ETF2L – Latest activity in “Ddos” https://staging.etf2l.org/forum/support/topic-14890/ Reply by WabbitsFoot https://staging.etf2l.org/forum/support/topic-14890/page-6/?recent=307503#post=307503 generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=307503 Sun, 29 May 2011 17:19:58 +0200 Reply by ronny https://staging.etf2l.org/forum/support/topic-14890/page-6/?recent=307503#post=259775 generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=259775 Wed, 22 Dec 2010 12:07:29 +0100 Reply by Arie https://staging.etf2l.org/forum/support/topic-14890/page-6/?recent=307503#post=259765 Quoted from octochris
Will be writing a Windows version soon using ipfw (NOT iptables), unless Arie or Ronny is already on it.
Please do. Quoted from Black_Bob
Will this work on multiplay servers using clanforge, not a clue if its linux or windows
You need 'root' (Linux) or 'Administrator' (Windows) rights to configure a firewall like this. So you'll have to ask Multiplay to add an option to enable this for your server. It's worth the investment for GSPs since all Orangebox engine games (DoD:S, CS:S and TF2) can be exploited.]]> generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=259765 Wed, 22 Dec 2010 10:36:01 +0100 Reply by Black_Bob https://staging.etf2l.org/forum/support/topic-14890/page-6/?recent=307503#post=259666 generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=259666 Tue, 21 Dec 2010 23:22:56 +0100 Reply by Dr. Chris https://staging.etf2l.org/forum/support/topic-14890/page-6/?recent=307503#post=259402 generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=259402 Tue, 21 Dec 2010 10:46:41 +0100 Reply by byte https://staging.etf2l.org/forum/support/topic-14890/page-6/?recent=307503#post=259401 generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=259401 Tue, 21 Dec 2010 10:43:29 +0100 Reply by ronny https://staging.etf2l.org/forum/support/topic-14890/page-6/?recent=307503#post=259384 generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=259384 Tue, 21 Dec 2010 09:20:12 +0100 Reply by ronny https://staging.etf2l.org/forum/support/topic-14890/page-6/?recent=307503#post=258783 short update: Arie and me worked hard the last night and today and hopefully we've found another solution than whitelisting IPs. We'll test it within the next days in some officials. How it works We are limiting the "A2S"-Packages from Valve which are used for quering server information like who is playing on the server. This can be done with the linux firewall using "iptables" and the information found here http://developer.valvesoftware.com/wiki/Server_queries When everything works fine I'll write an howto so you can secure your root server, too. Btw, sorry to all ppl who were playing on the dm server while we tested this "lag exploit". It just made more sense to test it on a server where people are playing ;-) Cheers, Ronny nice-servers.com]]> generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=258783 Sun, 19 Dec 2010 16:35:06 +0100 Reply by Arie https://staging.etf2l.org/forum/support/topic-14890/page-6/?recent=307503#post=258499 Quoted from Ronny
How can you help? Forward every information you might have about this exploit and I will see what I can do. Currently we just can't do much because we do not have the exploit. And all package information (captured with tcpdump - including udp packages) and iptables log files seemed to be "ok". Link to the things which I already tried: http://www.nice-servers.com/en/blog/84-ddos-und-dos-exploits-gegenmassnahmen.html Cheers, Ronny nice-servers.com
I have the necessary tools to launch an attack. Verified it takes less than 1MB/s upstream to kill a busy server (my own, achievement_idle, don't worry ;) ). Ronny, contact me on friends or IRC. Also, how can you help: Keep playing games, get videocasts instead of relay-casts. Get the casters whitelisted and on the server until the situation is resolved.]]> generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=258499 Sat, 18 Dec 2010 23:19:34 +0100 Reply by adam-skyride https://staging.etf2l.org/forum/support/topic-14890/page-6/?recent=307503#post=258430 generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=258430 Sat, 18 Dec 2010 20:53:36 +0100 Reply by ronny https://staging.etf2l.org/forum/support/topic-14890/page-5/?recent=307503#post=258424 How did see that the server was attacked? All people were warping around and it was unplayable. Did it affect all gameservers on the physical machine? No! Just the gameserver where the top teams were playing were affected. Therefore it was no general DDOS attack to the server. It even isn't a normal DOS attack. It seems to be a simple exploit / bug in the source engine of Valve. Do Anti-(D)DOS Plugins help? There are a lot of plugins out there to avoid (D)DOS attacks. Plugins as a gameserver addon (DAF), sourcemod, metamod addons and the query cache application in my blog entry. And NO. They don't help because it is not a D(DOS) attack! We were able to play one game after the first attack and it seemed to help so I posted this blog entry. But the next day the attack was back. What are the next steps? Don't know yet. Shox is working on an application to simulate this behavior and we will then try to fix it with e.g. iptables (Firewall). So far, the only chance when someone is using this exploit is 1) Go offline in steam friends 2) Play on a private server not listed in steams masterlist 3) Whitelist the players ip adress for iptables Yes, I know that this is complicated. But these things are currently be done by all top teams for every game! How can you help? Forward every information you might have about this exploit and I will see what I can do. Currently we just can't do much because we do not have the exploit. And all package information (captured with tcpdump - including udp packages) and iptables log files seemed to be "ok". Link to the things which I already tried: http://www.nice-servers.com/en/blog/84-ddos-und-dos-exploits-gegenmassnahmen.html Cheers, Ronny nice-servers.com]]> generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=258424 Sat, 18 Dec 2010 20:32:33 +0100 Reply by Spike Himself https://staging.etf2l.org/forum/support/topic-14890/page-5/?recent=307503#post=258222 generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=258222 Sat, 18 Dec 2010 12:50:03 +0100 Reply by WARHURYEAH https://staging.etf2l.org/forum/support/topic-14890/page-5/?recent=307503#post=258084 generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=258084 Sat, 18 Dec 2010 01:43:38 +0100 Reply by xInuy https://staging.etf2l.org/forum/support/topic-14890/page-5/?recent=307503#post=258074 generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=258074 Sat, 18 Dec 2010 00:53:57 +0100 Reply by Hildreth https://staging.etf2l.org/forum/support/topic-14890/page-5/?recent=307503#post=258073 generator=rsdiscuss&baseurl=https://staging.etf2l.org&feed=forum&forum=support&topic=14890&post=258073 Sat, 18 Dec 2010 00:50:42 +0100