SA-MP Forums

Go Back   SA-MP Forums > SA-MP Server > Server Support

Reply
 
Thread Tools Display Modes
Old 19/05/2014, 10:26 PM   #21
ombre
Huge Clucker
 
Join Date: Jul 2010
Posts: 267
Reputation: 6
Default Re: New samp fail ?

but here it's not a "standard" flood but like a bots/players invisible. Flood incoming = "server is full retrying" I seen it like a exploit samp. To talk to iptables but when there are thousands and thousands ips...and how to detect this flood orther that to update the r2 to r3...

Last edited by ombre; 19/05/2014 at 11:38 PM.
ombre is offline   Reply With Quote
Old 11/06/2014, 12:08 PM   #22
Nicow
Big Clucker
 
Nicow's Avatar
 
Join Date: Oct 2012
Location: France
Posts: 95
Reputation: 60
Default Re : New samp fail ?

This is right.
We are the 2nd server in the FR community, we receive several attack of that kind.
The 1st french server is also down because of these stupid attacks.
Thousands of ip are flooding you want some logs ? Alright : http://pastebin.com/0ZW87JJx

143 lines of incoming connections in one second, the older versions of SA:MP didn't have this problem
Don't say we don't use iptables ^^
Our iptables -L is full of CIDR ranges

Please, do something to prevent that exploit, this is annoying for us and our players
__________________

Nicow is offline   Reply With Quote
Old 11/06/2014, 12:47 PM   #23
Khanz
Banned
 
Join Date: Dec 2008
Posts: 1,703
Reputation: 401
Default Re: New samp fail ?

Use iptables and set a rule so all IP's can have a max of 2 connections.
Khanz is offline   Reply With Quote
Old 11/06/2014, 01:02 PM   #24
Nicow
Big Clucker
 
Nicow's Avatar
 
Join Date: Oct 2012
Location: France
Posts: 95
Reputation: 60
Default Re : New samp fail ?

Each IP address have 1 connection ..
__________________

Nicow is offline   Reply With Quote
Old 11/06/2014, 01:19 PM   #25
IvanAyuso
Big Clucker
 
Join Date: Jan 2013
Posts: 82
Reputation: 13
Default Respuesta: Re : New samp fail ?

Quote:
Originally Posted by Nicow View Post
Each IP address have 1 connection ..
Exactly, is IP spoofing with packets of incoming connection and query, none of the IP repeats, are many falses IP.

Last edited by IvanAyuso; 21/06/2015 at 10:40 AM.
IvanAyuso is offline   Reply With Quote
Old 11/06/2014, 05:17 PM   #26
scott1
Huge Clucker
 
Join Date: Oct 2008
Posts: 434
Reputation: 3
Default Re: New samp fail ?

We just have to wait.

When LSRP will receive those type of attack, we will have an update.

I remember few moth ago. our firewall was able to contain all the flood.

Since 0.3z, it isn't able to. So i think it came from SAMP.

Max
__________________
scott1 is offline   Reply With Quote
Old 11/06/2014, 05:26 PM   #27
Vince
Spam Machine
 
Vince's Avatar
 
Join Date: Sep 2007
Location: Belgium
Posts: 10,092
Reputation: 2655
Default Re: Re : New samp fail ?

Quote:
Originally Posted by Nicow View Post
Each IP address have 1 connection ..
So? Unless the server is restarting it is unlikely that this much people connect at once. Put a limit on connections per second GLOBALLY instead of per player (upper limit being 10% of your server slots or so). Block any connection that exceeds this limit for a few minutes, with BlockIPAddress.

Furthermore, it is possible to catch the query packets with iptables string matching.
__________________
Vince is offline   Reply With Quote
Old 11/06/2014, 05:42 PM   #28
Nicow
Big Clucker
 
Nicow's Avatar
 
Join Date: Oct 2012
Location: France
Posts: 95
Reputation: 60
Default Re : New samp fail ?

The packet are the same that the legitimate players send when they join the server (an ovh tech confirmed it)

And for the connection rate limit :

Quote:
Originally Posted by IvanAyuso View Post
Exactly, is IP spoofing with packets of incoming connection and query, none of the IP repeats, are many falses IP.

Theses IP are false.
We'll block "fake" ips and we may block legitimate players ips that try to connect
When we're being attacked our players all try to connect, like on a restart because generally the server is empty (people are disconnecting because of spam bot and lags)


Like scott1 said, i think samp needs a fix
__________________

Nicow is offline   Reply With Quote
Old 12/06/2014, 01:38 AM   #29
Kalcor
SA-MP Developer
 
Join Date: Apr 2005
Posts: 1,017
Reputation: 2804
Default Re: New samp fail ?

There isn't much SA-MP can do to stop DDoS attacks (attacks coming from multiple IPs).

DDoS isn't blocked at the application level. It has to be blocked at the firewall/router level. This is true for any game server, or any service you run online; including web server, mail server etc.

SA-MP can address DoS attacks (from a single IP/player). Those are the sort of attacks that get fixed in the server updates.

It's possible SA-MP could make certain types of flood attacks more difficult by having several levels of verification. But in that case it just comes down to how determined the attacker is to flood the server. If they have access to a large botnet, it's likely they could disrupt your services without even targeting the SA-MP server port.
Kalcor is offline   Reply With Quote
Old 12/06/2014, 08:01 AM   #30
Nicow
Big Clucker
 
Nicow's Avatar
 
Join Date: Oct 2012
Location: France
Posts: 95
Reputation: 60
Default Re : New samp fail ?

Kalcor, thank you for answering
This is not a DDoS attack, the attacker don't want to crash our server, our server can handle all the incoming requests.
For example our sql server is able to respond the users's requests even if we get attacked because like i said it's not DDoS, the server can handle the packets.

The attacker launch several requests to make our server full, this have to be checked in the application layer.
__________________

Nicow is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why does SAMP fail when it comes to lag sync? Sharples Client Support 2 23/12/2013 07:35 AM
SAMP bug or code fail? DiGiTaL_AnGeL Scripting Help 3 27/03/2013 06:07 PM
Strcmp fail, or did I fail? JamesS Scripting Help 3 20/02/2013 08:36 PM
Fail? KaleOtter Help Archive 2 06/01/2011 04:15 PM


All times are GMT. The time now is 11:30 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.