 sl.Home |
 sl.Search |
 sl.Forum |
 sl.Settings |
 sl.Serverlist |
 sl.Maplist |
 sl.Team |
 sl.Wiki |
» RtCW/Enemy Territory
» Bug-Tracker
Rules / Regeln
- no copy 'n paste, only your own words (quoting is possible)- please write in English which sounds sense (orthography should be recognizable) - no rumours, no clan-news (except larger events) - always with list of reference/originator - please create compact news, 4-10 lines, colors, bold and cursive fontype is allowed (*) We decide finally which news will be published or not. Not published news remains here only if it is acceptable. |
- kein Copy&Paste, nur eigene Worte (Zitat möglich)- bitte vernünftiges Deutsch mit erkennbarer Rechtschreibung ;) - keine Gerüchte, keine Clannews (ausgenommen größere Veranstaltungen) - immer mit Quellen- oder Urheberangabe - bitte kompakte News, 4-10 Zeilen, Farbe, fett, kursiv möglich (*) Wir entscheiden letztlich, welche News veröffentlicht wird und welche nicht. Nicht veröffentlichte News bleiben hier in diesem Forum bestehen, es sei denn sie sind für uns inakzeptabel. |
- pas de copier coller, vos propres mots (citations possible)- lisible et sans fautes ;) - pas de "on dit", pa de news des clans (sauf les grandes manifs) - toujours citer les sources - essaies de faire compact, 4 - 10 lignes, couleur, gras possible (*) On decide a la fin, laquelle des news va etre publie und laquelle non. News non publies restent dans ce forum, sauf si elle est inacceptable! |
| POTENTIONAL FIX: etded.x86 getstatus exploit |
| Guest_Dutchman_* |
 Jan 6 2011, 11:16 AM
Post
#1
|
|
Guests  |
Hi,
since a few months there is a exploit floating around abusing the getstatus requests to launch dos attacks against random targets and as a side effect creating massive lags on clients and the server. Cause of this Yada from Staatsschutz.org made a patch for linux wich reduces the effectivity of this exploit. QUOTE etfix_getstatus 0.2 by yada / staatsschutz.org / jan. 2011 ------ This patch will ratelimit etded.x86 2.60b getstatus requests to 1 per IP every 4 seconds. This approach is not ideal as the real fix would be to change the protocol to require some kind of handshake but this would break compatibility with existing clients so its not really practical. The worst part is that the patch is (in theory) vulnerable to a dos where legitimate clients could be denied access to the getstatus command but i feel this is less of a headache than kiddies using the server to flood random targets and thereby lagging the server and pushing bandwith usage through the roof (master server is excluded from ratelimit so no need to worry about it being denied using spoofed packets). Download the file right here. A readme.txt, the sourcecode and a small howto are included. Your free to distribute this file. This post has been edited by Dutchman: Jan 6 2011, 11:33 AM |
 |
 
|
 |
|
Aug 29 2011, 12:33 AM
Post
#2
|
|
|
Private Group: Members Joined: 5-March 08 Member No.: 68457 |
i've noticed on our server a few slower attacks packetting us just below our threshold. yesterday i reduced the threshold too low and legitimate game clients were dropped upon connecting. what i decided to do was run a second instance with a longer check time (10 mins) and higher packet #. seems to be working well along with the 3 sec script. wouldn't it be possible to write an iptables rule to only allow those packets from specific ips? ie legitimate trackers: et master server, trackbase, splatterladder, etc? the downside being that game clients couldn't do a /serverstatus, but i think its a small price to pay until theres a permanent solution.
