SA-MP Forums

Go Back   SA-MP Forums > SA-MP Server > Server Support

Reply
 
Thread Tools Display Modes
Old 26/08/2019, 07:09 PM   #1
oOFotherOo
Gangsta
 
oOFotherOo's Avatar
 
Join Date: May 2012
Location: Tokyo
Posts: 639
Reputation: 49
Default Vulnerability "Joining the game"

Hello, as many already know SA-MP has always had problems before special DDoS attacks such as before was the "Query Flood" or "Incoming connection flood" that are still a problem for those who do not have much knowledge about network security. It is incredible that today hosting a SA-MP server is so expensive for these problems that is why many communities are constantly closing.

Nowadays a new fault has come out that does not allow players to connect and is not the typical "Server didn't respond" that is caused by a flood with the payloads "08 1e 77 da" for servers in ports 7777, the system of cookies works correctly only for DoS attacks but against spoofed attacks is useless. And above all because almost any provider applies rate limits to these packages "THIS WHEN HAPPENED TO A LOT OF PEOPLE AND EVEN TELL THE HOSTING PROVIDER THAT YOU HAVE RULES AND THAT THE SERVER DOES NOT AFFECT THE ABSOLUTE THE HOSTING PROVIDER ALMOST REJECTS ALWAYS REMOVE THE LIMIT RATE FOR BANDWITCH CONSUMPTION" More than one in this forum I think you understand what I am talking about.

The new method is similar to that of the "incoming connection flood" in this case when the player receives a response from the server after sending the cookie request "08 1e 77 da" (7777 port) the client sends another request in "Joining the game..." that is" first byte = random | second byte = 1e (STATIC) | third byte = random | fourth byte = random "this spoofed attack is deadly with only 100 mbps of this flood almost all providers will block / limit the traffic of 4-byte packets leaving access to the players denied, the problem with this attack on the hosting providers is to identify which is legitimate and which is not because the players send random ones themselves with the second byte = 1e (STATIC) is very problematic for almost all hosting providers, some agree to leave the traffic open only if the pps are not very high but then they charge you the bandwitch which affects in a monetary way and they do not charge you the bandwitch and leave the traffic open and the attacker decides to increase the power of the attack resulting in a total collapse of the server due to the large number of pps.

I do not release code for testing because it is forbidden, if any BETA TESTER needs the code send me MP and I send them.

My community was affected by this attack I was able to reduce it through various mitigation techniques but still false positives occur and sometimes there are players that have to last up to 1 minute to access the server.

I hope the beta testers read this post and try to modify the loggin system to the SAMP server because it is something that affects a lot of people in SAMP and is what caused the withdrawal of servers and players in SAMP because it is frustrating for a Programmer make a project and that when you finish it and open your server then you must spend a lot of money on a good hosting provider or study a lot about network security is that for many it is very frustrating and 80% decide better to close and leave.

A greeting.
__________________
[IMG]http://************/kjjafed[/IMG]
oOFotherOo is offline   Reply With Quote
Old 30/08/2019, 02:22 AM   #2
Koplan
Huge Clucker
 
Koplan's Avatar
 
Join Date: Aug 2016
Location: 127.0.0.1
Posts: 227
Reputation: 53
Default Re: Vulnerability "Joining the game"

Same vulnerability...
__________________
[Tutorial] Medidas para evitar ataques DDoS

alojatuga.com - em construção
Koplan is offline   Reply With Quote
Old 30/09/2019, 02:48 AM   #3
SlowARG
Big Clucker
 
SlowARG's Avatar
 
Join Date: Feb 2014
Posts: 52
Reputation: 18
Default Re: Vulnerability "Joining the game"

Not random bytes at all, my old friend...

Regards.
SlowARG is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
stuck at "connected, joining the game" minimalmatyi Client Support 10 17/01/2015 06:25 AM
Stuck on "Connected. Joining the game..." SiraBots Server Support 5 27/03/2014 08:17 PM
Freeze after "Connected. Joining game..." Jamcraftadam Client Support 1 18/06/2013 08:43 AM
Server crash at "Connected. Joining the game." [BG]PREDATOR Server Support 2 07/05/2012 12:51 PM
[Problem]"Connected. Joining the game..." SpaZ (Ed) Help Archive 10 05/09/2010 02:40 PM


All times are GMT. The time now is 05:22 AM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.