Re: [hlds] TF2 Crashes (Alec Sanger)
How would you block this using iptables? if it means people cannot see the server during an attack but it doesn't kick out players who are already playing that is fine by me... Kyle. On Sat, Aug 8, 2009 at 2:13 PM, Tony Paloma drunkenf...@hotmail.com wrote: You'd be blocking any new players from seeing your server. Also, if you're using iptables you'd want to list the IPs you want to allow first and then deny all others. Iptable rules are applied in order. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Matt Stanton Sent: Saturday, August 08, 2009 12:33 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This may be a completely stupid idea, but keep in mind I do not know the capabilities of SQL or of the linux kernel firewall. Would it be feasable to DENY all UDP, then add ALLOWs for each ip address in a HLStatsX database? I know we have roughly 100,000 players logged by HLStatsX, so it seems like this would be far too many ips to have in a firewall to get any sort of quick response, and would likely jack latency up to a very extreme amount. If everything *is* fast enough to handle that amount of information, then you could institute an DENY all rule when an attack is detected, quickly add the ips of everyone who is currently on the server to the ALLOW rules, then start adding ips in the HLStatsX database to the ALLOW rules. You may also consider only adding ips with a certain threshold of time spent on the servers. Once the attack has died down, you could just go back to the normal firewall rules. It would be a nasty big coding job, but someone on this list is bound to be able to do it if it's feasable. Kyle Sanderson wrote: Sorry for my previous negligence this just started with my server 2 nights ago, I didn't realise it until now but it is the exact same thing that is happening with was was mentioned previously (Extremely high pings, players ingame start skipping all over the place, etc.) If anyone has anymore information on how to block this attack please do not hesitate to email me, Kyle. On Thu, Aug 6, 2009 at 4:35 PM, Tony Paloma drunkenf...@hotmail.com wrote: It's different IPs. Random IPs. Like I said, it's spoofed. Changing the max queries cvar will only change when source engine decides to stop giving replies but doesn't seem to help the lag. An iptables rule will prevent server lag but still have the same no-reply problem which prevents players from seeing your server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 4:22 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Is it the same IP or does it change? Would changing sv_max_queries_max do anything? On Aug 6, 2009, at 6:04 PM, Tony Paloma drunkenf...@hotmail.com wrote: Not with any currently available utilities. You can limit the number of queries allowed per second using an iptables rule, but it will also prevent regular players from seeing your server during an attack. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:57 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) So it's not possible to block this? ClanAO.com On Aug 6, 2009, at 5:34 PM, Tony Paloma drunkenf...@hotmail.com wrote: From earlier in the thread: It's A2S_INFO query spam on spoofed IP addresses -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:17 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Cam you give us more info on this? What type of attack is this? On Aug 6, 2009, at 4:56 PM, Tony Paloma drunkenf...@hotmail.com wrote: That plugin does nothing to prevent attack I (and others) have been experiencing nor does this have anything to do with running console commands before entering the game. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kyle Sanderson Sent: Thursday, August 06, 2009 2:12 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) I installed that new RconLock and my server is still going strong. If you don't want all the features that come with it, download the source like I did and strip it down. RconLock: https://forums.alliedmods.net/showthread.php?t=93934 The kid
Re: [hlds] TF2 Crashes (Alec Sanger)
Set a rate limit based on length per destination IP. Something like 10 or 15/second will do. -A INPUT -p udp -m udp --dport 27015:27016 -m length --length 53 -m hashlimit --hashlimit 15/sec --hashlimit-burst 30 --hashlimit-mode dstip,dstport --hashlimit-name a2sspam -j ACCEPT -A INPUT -p udp -m udp --dport 27015:27016 -m length --length 53 -j DROP -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kyle Sanderson Sent: Saturday, August 08, 2009 10:59 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) How would you block this using iptables? if it means people cannot see the server during an attack but it doesn't kick out players who are already playing that is fine by me... Kyle. On Sat, Aug 8, 2009 at 2:13 PM, Tony Paloma drunkenf...@hotmail.com wrote: You'd be blocking any new players from seeing your server. Also, if you're using iptables you'd want to list the IPs you want to allow first and then deny all others. Iptable rules are applied in order. