 sl.Home |
 sl.Search |
 sl.Forum |
 sl.Settings |
 sl.Serverlist |
 sl.Maplist |
 sl.Team |
 sl.Wiki |
» RtCW/Enemy Territory
» Bug-Tracker
Rules / Regeln
- no copy 'n paste, only your own words (quoting is possible)- please write in English which sounds sense (orthography should be recognizable) - no rumours, no clan-news (except larger events) - always with list of reference/originator - please create compact news, 4-10 lines, colors, bold and cursive fontype is allowed (*) We decide finally which news will be published or not. Not published news remains here only if it is acceptable. |
- kein Copy&Paste, nur eigene Worte (Zitat möglich)- bitte vernünftiges Deutsch mit erkennbarer Rechtschreibung ;) - keine Gerüchte, keine Clannews (ausgenommen größere Veranstaltungen) - immer mit Quellen- oder Urheberangabe - bitte kompakte News, 4-10 Zeilen, Farbe, fett, kursiv möglich (*) Wir entscheiden letztlich, welche News veröffentlicht wird und welche nicht. Nicht veröffentlichte News bleiben hier in diesem Forum bestehen, es sei denn sie sind für uns inakzeptabel. |
- pas de copier coller, vos propres mots (citations possible)- lisible et sans fautes ;) - pas de "on dit", pa de news des clans (sauf les grandes manifs) - toujours citer les sources - essaies de faire compact, 4 - 10 lignes, couleur, gras possible (*) On decide a la fin, laquelle des news va etre publie und laquelle non. News non publies restent dans ce forum, sauf si elle est inacceptable! |
| POTENTIONAL FIX: etded.x86 getstatus exploit |
| Guest_Dutchman_* |
 Jan 6 2011, 11:16 AM
Post
#1
|
|
Guests  |
Hi,
since a few months there is a exploit floating around abusing the getstatus requests to launch dos attacks against random targets and as a side effect creating massive lags on clients and the server. Cause of this Yada from Staatsschutz.org made a patch for linux wich reduces the effectivity of this exploit. QUOTE etfix_getstatus 0.2 by yada / staatsschutz.org / jan. 2011 ------ This patch will ratelimit etded.x86 2.60b getstatus requests to 1 per IP every 4 seconds. This approach is not ideal as the real fix would be to change the protocol to require some kind of handshake but this would break compatibility with existing clients so its not really practical. The worst part is that the patch is (in theory) vulnerable to a dos where legitimate clients could be denied access to the getstatus command but i feel this is less of a headache than kiddies using the server to flood random targets and thereby lagging the server and pushing bandwith usage through the roof (master server is excluded from ratelimit so no need to worry about it being denied using spoofed packets). Download the file right here. A readme.txt, the sourcecode and a small howto are included. Your free to distribute this file. This post has been edited by Dutchman: Jan 6 2011, 11:33 AM |
 |
 
|
 |
|
Aug 29 2011, 09:35 AM
Post
#2
|
|
 CorporalGroup: Members Joined: 25-December 09 Member No.: 89191 |
It is certainly possible to make iptable rules that work like the script i posted. I actually experimented with that for quite a while,
though i can't remember why i went for the script in the end. Blocking getstatus alltogether might not be a good idea. Game trackers are not the only ones who send getstatus requests. Programs like XFire, HLSW or RCON Unlimited all rely on getstatus and will probably show the server offline if you block them. You might however apply the script i posted above only to getstatus packets. At the moment it will count all connectionless packets (getinfo, rcon, getchallenge, etc). QUELLTEXT filter = "udp and src host 123.456.789.123 and udp[8:4] = 0xFFFFFFFF" The last part of the filter checks the next 4 bytes at offset 8. You can change that to check for a longer byte sequence so as to catch getstatus only. I never bothered doing that. I have been using a limit of 300 packets for quite a while now and it seems to work out very smoothly, haven't heard of legit clients getting dropped or being unable to connect. You will however have to adapt that limit depending on the number of game servers you run on your machine. This post has been edited by Ligustah: Aug 29 2011, 09:36 AM |
|
|
|
Dutchman POTENTIONAL FIX: etded.x86 getstatus exploit Jan 6 2011, 11:16 AM
Ligustah For those running a dedicated server:
i hacked to... Feb 10 2011, 10:46 PM
Sickboy works nicely Ligustah, thank you ;) Aug 25 2011, 07:50 AM $mart Hello, does anyone know a Windows version of this ... Aug 25 2011, 09:20 AM ETc|Jay QUOTE ($mart @ Aug 25 2011, 10:20 AM... Aug 26 2011, 12:11 AM Ligustah Ugh, programatically banning IPs on Windows is by ... Aug 25 2011, 11:32 PM Dutchman QUOTE (Ligustah @ Aug 26 2011, 12:32 AM) ... Aug 26 2011, 08:25 AM $mart Thanks guys,
Yes, on Windows, it is difficult to m... Aug 26 2011, 08:30 AM Ligustah As for the CommView program, i see two problems wi... Aug 26 2011, 10:30 AM MwgWolf ty guys :P Aug 28 2011, 10:28 AM daredevil You can also try netlimiter. In windows 2008 R2 E... Aug 28 2011, 04:20 PM Sickboy i've noticed on our server a few slower attack... Aug 29 2011, 12:33 AM Old-Owl Thanks Ligustah for you nice script that seems ver... Aug 30 2011, 10:49 PM Ligustah I am actually using a simple wrapper about my ipta... Aug 30 2011, 11:45 PM -sunkist- I didn't see any getstatus floods since april ... Oct 15 2011, 02:45 AM $mart Still attacks 10/10/11 : http://www.hirntot.org/di... Oct 15 2011, 10:02 AM schnoog The getstatus exploit is more active than ever.
