SA-MP Forums

SA-MP Forums (
-   Server Support (
-   -   Vulnerability "Joining the game" (

oOFotherOo 26/08/2019 07:09 PM

Vulnerability "Joining the game"
Hello, as many already know SA-MP has always had problems before special DDoS attacks such as before was the "Query Flood" or "Incoming connection flood" that are still a problem for those who do not have much knowledge about network security. It is incredible that today hosting a SA-MP server is so expensive for these problems that is why many communities are constantly closing.

Nowadays a new fault has come out that does not allow players to connect and is not the typical "Server didn't respond" that is caused by a flood with the payloads "08 1e 77 da" for servers in ports 7777, the system of cookies works correctly only for DoS attacks but against spoofed attacks is useless. And above all because almost any provider applies rate limits to these packages "THIS WHEN HAPPENED TO A LOT OF PEOPLE AND EVEN TELL THE HOSTING PROVIDER THAT YOU HAVE RULES AND THAT THE SERVER DOES NOT AFFECT THE ABSOLUTE THE HOSTING PROVIDER ALMOST REJECTS ALWAYS REMOVE THE LIMIT RATE FOR BANDWITCH CONSUMPTION" More than one in this forum I think you understand what I am talking about.

The new method is similar to that of the "incoming connection flood" in this case when the player receives a response from the server after sending the cookie request "08 1e 77 da" (7777 port) the client sends another request in "Joining the game..." that is" first byte = random | second byte = 1e (STATIC) | third byte = random | fourth byte = random "this spoofed attack is deadly with only 100 mbps of this flood almost all providers will block / limit the traffic of 4-byte packets leaving access to the players denied, the problem with this attack on the hosting providers is to identify which is legitimate and which is not because the players send random ones themselves with the second byte = 1e (STATIC) is very problematic for almost all hosting providers, some agree to leave the traffic open only if the pps are not very high but then they charge you the bandwitch which affects in a monetary way and they do not charge you the bandwitch and leave the traffic open and the attacker decides to increase the power of the attack resulting in a total collapse of the server due to the large number of pps.

I do not release code for testing because it is forbidden, if any BETA TESTER needs the code send me MP and I send them.

My community was affected by this attack I was able to reduce it through various mitigation techniques but still false positives occur and sometimes there are players that have to last up to 1 minute to access the server.

I hope the beta testers read this post and try to modify the loggin system to the SAMP server because it is something that affects a lot of people in SAMP and is what caused the withdrawal of servers and players in SAMP because it is frustrating for a Programmer make a project and that when you finish it and open your server then you must spend a lot of money on a good hosting provider or study a lot about network security is that for many it is very frustrating and 80% decide better to close and leave.

A greeting.

Koplan 30/08/2019 02:22 AM

Re: Vulnerability "Joining the game"
Same vulnerability...

SlowARG 30/09/2019 02:48 AM

Re: Vulnerability "Joining the game"
Not random bytes at all, my old friend...


All times are GMT. The time now is 07:34 PM.

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.