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Matt Stanton Sent: Saturday, August 08, 2009 12:33 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This may be a completely stupid idea, but keep in mind I do not know the capabilities of SQL or of the linux kernel firewall. Would it be feasable to DENY all UDP, then add ALLOWs for each ip address in a HLStatsX database? I know we have roughly 100,000 players logged by HLStatsX, so it seems like this would be far too many ips to have in a firewall to get any sort of quick response, and would likely jack latency up to a very extreme amount. If everything *is* fast enough to handle that amount of information, then you could institute an DENY all rule when an attack is detected, quickly add the ips of everyone who is currently on the server to the ALLOW rules, then start adding ips in the HLStatsX database to the ALLOW rules. You may also consider only adding ips with a certain threshold of time spent on the servers. Once the attack has died down, you could just go back to the normal firewall rules. It would be a nasty big coding job, but someone on this list is bound to be able to do it if it's feasable. Kyle Sanderson wrote: Sorry for my previous negligence this just started with my server 2 nights ago, I didn't realise it until now but it is the exact same thing that is happening with was was mentioned previously (Extremely high pings, players ingame start skipping all over the place, etc.) If anyone has anymore information on how to block this attack please do not hesitate to email me, Kyle. On Thu, Aug 6, 2009 at 4:35 PM, Tony Paloma drunkenf...@hotmail.com wrote: It's different IPs. Random IPs. Like I said, it's spoofed. Changing the max queries cvar will only change when source engine decides to stop giving replies but doesn't seem to help the lag. An iptables rule will prevent server lag but still have the same no-reply problem which prevents players from seeing your server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 4:22 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Is it the same IP or does it change? Would changing sv_max_queries_max do anything? On Aug 6, 2009, at 6:04 PM, Tony Paloma drunkenf...@hotmail.com wrote: Not with any currently available utilities. You can limit the number of queries allowed per second using an iptables rule, but it will also prevent regular players from seeing your server during an attack. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:57 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) So it's not possible to block this? ClanAO.com On Aug 6, 2009, at 5:34 PM, Tony Paloma drunkenf...@hotmail.com wrote: From earlier in the thread: It's A2S_INFO query spam on spoofed IP addresses -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:17 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Cam you give us more info on this? What type of attack is this? On Aug 6, 2009, at 4:56 PM, Tony Paloma drunkenf...@hotmail.com wrote: That plugin does nothing to prevent attack I (and others) have been experiencing nor does
Re: [hlds] TF2 Crashes (Alec Sanger)
http://www.google.com/search?q=STEAM_0:1:18382821 He has been active... thanks. On Thu, Aug 6, 2009 at 11:12 PM, Kyle Sandersonkyle.l...@gmail.com wrote: I installed that new RconLock and my server is still going strong. If you don't want all the features that come with it, download the source like I did and strip it down. RconLock: https://forums.alliedmods.net/showthread.php?t=93934 The kid who was crashing my server a month ago / exploit: http://aluigi.freeforums.org/source-engine-seg-fault-crash-exploit-t993.html Kyle On Thu, Aug 6, 2009 at 8:32 AM, Tony Paloma drunkenf...@hotmail.com wrote: Ya attack has been ongoing for a couple hours now on my server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Thursday, August 06, 2009 8:00 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Oh fun, some of my servers are empty. Guess it was only a matter of time until some shitface figured it out. On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma drunkenf...@hotmail.com wrote: It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
Sorry for my previous negligence this just started with my server 2 nights ago, I didn't realise it until now but it is the exact same thing that is happening with was was mentioned previously (Extremely high pings, players ingame start skipping all over the place, etc.) If anyone has anymore information on how to block this attack please do not hesitate to email me, Kyle. On Thu, Aug 6, 2009 at 4:35 PM, Tony Paloma drunkenf...@hotmail.com wrote: It's different IPs. Random IPs. Like I said, it's spoofed. Changing the max queries cvar will only change when source engine decides to stop giving replies but doesn't seem to help the lag. An iptables rule will prevent server lag but still have the same no-reply problem which prevents players from seeing your server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 4:22 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Is it the same IP or does it change? Would changing sv_max_queries_max do anything? On Aug 6, 2009, at 6:04 PM, Tony Paloma drunkenf...@hotmail.com wrote: Not with any currently available utilities. You can limit the number of queries allowed per second using an iptables rule, but it will also prevent regular players from seeing your server during an attack. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:57 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) So it's not possible to block this? ClanAO.com On Aug 6, 2009, at 5:34 PM, Tony Paloma drunkenf...@hotmail.com wrote: From earlier in the thread: It's A2S_INFO query spam on spoofed IP addresses -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:17 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Cam you give us more info on this? What type of attack is this? On Aug 6, 2009, at 4:56 PM, Tony Paloma drunkenf...@hotmail.com wrote: That plugin does nothing to prevent attack I (and others) have been experiencing nor does this have anything to do with running console commands before entering the game. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kyle Sanderson Sent: Thursday, August 06, 2009 2:12 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) I installed that new RconLock and my server is still going strong. If you don't want all the features that come with it, download the source like I did and strip it down. RconLock: https://forums.alliedmods.net/showthread.php?t=93934 The kid who was crashing my server a month ago / exploit: http://aluigi.freeforums.org/source-engine-seg-fault-crash-exploit-t993.html Kyle On Thu, Aug 6, 2009 at 8:32 AM, Tony Paloma drunkenf...@hotmail.com wrote: Ya attack has been ongoing for a couple hours now on my server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Thursday, August 06, 2009 8:00 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Oh fun, some of my servers are empty. Guess it was only a matter of time until some shitface figured it out. On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma drunkenf...@hotmail.com wrote: It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our
