Urban Terror Forums: DRDoS - Urban Terror Forums

Jump to content

 Login | Register 
Advertisement
  • (27 Pages)
  • +
  • « First
  • 21
  • 22
  • 23
  • 24
  • 25
  • Last »
  • You cannot start a new topic
  • This topic is locked

DRDoS Rate Topic: ***** 1 Votes

Server used as reflector fro DRDoS

#221 User is offline   napalm Icon

  • Account: napalm
  • Joined: 13-March 12
  • Posts: 1

Posted 13 March 2012 - 03:50 AM

View PostSailorMon, on 11 March 2012 - 10:41 AM, said:

You are correct, it is a lot of work - but it's much better than ignoring the right solution. Until now, the fixes are trying to detect and slow down an attack that is already running, instead of updating the protocol to something secure that stops it altogether.

Are you sure that clients need to be updated, too? Aren't they getting the info from the master server, or just a list of IPs that they proceed to query themselves? Because if the getstatus command is issued only in-game, then the server must only check if the sender is on the server.

The master severs are under FS, if I'm not mistaken. So they're easily patchable. As for the other servers - FS already saidt they will de-list the ones which haven't updated to the latest version, so they could do that again.

Alternatively, if this isn't an option, just publish a list of secure IPs (master servers, well-known trackers) and block everything else via iptables...


Hi guys,
I joined your forum just to let you know that I'd like to help you with finding the right solution to this problem. I'm running a game that is based on Q3 code with custom master server and my ISP almost disconnected my servers because of these DRDoS issues. If you're about to implement a proper fix for this with TCP getstatus/getinfo and player session init and UDP for game packets, let me know. I don't find these firewall rules and in-game ban patches a sufficient protection.

Thanks,
Adam

#222 User is offline   Rambetter Icon

  •   community dev   
  • Account: rambetter
  • Joined: 28-February 10
  • Posts: 1,140

Posted 13 March 2012 - 04:26 AM

View Postnapalm, on 13 March 2012 - 03:50 AM, said:

Hi guys,
I joined your forum just to let you know that I'd like to help you with finding the right solution to this problem. I'm running a game that is based on Q3 code with custom master server and my ISP almost disconnected my servers because of these DRDoS issues. If you're about to implement a proper fix for this with TCP getstatus/getinfo and player session init and UDP for game packets, let me know. I don't find these firewall rules and in-game ban patches a sufficient protection.

Thanks,
Adam


Player session init already works kind of like TCP. It uses a "challenge". So I think that's taken care of already.


#224 User is offline   jahtariii Icon

  • Account: jahtariii
  • Joined: 07-March 12
  • Posts: 5

Posted 14 March 2012 - 02:06 AM

View PostRambetter, on 10 March 2012 - 02:42 AM, said:

I updated my patch again.
This time, I'm giving players a "second chance".
If you get into the temp ban list but then try to getstatus after 3 seconds, the server will unban you from that list if you haven't sent more than 5 requests in those 3 seconds.

So if you spam the "refresh" button in your client you actually will never get banned for more than 3 seconds.



ah cool, that's nice to hear! Thx again for your very nice fix!

This post has been edited by jahtariii: 14 March 2012 - 02:06 AM


#225 User is offline   zombiebob Icon

  • Account: zombiebob
  • Main tag: [UZF]
  • Joined: 28-February 10
  • Posts: 85

Posted 15 March 2012 - 07:03 AM

My servers are now back online for testing after having been offline since my first post on the ddos "second coming".

I have built from Rambetters SVN. Nice guide is available here http://daffy.nerius.com/urtserver/

I see I can now rename players from rcon, that’s new for me! (:

I will post any feedback and appreciate feedback from anyone else who is testing the patch. I would like to answer the following questions

Is outgoing bandwidth still being raped?
How many rogue packets are we talking about with the new patch if the number of attacker IP's is escalated?
Well I guess basically, Does the patch work?


Looking forward to seeing my test results and hearing results from anyone else who has built from the SVN to combat this exploit!

Thanks for your time
>>zB

p.s Rambetter, did you get any feedback from your data-center re: your first letter to them on the matter?

This post has been edited by zombiebob: 15 March 2012 - 07:04 AM


bullet_loaderAdvertisement

#226 User is offline   ipwnn00bs Icon

  • Account: ipwnn00bs
  • Joined: 06-June 10
  • Posts: 23

Posted 17 March 2012 - 01:22 AM

@zombiebob

Probably 3-6 packets each 2 minutes per IP? lol :P Almost null.

