything better than this would require a client/server update, which would take a lot longer to get out to players. I want to be clear again that nothing added to the SA-MP server code can stop network attacks. There's a point where your host will fold from too many packets, no matter whether you're running a SA-MP server, an IRC server, a MUD, linx, a usenet mirror, color terminal, bitchx etc.

Feedback is requested.

Update 0.3.7 R2-2 (testing):

- Changes the query flood control to deal with different query types independently.
- Connection cookie logging is disabled by default.

Downloads (testing):

SA-MP 0.3.7 R2-2 Linux Server: http://files.sa-mp.com/samp037svr_R2-2.tar.gz
SA-MP 0.3.7 R2-2 Windows Server: http://files.sa-mp.com/samp037_svr_R2-2_win32.zip
Works for us.
Reply

Quote:
Originally Posted by RDM
Посмотреть сообщение
Add the following lines to your server.cfg:

Conncookies 1
Cookielogging 0


This will cause the server to not save the cookie connection logs
It was disabled by default in latest version.

Works great so far.
Reply

Kalcor coming thru with the goodies, even though i've known about this flood for like 5+ months and it was only selectively used to attack servers for the longest time
Reply

Seems to be working great so far. Good work!
Reply

It works fine with my servers. Thank you for releasing this patch!
Reply

Quote:
Originally Posted by Ghazal
Посмотреть сообщение
It only fixes the server querying, it does not prevent their requests.
so then what does this fix? Because it doesn't stop the server from crashing to the point where you can't connect, even though the process is still running, and the server's network traffic is fine, it can be accessed as normal, so it isn't the server running out of bandwidth.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)