Re: [hlds] TF2 Crashes (Alec Sanger)
How many packets per second is it? Kyle Sanderson wrote: Sorry for my previous negligence this just started with my server 2 nights ago, I didn't realise it until now but it is the exact same thing that is happening with was was mentioned previously (Extremely high pings, players ingame start skipping all over the place, etc.) If anyone has anymore information on how to block this attack please do not hesitate to email me, Kyle. On Thu, Aug 6, 2009 at 4:35 PM, Tony Paloma drunkenf...@hotmail.com wrote: It's different IPs. Random IPs. Like I said, it's spoofed. Changing the max queries cvar will only change when source engine decides to stop giving replies but doesn't seem to help the lag. An iptables rule will prevent server lag but still have the same no-reply problem which prevents players from seeing your server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 4:22 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Is it the same IP or does it change? Would changing sv_max_queries_max do anything? On Aug 6, 2009, at 6:04 PM, Tony Paloma drunkenf...@hotmail.com wrote: Not with any currently available utilities. You can limit the number of queries allowed per second using an iptables rule, but it will also prevent regular players from seeing your server during an attack. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:57 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) So it's not possible to block this? ClanAO.com On Aug 6, 2009, at 5:34 PM, Tony Paloma drunkenf...@hotmail.com wrote: From earlier in the thread: It's A2S_INFO query spam on spoofed IP addresses -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:17 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Cam you give us more info on this? What type of attack is this? On Aug 6, 2009, at 4:56 PM, Tony Paloma drunkenf...@hotmail.com wrote: That plugin does nothing to prevent attack I (and others) have been experiencing nor does this have anything to do with running console commands before entering the game. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kyle Sanderson Sent: Thursday, August 06, 2009 2:12 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) I installed that new RconLock and my server is still going strong. If you don't want all the features that come with it, download the source like I did and strip it down. RconLock: https://forums.alliedmods.net/showthread.php?t=93934 The kid who was crashing my server a month ago / exploit: http://aluigi.freeforums.org/source-engine-seg-fault-crash-exploit-t993.html Kyle On Thu, Aug 6, 2009 at 8:32 AM, Tony Paloma drunkenf...@hotmail.com wrote: Ya attack has been ongoing for a couple hours now on my server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Thursday, August 06, 2009 8:00 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Oh fun, some of my servers are empty. Guess it was only a matter of time until some shitface figured it out. On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma drunkenf...@hotmail.com wrote: It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even
Re: [hlds] TF2 Crashes (Alec Sanger)
This may be a completely stupid idea, but keep in mind I do not know the capabilities of SQL or of the linux kernel firewall. Would it be feasable to DENY all UDP, then add ALLOWs for each ip address in a HLStatsX database? I know we have roughly 100,000 players logged by HLStatsX, so it seems like this would be far too many ips to have in a firewall to get any sort of quick response, and would likely jack latency up to a very extreme amount. If everything *is* fast enough to handle that amount of information, then you could institute an DENY all rule when an attack is detected, quickly add the ips of everyone who is currently on the server to the ALLOW rules, then start adding ips in the HLStatsX database to the ALLOW rules. You may also consider only adding ips with a certain threshold of time spent on the servers. Once the attack has died down, you could just go back to the normal firewall rules. It would be a nasty big coding job, but someone on this list is bound to be able to do it if it's feasable. Kyle Sanderson wrote: Sorry for my previous negligence this just started with my server 2 nights ago, I didn't realise it until now but it is the exact same thing that is happening with was was mentioned previously (Extremely high pings, players ingame start skipping all over the place, etc.) If anyone has anymore information on how to block this attack please do not hesitate to email me, Kyle. On Thu, Aug 6, 2009 at 4:35 PM, Tony Paloma drunkenf...