26.08.2017, 01:59
(
Последний раз редактировалось RDM; 03.09.2017 в 16:18.
)
Hello friends as promised I'm here!
Protection for the new type of attack described: http://forum.sa-mp.com/showthread.ph...=1#post3919175
The sa:mp authentication system is very simple!
In less than 1 minute any hacker will clone these packages! The hosting companies limited the ability to connect by ip! Now this does not solve the attack is spoofed the attacker uses the ip he wants!
I recommend that kalcor launch an update with an effective authentication system!
I am willing to test the authentication system if there is update!
I was able to Minimize the situation,
The attacker sends only 1 packet of each query [i, r, c]
And 1 cookie request packet!
How about blocking the first bundle of all players with dates [i, r, c and cookie date]?
: This really works without interfering with the rejecting connection to the first packets for all clients!
[EDIT]: the attacker changed his attack script! some improvements had to be made!
when an ip tries to send the packets for 1 second its packets will be blocked, blocking all the first packets of the queries and cookie,
except for query i, in the case of query i I only accept the first package in the interval of 1 second,
this in theory blocks 90% of malicious packages,
after sending the first packets the client ip will be released and no longer blocked by the firewall!
a spoofed attack is not impossible to block!
all attacks are anomalies, although the packets are the same as the client samp.
Unfortunately it is not possible to see the effects of the firewall on the same server node!
ie the firewall must be placed a node earlier than the samp server is.
Example: I own a dedicated, add iptables rules in this dedicated, and create a vps and host my samp server!
in this way it will be possible to see that 90% of the attack is not redirected to the vps server, that is, blocked by iptables!
update your Firewall script!
[EDIT]: samp update
UBI has developed a plugin that removes query limits.
can be of great help! use link:http://ubi.livs.pl/samp/samp_prot_ver2.zip
Iptables Firewall Script: https://github.com/Edresson/SAMP-Firewall
[UPDATE ]: problem solved ! The firewall only worked for a specific ip,
Now the firewall works for all servers that use port 7777
Thanks to JernejL Beta Tester for reporting the problem!
Download the Firewall.sh file
Run in linux using: sh Firewall.sh
Sorry about my terrible English .
Original topic: http://forum.sa-mp.com/showthread.ph...37#post3919237
Cordially BlastHoting, http://www.blasthosting.com.br/
Protection for the new type of attack described: http://forum.sa-mp.com/showthread.ph...=1#post3919175
The sa:mp authentication system is very simple!
In less than 1 minute any hacker will clone these packages! The hosting companies limited the ability to connect by ip! Now this does not solve the attack is spoofed the attacker uses the ip he wants!
I recommend that kalcor launch an update with an effective authentication system!
I am willing to test the authentication system if there is update!
I was able to Minimize the situation,
The attacker sends only 1 packet of each query [i, r, c]
And 1 cookie request packet!
How about blocking the first bundle of all players with dates [i, r, c and cookie date]?
: This really works without interfering with the rejecting connection to the first packets for all clients!
[EDIT]: the attacker changed his attack script! some improvements had to be made!
when an ip tries to send the packets for 1 second its packets will be blocked, blocking all the first packets of the queries and cookie,
except for query i, in the case of query i I only accept the first package in the interval of 1 second,
this in theory blocks 90% of malicious packages,
after sending the first packets the client ip will be released and no longer blocked by the firewall!
a spoofed attack is not impossible to block!
all attacks are anomalies, although the packets are the same as the client samp.
Unfortunately it is not possible to see the effects of the firewall on the same server node!
ie the firewall must be placed a node earlier than the samp server is.
Example: I own a dedicated, add iptables rules in this dedicated, and create a vps and host my samp server!
in this way it will be possible to see that 90% of the attack is not redirected to the vps server, that is, blocked by iptables!
update your Firewall script!
[EDIT]: samp update
Quote:
|
Originally Posted by Kalcor
 I've been working on a temporary fix. Anything better than this would require a client/server update, which would take a lot longer to get out to players. I want to be clear again that nothing added to the SA-MP server code can stop network attacks. There's a point where your host will fold from too many packets, no matter whether you're running a SA-MP server, an IRC server, a MUD, linx, a usenet mirror, color terminal, bitchx etc.
Feedback is requested. Update 0.3.7 R2-2 (testing): - Changes the query flood control to deal with different query types independently. - Connection cookie logging is disabled by default. Downloads (testing): SA-MP 0.3.7 R2-2 Linux Server: http://files.sa-mp.com/samp037svr_R2-2.tar.gz SA-MP 0.3.7 R2-2 Windows Server: http://files.sa-mp.com/samp037_svr_R2-2_win32.zip |
can be of great help! use link:http://ubi.livs.pl/samp/samp_prot_ver2.zip
Iptables Firewall Script: https://github.com/Edresson/SAMP-Firewall
[UPDATE ]: problem solved ! The firewall only worked for a specific ip,
Now the firewall works for all servers that use port 7777
Thanks to JernejL Beta Tester for reporting the problem!
Download the Firewall.sh file
Run in linux using: sh Firewall.sh
Sorry about my terrible English .
Original topic: http://forum.sa-mp.com/showthread.ph...37#post3919237
Cordially BlastHoting, http://www.blasthosting.com.br/
!