How you rename with rcon? forcecvar I guess? Or is another easier command? :P

#227 User is offline   Nitro Icon

  •   QA member   
  • Account: nitro
  • Main tag: |P|
  • Country:
  • Joined: 15-March 10
  • Posts: 1,133

Posted 17 March 2012 - 01:31 AM

View Postipwnn00bs, on 17 March 2012 - 01:22 AM, said:


How you rename with rcon? forcecvar I guess? Or is another easier command? :P




/rcon forcecvar <slot> name N00bsyB00bsy

there are other things such as the clients RATE / maxpackets can be forced.

This post has been edited by NITRO: 17 March 2012 - 01:32 AM

Lian Li pc-o11dw Der 8auer Edition · Gigabyte x570 Aorus Xtreme · AMD Ryzen 9 5950x 16-Core
32GB DDR4 3800MHz CL16 · 2x 1TB Samsung NVMe RAID 0 · 16GB Radeon RX 6900XT Liquid Cooled

#228 User is offline   Rambetter Icon

  •   community dev   
  • Account: rambetter
  • Joined: 28-February 10
  • Posts: 1,140

Posted 18 March 2012 - 05:44 PM

@zombiebob - Outgoing traffic is theoretically back to normal with the patch (if it really does work). Only 3 getstatus responses are sent to the IP being attacked, and if the flood continues, no more are sent as long as the flood keeps coming. Even after 2 minutes. Even after an hour or a day. When the attack to that IP stops, the "temp ban" expires and then if it starts again to that IP address, 3 getstatus responses are sent and then the IP is placed in the "temp ban" once more.

I did get a reply from the data center. They appreciate my efforts to curb the bandwidth, but I think they would have been OK if I had done nothing at that point too.

@ipwnnoobs - The "forcecvar" command is an additional patch you have to apply yourself. And it's only good for sh*ts and giggles. It basically pretends to modify the client's "clientuserinfo" string. But as soon as the client, say, chooses a different loadout, the new clientuserinfo will override the one you force-modified. So it's not good for doing anything like setting rate in my opinion. I use it for temporarily setting player names to funny things and mostly for giving bots specific funstuff and weapons. Actually I originally included it in my patches specifically for setting bot weapons and funstuff.

This post has been edited by Rambetter: 18 March 2012 - 05:47 PM


#229 User is offline   Rambetter Icon

  •   community dev   
  • Account: rambetter
  • Joined: 28-February 10
  • Posts: 1,140

Posted 20 March 2012 - 12:39 AM

Barbatos and anyone else who's interested -

I updated my "regular" server code repository (svn://svn.clanwtf.net/repos/ioUrT-server-4.1) with the latest improvements to the DRDoS handling code.

If you want the changes, look at commit revision 956.

I guess the strategy for now is to keep making incremental changes as the exploit code evolves.

My big worry is that the exploit code will be rewritten to allow only a trickle of getstatus requests, at a rate of 1 per second. Across 1000 UrT servers that's 1000 per second to the target being attacked. If I see that this is happening, I'll probably have to add some more code that looks at total getstatus requests per IP for longer durations such as 1 minute. This requires bigger structures in memory which is annoying.

#230 User is offline   Nitro Icon

  •   QA member   
  • Account: nitro
  • Main tag: |P|
  • Country:
  • Joined: 15-March 10
  • Posts: 1,133

Posted 20 March 2012 - 03:23 AM

would increasing the tempban not help? now that you have the facility in place to unban accidental spams

for example 15 mins?

1000 servers
= 1000 getstatus requests per 15 mins
= 67 getstatus requests per min
= 1.12 getstatus requests per second?


also how much memory are you talking about? for high games like 32 slot the server only uses less than ~128 meg so what would another 32meg give you?
Lian Li pc-o11dw Der 8auer Edition · Gigabyte x570 Aorus Xtreme · AMD Ryzen 9 5950x 16-Core
32GB DDR4 3800MHz CL16 · 2x 1TB Samsung NVMe RAID 0 · 16GB Radeon RX 6900XT Liquid Cooled

  • (27 Pages)
  • +
  • « First
  • 21
  • 22
  • 23
  • 24
  • 25
  • Last »
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Advertisement


Copyright © 1999-2024 Frozensand Games Limited  |  All rights reserved  |  Urban Terror™ and FrozenSand™ are trademarks of Frozensand Games Limited

Frozensand Games is a Limited company registered in England and Wales. Company Reg No: 10343942