@hotmail.com wrote: It's different IPs. Random IPs. Like I said, it's spoofed. Changing the max queries cvar will only change when source engine decides to stop giving replies but doesn't seem to help the lag. An iptables rule will prevent server lag but still have the same no-reply problem which prevents players from seeing your server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 4:22 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Is it the same IP or does it change? Would changing sv_max_queries_max do anything? On Aug 6, 2009, at 6:04 PM, Tony Paloma drunkenf...@hotmail.com wrote: Not with any currently available utilities. You can limit the number of queries allowed per second using an iptables rule, but it will also prevent regular players from seeing your server during an attack. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:57 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) So it's not possible to block this? ClanAO.com On Aug 6, 2009, at 5:34 PM, Tony Paloma drunkenf...@hotmail.com wrote: From earlier in the thread: It's A2S_INFO query spam on spoofed IP addresses -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:17 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Cam you give us more info on this? What type of attack is this? On Aug 6, 2009, at 4:56 PM, Tony Paloma drunkenf...@hotmail.com wrote: That plugin does nothing to prevent attack I (and others) have been experiencing nor does this have anything to do with running console commands before entering the game. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kyle Sanderson Sent: Thursday, August 06, 2009 2:12 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) I installed that new RconLock and my server is still going strong. If you don't want all the features that come with it, download the source like I did and strip it down. RconLock: https://forums.alliedmods.net/showthread.php?t=93934 The kid who was crashing my server a month ago / exploit: http://aluigi.freeforums.org/source-engine-seg-fault-crash-exploit-t993.html Kyle On Thu, Aug 6, 2009 at 8:32 AM, Tony Paloma drunkenf...@hotmail.com wrote: Ya attack has been ongoing for a couple hours now on my server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Thursday, August 06, 2009 8:00 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Oh fun, some of my servers are empty. Guess it was only a matter of time until some shitface figured it out. On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma drunkenf...@hotmail.com wrote: It is an attack. It's A2S_INFO query
Re: [hlds] TF2 Crashes (Alec Sanger)
You'd be blocking any new players from seeing your server. Also, if you're using iptables you'd want to list the IPs you want to allow first and then deny all others. Iptable rules are applied in order. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Matt Stanton Sent: Saturday, August 08, 2009 12:33 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This may be a completely stupid idea, but keep in mind I do not know the capabilities of SQL or of the linux kernel firewall. Would it be feasable to DENY all UDP, then add ALLOWs for each ip address in a HLStatsX database? I know we have roughly 100,000 players logged by HLStatsX, so it seems like this would be far too many ips to have in a firewall to get any sort of quick response, and would likely jack latency up to a very extreme amount. If everything *is* fast enough to handle that amount of information, then you could institute an DENY all rule when an attack is detected, quickly add the ips of everyone who is currently on the server to the ALLOW rules, then start adding ips in the HLStatsX database to the ALLOW rules. You may also consider only adding ips with a certain threshold of time spent on the servers. Once the attack has died down, you could just go back to the normal firewall rules. It would be a nasty big coding job, but someone on this list is bound to be able to do it if it's feasable. Kyle Sanderson wrote: Sorry for my previous negligence this just started with my server 2 nights ago, I didn't realise it until now but it is the exact same thing that is happening with was was mentioned previously (Extremely high pings, players ingame start skipping all over the place, etc.) If anyone has anymore information on how to block this attack please do not hesitate to email me, Kyle. On Thu, Aug 6, 2009 at 4:35 PM, Tony Paloma drunkenf...@hotmail.com wrote: It's different IPs. Random IPs. Like I said, it's spoofed. Changing the max queries cvar will only change when source engine decides to stop giving replies but doesn't seem to help the lag. An iptables rule will prevent server lag but still have the same no-reply problem which prevents players from seeing your server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 4:22 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Is it the same IP or does it change? Would changing sv_max_queries_max do anything? On Aug 6, 2009, at 6:04 PM, Tony Paloma drunkenf...@hotmail.com wrote: Not with any currently available utilities. You can limit the number of queries allowed per second using an iptables rule, but it will also prevent regular players from seeing your server during an attack. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:57 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) So it's not possible to block this? ClanAO.com On Aug 6, 2009, at 5:34 PM, Tony Paloma drunkenf...@hotmail.com wrote: From earlier in the thread: It's A2S_INFO query spam on spoofed IP addresses -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:17 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Cam you give us more info on this? What type of attack is this? On Aug 6, 2009, at 4:56 PM, Tony Paloma drunkenf...@hotmail.com wrote: That plugin does nothing to prevent attack I (and others) have been experiencing nor does this have anything to do with running console commands before entering the game. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kyle Sanderson Sent: Thursday, August 06, 2009 2:12 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) I installed that new RconLock and my server is still going strong. If you don't want all the features that come with it, download the source like I did and strip it down. RconLock: https://forums.alliedmods.net/showthread.php?t=93934 The kid who was crashing my server a month ago / exploit: http://aluigi.freeforums.org/source-engine-seg-fault-crash-exploit-t993.html Kyle On Thu, Aug 6, 2009 at 8:32 AM, Tony Paloma drunkenf...@hotmail.com wrote: Ya attack has been ongoing for a couple hours now on my server. -Original Message- From: hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
