[|P|Nitro]

Rambetter I pm'd you, but It really would be nice if you used the services you host and pay for :/ I have been in your mumble server day and night for past week and you dont show up :(

[no|kbar]

according to the same friend that linked me that page on altfire, the requests are originating from port 80? is this true?

[|P|Nitro]

Kbar, on 09 March 2012 - 07:57 PM, said:

http://www.altfire.c...php?news_id=586

I got linked this by a fellow quaker.

hopefully it helps?

yes those rules work and have been posted already,

[Rambetter]

NITRO I'm hardly ever around that's why I'm not on Mumble.

OK guys I added a little special logic to my latest patch. This is of course still in the newer ioquake3-UrT-server-4.1 branch.

Once an IP address makes it into the "temp ban list", I keep a count of how many more requests come in from that IP address. Once 180 requests come in, I "renew" the ban.

So if an IP keeps spamming getstatus'es, it will stay in the ban list as long as it keeps getting spammed, without ever triggering a response.

I also improved the debug (a.k.a. developer) logging, so you can do "developer 1" in your console and you will no longer get thousands of lines of "SV packet" lines during a DRDoS attack. In fact the developer logging will tell you exactly when a ban is being renewed after reaching count 180.

This post has been edited by Rambetter: 09 March 2012 - 10:38 PM

[[UZF]zombiebob]

Rambetter, on 09 March 2012 - 10:37 PM, said:

I keep a count of how many more requests come in from that IP address. Once 180 requests come in, I "renew" the ban.

So if an IP keeps spamming getstatus'es, it will stay in the ban list as long as it keeps getting spammed, without ever triggering a response.

patch keeps getting better :) nice work

[Rambetter]

I updated my patch again.
This time, I'm giving players a "second chance".
If you get into the temp ban list but then try to getstatus after 3 seconds, the server will unban you from that list if you haven't sent more than 5 requests in those 3 seconds.

So if you spam the "refresh" button in your client you actually will never get banned for more than 3 seconds.

[ipwnn00bs]

Thanks RAM, read the new code, and installing in all my boxes

[sC`SailorMo-n]

Hi,

sorry for the awkward question (especially if it was already discussed - I've only read the last 2-3 pages); why don't just change the protocol and force a handshake (syn/ack for example), then?
If gametracker, the master list etc. are some of the main reasons, add a whitelist with trusted IPs that works without it, as a temporary solution until everyone updates their trackers (although this would make them one of the few possible targets).

This post has been edited by SailorMon: 10 March 2012 - 03:08 PM

[|P|Nitro]

SailorMon, on 10 March 2012 - 03:05 PM, said:

Hi,

sorry for the awkward question (especially if it was already discussed - I've only read the last 2-3 pages); why don't just change the protocol and force a handshake (syn/ack for example), then?
If gametracker, the master list etc. are some of the main reasons, add a whitelist with trusted IPs that works without it, as a temporary solution until everyone updates their trackers (although this would make them one of the few possible targets).

It would required coding a new system into the client game and releasing a new version/update to the game.
Servers would need to be updated with the new system too.
then the master servers would be required to have this new functionality added to them aswell.

Its not simple work, especially when your also trying to release a new version of the game too.

then there is the question of getting everyone updated: there are still many servers that still run 4.1 rather than 4.1.1 and it was released months ago.

[sC`SailorMo-n]

NITRO, on 10 March 2012 - 08:01 PM, said:

It would required coding a new system into the client game and releasing a new version/update to the game.
Servers would need to be updated with the new system too.
then the master servers would be required to have this new functionality added to them aswell.

Its not simple work, especially when your also trying to release a new version of the game too.

then there is the question of getting everyone updated: there are still many servers that still run 4.1 rather than 4.1.1 and it was released months ago.

You are correct, it is a lot of work - but it's much better than ignoring the right solution. Until now, the fixes are trying to detect and slow down an attack that is already running, instead of updating the protocol to something secure that stops it altogether.

Are you sure that clients need to be updated, too? Aren't they getting the info from the master server, or just a list of IPs that they proceed to query themselves? Because if the getstatus command is issued only in-game, then the server must only check if the sender is on the server.

The master severs are under FS, if I'm not mistaken. So they're easily patchable. As for the other servers - FS already saidt they will de-list the ones which haven't updated to the latest version, so they could do that again.

Alternatively, if this isn't an option, just publish a list of secure IPs (master servers, well-known trackers) and block everything else via iptables...