I... Oct 15 2011, 10:24 AM -sunkist- QUOTE (schnoog @ Oct 15 2011, 11:24 AM) T... Oct 17 2011, 06:51 PM Dutchman QUOTE (-sunkist- @ Oct 17 2011, 07... Oct 17 2011, 10:52 PM -sunkist- QUOTE (Dutchman @ Oct 17 2011, 11:52 PM) ... Oct 17 2011, 11:03 PM Dutchman QUOTE (-sunkist- @ Oct 18 2011, 12... Oct 17 2011, 11:16 PM -sunkist- QUOTE (Dutchman @ Oct 18 2011, 12:16 AM) ... Oct 17 2011, 11:21 PM Dutchman ok:) Oct 17 2011, 11:50 PM AmericanPie1979 good morning :)
i found maybe a solution for thi... Oct 18 2011, 08:21 AM -sunkist- QUOTE (AmericanPie1979 @ Oct 18 2011, 09... Oct 18 2011, 08:49 PM TomDome Ich denke es ist rauslesbar was er sagen will und ... Oct 18 2011, 09:44 PM AmericanPie1979 Ich würde mal sagen wer lesen kann ist klar im Vo... Oct 18 2011, 10:29 PM $mart Hello
32% CPU => with how many players and/or ... Oct 19 2011, 08:01 AM Ligustah ZITAT($mart @ Oct 19 2011, 09:01 AM)... Oct 19 2011, 08:23 AM AmericanPie1979 i have 16 bots now
i disabled the master server... Oct 19 2011, 09:38 AM Ligustah ZITAT(AmericanPie1979 @ Oct 19 2011, 10:3... Oct 19 2011, 10:42 AM AmericanPie1979 hab gesehen das es auf 3 roots die gleichen flood ... Oct 19 2011, 10:52 AM schnoog Das Problem ist doch, dass die Angreiffer IP gespo... Oct 19 2011, 12:36 PM Dutchman American, i see you are running your game on a lin... Oct 19 2011, 01:31 PM AmericanPie1979 Dutchman :) thx for info but i have 2.55+ so all p... Oct 19 2011, 03:27 PM Dutchman I don't know wich etded.x86 version you have ... Oct 19 2011, 03:36 PM AmericanPie1979 it says unknown etded.x86 version
can you send m... Oct 19 2011, 03:45 PM daredevil English please so others having same issue can und... Oct 19 2011, 04:12 PM AmericanPie1979 i am writing english but sry its little bad :P
TH... Oct 19 2011, 04:17 PM Dutchman QUOTE (AmericanPie1979 @ Oct 19 2011, 05... Oct 19 2011, 05:58 PM AmericanPie1979 cpu is on 21 - 22 %
network is now ok
rx: 1... Oct 19 2011, 06:25 PM Dutchman QUOTE (AmericanPie1979 @ Oct 19 2011, 07... Oct 19 2011, 06:43 PM AmericanPie1979 they are both on my Teamspeak ^^ Opa and Mörder ;... Oct 19 2011, 06:46 PM Old-Owl The scripts against that getstatus exploit works f... Oct 23 2011, 02:03 PM schnoog There`s nothing you can do against the incomin... Oct 23 2011, 02:25 PM Ligustah I just recently had to answer that question to som... Oct 23 2011, 05:39 PM |
|
Lo-Fi Version | Time is now: 1st July 2025 - 11:03 AM |
