We have been discussing this in the admin forum and I thought it might be good for everyone else to be aware of.
In case you have not noticed, our server and many others may not be showing up in various game monitoring programs and web sites.
It also may show up but show no players there when there really are some there.
Mike discovered that the gamespy port was being used in a Denial of Service attack.
He blocked the offending IP's, but a few days later it happened again and he had to block additional IP's'
If you see these symptoms, please inform an admin so we can investigate/contact Mike.
This is Mike's explanation:
--------------------------------------------------------------------------------------------------------------------------------
For those that might be interested, this is what was going on with our server/bfrm/gamespy the last few days.
A DRDoS ("Distributed Reflected Denial of Service") attack is a special type of DDoS . In a DRDoS, the target is not attacked directly; instead, the attacker sends faked (spoofed) traffic to a set of other IPs, which then respond to that traffic to the IP that was spoofed, and in doing so flood the victim offline. By sending packets that elicit a much larger response, the DRDoS initiator can generate a very large attack with a very small amount of traffic.
This type of attack has become very common lately. Here's a more specific example:
1. The attacker decides to target IP address 127.0.0.1:27015, which is a CS:S server that he has been banned from.
2. The attacker connects to a machine that he had previously compromised and uses a traffic generator tool to send simple query packets to a large number of other game servers, specifying a (fake) source of 127.0.0.1:27015. Each query packet is less than 50 bytes, so the attacker can send many thousands of these per second without using much bandwidth; even a very low-end machine can do it.
3. These game servers ("reflectors") respond to 127.0.0.1:27015 with much larger packets, often 500+ bytes long, containing lists of the players in those servers.
4. The CS:S server at 127.0.0.1:27015, upon receiving the huge wave of attack traffic from thousands of different IPs, is overwhelmed. It is unable to serve legitimate clients or respond to queries itself, causing a denial of service.
Many ISPs have "reverse path filtering" in place, which (for the most part) prevents customers from pretending to be IPs that they are not, also preventing them from being used to launch attacks like this. Unfortunately, not every provider can or does.
Our server was just an unknowing participant of someone else's war.
Denial of Service attacks affecting BF42 Server
-
- Forum User
- Posts: 823
- Joined: Thu Apr 19, 2007 6:09 pm
- Location: South Carolina, USA
- [JiF]Uncle Stinky
- Forum User
- Posts: 1057
- Joined: Mon Oct 15, 2007 1:42 pm
- Location: Fairfax, Virginia
Re: Denial of Service attacks affecting BF42 Server
What is the purpose of these kinds of attacks?
- Gnome-father
- Forum User
- Posts: 521
- Joined: Mon Dec 28, 2009 2:05 pm
- Location: Norway, Bødalen
Re: Denial of Service attacks affecting BF42 Server
I can't belive that there exsist such douchebags in the world
- [JiF]Uncle Stinky
- Forum User
- Posts: 1057
- Joined: Mon Oct 15, 2007 1:42 pm
- Location: Fairfax, Virginia
Re: Denial of Service attacks affecting BF42 Server
Sadly, you are correct.
- [JiF]Pvt. Harrick
- Forum User
- Posts: 552
- Joined: Sat Nov 08, 2008 9:05 pm
- Location: DC Metro Area
Re: Denial of Service attacks affecting BF42 Server
My initial response is: it sounds almost like what i've been dealing with my computer lately, everything fixed, then the other day a security software pops up, says i have two attempts at identity theft on my computer, then my internet explorer wont work. Probably not the place to bring that up though...
Final response: OMG WOW WHO'S HASNT GOT ENOUGH OF A LIFE, THAT HE HAS TO DO THAT?
Final response: OMG WOW WHO'S HASNT GOT ENOUGH OF A LIFE, THAT HE HAS TO DO THAT?
- [JiF]ALargeWoodenBadger
- Forum User
- Posts: 774
- Joined: Thu Aug 24, 2006 12:56 am
- Location: Ontario, Canada
Re: Denial of Service attacks affecting BF42 Server
Please stop. This is disrespectful to douchbags. Douchbags, and other douching products have both purpose and value in this world. They clean the unclean-able. They go places no self respecting wash cloth would dare. They cleanse the deep dark recesses, crevasse and orifices that would otherwise be ignored and of course, they help give confidence to people who sometimes simply don't feel fresh - people like you and I.Gnome-father wrote:I can't belive that there exsist such douchebags in the world
So Thank you Massengil,
thank you StreemMaster,
and thank you male-douche.com (whos' premium quality Mini Douche is designed with your convenience in mind! Now available with the optional large double nozzle kit)
You've made life just a little less unpleasant.
(wow - I've written a lot of dumb tongue-in-check junk in this forum over the years but somehow this one almost made me vomit in my own mouth. $23.95 extra for the large double nozzle kit. That's sickening.)
"Oh god, I've never been so happy to be beaten up by a woman"
Captain Zapp Brannigan
Captain Zapp Brannigan