|
|
|
|
Dutchman POTENTIONAL FIX: etded.x86 getstatus exploit Jan 6 2011, 11:16 AM
Ligustah For those running a dedicated server:
i hacked to... Feb 10 2011, 10:46 PM
Sickboy works nicely Ligustah, thank you ;) Aug 25 2011, 07:50 AM $mart Hello, does anyone know a Windows version of this ... Aug 25 2011, 09:20 AM ETc|Jay QUOTE ($mart @ Aug 25 2011, 10:20 AM... Aug 26 2011, 12:11 AM Ligustah Ugh, programatically banning IPs on Windows is by ... Aug 25 2011, 11:32 PM Dutchman QUOTE (Ligustah @ Aug 26 2011, 12:32 AM) ... Aug 26 2011, 08:25 AM $mart Thanks guys,
Yes, on Windows, it is difficult to m... Aug 26 2011, 08:30 AM Ligustah As for the CommView program, i see two problems wi... Aug 26 2011, 10:30 AM MwgWolf ty guys :P Aug 28 2011, 10:28 AM daredevil You can also try netlimiter. In windows 2008 R2 E... Aug 28 2011, 04:20 PM Ligustah It is certainly possible to make iptable rules tha... Aug 29 2011, 09:35 AM Old-Owl Thanks Ligustah for you nice script that seems ver... Aug 30 2011, 10:49 PM Ligustah I am actually using a simple wrapper about my ipta... Aug 30 2011, 11:45 PM -sunkist- I didn't see any getstatus floods since april ... Oct 15 2011, 02:45 AM $mart Still attacks 10/10/11 : http://www.hirntot.org/di... Oct 15 2011, 10:02 AM schnoog The getstatus exploit is more active than ever.
I... Oct 15 2011, 10:24 AM -sunkist- QUOTE (schnoog @ Oct 15 2011, 11:24 AM) T... Oct 17 2011, 06:51 PM Dutchman QUOTE (-sunkist- @ Oct 17 2011, 07... Oct 17 2011, 10:52 PM -sunkist- QUOTE (Dutchman @ Oct 17 2011, 11:52 PM) ... Oct 17 2011, 11:03 PM Dutchman QUOTE (-sunkist- @ Oct 18 2011, 12... Oct 17 2011, 11:16 PM -sunkist- QUOTE (Dutchman @ Oct 18 2011, 12:16 AM) ... Oct 17 2011, 11:21 PM Dutchman ok:) Oct 17 2011, 11:50 PM AmericanPie1979 good morning :)
i found maybe a solution for thi... Oct 18 2011, 08:21 AM -sunkist- QUOTE (AmericanPie1979 @ Oct 18 2011, 09... Oct 18 2011, 08:49 PM TomDome Ich denke es ist rauslesbar was er sagen will und ... Oct 18 2011, 09:44 PM AmericanPie1979 Ich würde mal sagen wer lesen kann ist klar im Vo... Oct 18 2011, 10:29 PM $mart Hello
32% CPU => with how many players and/or ... Oct 19 2011, 08:01 AM Ligustah ZITAT($mart @ Oct 19 2011, 09:01 AM)... Oct 19 2011, 08:23 AM AmericanPie1979 i have 16 bots now
i disabled the master server... Oct 19 2011, 09:38 AM Ligustah ZITAT(AmericanPie1979 @ Oct 19 2011, 10:3... Oct 19 2011, 10:42 AM AmericanPie1979 hab gesehen das es auf 3 roots die gleichen flood ... Oct 19 2011, 10:52 AM schnoog Das Problem ist doch, dass die Angreiffer IP gespo... Oct 19 2011, 12:36 PM Dutchman American, i see you are running your game on a lin... Oct 19 2011, 01:31 PM AmericanPie1979 Dutchman :) thx for info but i have 2.55+ so all p... Oct 19 2011, 03:27 PM Dutchman I don't know wich etded.x86 version you have ... Oct 19 2011, 03:36 PM AmericanPie1979 it says unknown etded.x86 version
can you send m... Oct 19 2011, 03:45 PM daredevil English please so others having same issue can und... Oct 19 2011, 04:12 PM AmericanPie1979 i am writing english but sry its little bad :P
TH... Oct 19 2011, 04:17 PM Dutchman QUOTE (AmericanPie1979 @ Oct 19 2011, 05... Oct 19 2011, 05:58 PM AmericanPie1979 cpu is on 21 - 22 %
network is now ok
rx: 1... Oct 19 2011, 06:25 PM Dutchman QUOTE (AmericanPie1979 @ Oct 19 2011, 07... Oct 19 2011, 06:43 PM AmericanPie1979 they are both on my Teamspeak ^^ Opa and Mörder ;... Oct 19 2011, 06:46 PM Old-Owl The scripts against that getstatus exploit works f... Oct 23 2011, 02:03 PM schnoog There`s nothing you can do against the incomin... Oct 23 2011, 02:25 PM Ligustah I just recently had to answer that question to som... Oct 23 2011, 05:39 PM |
|
Lo-Fi Version | Time is now: 8th November 2025 - 09:47 AM |
