Author Topic: Flooding attack  (Read 7624 times)

0 Members and 1 Guest are viewing this topic.

Offline Szaman

  • Soldier
  • **
  • Posts: 145
Re: Flooding attack
« Reply #20 on: April 07, 2014, 04:34:00 am »
@Bonecrusher - but we are now talking about people who hosts Soldat Servers by themselves. What shoud they do?

Offline Bonecrusher

  • Global Moderator
  • Veteran
  • *****
  • Posts: 1397
  • High above
    • Zabijaka.pl
Re: Flooding attack
« Reply #21 on: April 07, 2014, 05:03:16 am »
I suppose there is a firewall in almost every modern router, may take a while to block all the different ip's but it's possible.

example: http://www.dslreports.com/forum/r19798124-Creating-router-firewall-rules-to-block-IP-addresses

Im chill like that

Offline Szaman

  • Soldier
  • **
  • Posts: 145
Re: Flooding attack
« Reply #22 on: April 07, 2014, 05:05:45 am »
OK, you can. But we are trying to find some universal (semi-)automatic solution for that problem.

Btw, can someone confirm that admin port (by TCP) is NOT used while normal gaming? I mean - if you play, you use only UDP communcation?

Offline Bonecrusher

  • Global Moderator
  • Veteran
  • *****
  • Posts: 1397
  • High above
    • Zabijaka.pl
Re: Flooding attack
« Reply #23 on: April 07, 2014, 05:15:45 am »
You can block TCP and you will not be able to connect via admin programs. You will be able to join the server and play though.

Im chill like that

Offline Szaman

  • Soldier
  • **
  • Posts: 145
Re: Flooding attack
« Reply #24 on: April 07, 2014, 05:21:14 am »
OK. Thanks for info :)

Offline Bonecrusher

  • Global Moderator
  • Veteran
  • *****
  • Posts: 1397
  • High above
    • Zabijaka.pl
Re: Flooding attack
« Reply #25 on: April 07, 2014, 05:44:40 am »
Not sure if it will prevent flooding attacks, you will have to test it.

Im chill like that

Offline Szaman

  • Soldier
  • **
  • Posts: 145
Re: Flooding attack
« Reply #26 on: April 07, 2014, 05:57:42 am »
Afaik those attack are via TCP. So blocking TCP port should prevent them.

Offline jrgp

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 5036
Re: Flooding attack
« Reply #27 on: April 07, 2014, 09:39:27 pm »
Hey guys, few times a very bad guy is trying to crash our server:

14-04-01 09:27:00 Admin disconnected (93.114.43.179).
14-04-01 09:27:00 Admin disconnected (93.114.43.179).
14-04-01 09:27:00 Admin disconnected (93.114.43.179).
14-04-01 09:27:00 Admin disconnected (93.114.43.179).
14-04-01 09:27:00 Admin disconnected (93.114.43.179).

After server takes 98% of processor and its impossible to join.
Do you know this IP?
Do you know a way of protecting against this? Something another than iptables?

The Linux tool fail2ban can be configured to watch the soldat logfiles in realtime and automatically block IPs that do weird things like what you pasted. It adds a new chain to iptables which it manages by itself and adds IPs to (and optionally removes them after)

You can block TCP and you will not be able to connect via admin programs. You will be able to join the server and play though.

You also won't be able to download custom maps/sceneries.
There are other worlds than these

Offline Szaman

  • Soldier
  • **
  • Posts: 145
Re: Flooding attack
« Reply #28 on: April 08, 2014, 02:21:37 am »
1. But fail2ban has a delay with checking the log (interval checking)
2. Soldat has also an interval of logs updating (next delay)
3. There are some cases when Soldat is not producing/updating logs while being attacked
4. Due to those delays Soldat server will crash minimum once
5. Am I wrong or the maps are maintained on the other port (admin port + 123 if I remember correctly) ?

Offline Bonecrusher

  • Global Moderator
  • Veteran
  • *****
  • Posts: 1397
  • High above
    • Zabijaka.pl
Re: Flooding attack
« Reply #29 on: April 08, 2014, 02:52:38 am »
5. TCP is join port + 10.

Im chill like that

Offline jrgp

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 5036
Re: Flooding attack
« Reply #30 on: April 08, 2014, 04:28:05 am »
1. But fail2ban has a delay with checking the log (interval checking)
2. Soldat has also an interval of logs updating (next delay)
3. There are some cases when Soldat is not producing/updating logs while being attacked
4. Due to those delays Soldat server will crash minimum once

You can use the functionality provided by CSF (a front end to iptables) that automatically blocks IPs which open too many connections during a set interval on a specific TCP port. That may help this.

Have you tried keeping a 'tcpdump dst port 23083' open that logs the mallicous traffic you're getting? Have you looked in dmesg to see if you're getting packet flooding that sets off messages in the kernel log?
There are other worlds than these

Offline dominikkk26

  • Camper
  • ***
  • Posts: 404
    • PMGsite
Re: Flooding attack
« Reply #31 on: April 08, 2014, 08:03:03 am »
Hmm developers should give the option to choose ports for clients (administrators) when connecting.

Offline elMorvano

  • Major(1)
  • Posts: 44
  • Center Of Soldat
    • Center Of Soldat
Re: Flooding attack
« Reply #32 on: April 08, 2014, 04:39:20 pm »
Okay... Soldat killed me now totally. I know an EASY way to kill the server. I'll write only with devs about this. PRIV.

Probably without any protecion all servers will just go mad.
« Last Edit: April 08, 2014, 05:07:20 pm by elMorvano »
www.facebook.com/coSoldat

Center Of Soldat

Offline Falcon`

  • Flagrunner
  • ****
  • Posts: 792
  • A wanted lagger
Re: Flooding attack
« Reply #33 on: April 08, 2014, 05:21:58 pm »
I didn't read the whole topic, but i had once a problem like this. Solution was to add some pre-soldat authentication system that would open the admin port for given IP address. In my case i've used port knocking
If you're not paying for something, you're not the customer; you're the product being sold.
- Andrew Lewis

Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.

Offline Szaman

  • Soldier
  • **
  • Posts: 145
Re: Flooding attack
« Reply #34 on: April 08, 2014, 05:26:09 pm »
@FalconPL: very good idea :)

Offline elMorvano

  • Major(1)
  • Posts: 44
  • Center Of Soldat
    • Center Of Soldat
Re: Flooding attack
« Reply #35 on: April 08, 2014, 05:36:04 pm »
Temporary solution against my way (ofc. I won't tell you which way, this can even kill your machine) is: run your soldatserver by soldatserver_legacy. Thanks.

And now my scripts don't work - GG. I'm really tired of Soldat's bugs T_T
« Last Edit: April 08, 2014, 06:01:29 pm by elMorvano »
www.facebook.com/coSoldat

Center Of Soldat