Didn't VALVe fix the physics_select bug months ago when it was addressed in this mailing list? If they didn't... kudos. Also, does anyone have anyway to stop it ie cheatflags (I've already attempted to add them as cheats with SM and Eventscripts... I'm guessing that worked out just as well as Mani did.) Kyle. On Wed, Aug 5, 2009 at 7:27 PM, Hutch hu...@halsplayground.com wrote: Cc and drunkenf00l, no one else is allowed look Cc: Have you done a traceroute/ping to your server to see if it's a network issue? Yes, numerous times and see zero loss, but occasional an ever so slight raise in the ping. traceroute gets through just fine as well. Cc: Is your server running on a higher priority than other services on your machine? What else is running on the machine? It's possible another program is taking over the available resources on the server and causing this freezing lag, or you are having some type of network issue. Yes, the game servers are running abovenormal and at one point used to run them as high. I messed with assigning instances to different processors and then dropped it back to all processors. No, there is nothing else running software wise. The box is solely for game servers. Removed IIS and everything else I could. Windows defender, all... Cc: Do you guys have the anti-DDoS plugin installed? There is a flood script out there that can do something similar to that which that plugin can help deter. I am running to see if its an exploit the following plugins at the time: sm_rconlock 0.2.8 (Just added today and its still happening) sm_commandblocker_version 1.0 dosp_version 1.0.0.0 daf_version Version 3 of SourceOP.com DoS Attack Fix Plugin DFool: It is an attack. It's A2S_INFO query spam on spoofed IP addresses. Do any of the above mentioned plugins I am using protect against this particular exploit? If not can you add physics_select and A2S_INFO to the command blocker plugin? I did verify like Tony that the physics cmd crashes server in console, but in game I can not get it to do anything simply by spamming the cmd in console. As far as a network issue, I suppose my next step is have the box moved to a different rack maybe later on this evening. Perhaps that will help. But, so far, all appropriate traffic seems to be able to go to and from the box. Hell I used my linux box at the house and just left constant ping on for hours to see if I would get any loss and nothing, except again I would notice a very slight raise in the response. Normally it responds 12-15ms, and it would jump to maybe 18 to 21ms. Nothing severe, and again with no loss... Hutch ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
Oh fun, some of my servers are empty. Guess it was only a matter of time until some shitface figured it out. On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma drunkenf...@hotmail.com wrote: It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
Ya attack has been ongoing for a couple hours now on my server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Thursday, August 06, 2009 8:00 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Oh fun, some of my servers are empty. Guess it was only a matter of time until some shitface figured it out. On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma drunkenf...@hotmail.com wrote: It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
I installed that new RconLock and my server is still going strong. If you don't want all the features that come with it, download the source like I did and strip it down. RconLock: https://forums.alliedmods.net/showthread.php?t=93934 The kid who was crashing my server a month ago / exploit: http://aluigi.freeforums.org/source-engine-seg-fault-crash-exploit-t993.html Kyle On Thu, Aug 6, 2009 at 8:32 AM, Tony Paloma drunkenf...@hotmail.com wrote: Ya attack has been ongoing for a couple hours now on my server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Thursday, August 06, 2009 8:00 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Oh fun, some of my servers are empty. Guess it was only a matter of time until some shitface figured it out. On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma drunkenf...@hotmail.com wrote: It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
That plugin does nothing to prevent attack I (and others) have been experiencing nor does this have anything to do with running console commands before entering the game. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kyle Sanderson Sent: Thursday, August 06, 2009 2:12 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) I installed that new RconLock and my server is still going strong. If you don't want all the features that come with it, download the source like I did and strip it down. RconLock: https://forums.alliedmods.net/showthread.php?t=93934 The kid who was crashing my server a month ago / exploit: http://aluigi.freeforums.org/source-engine-seg-fault-crash-exploit-t993.html Kyle On Thu, Aug 6, 2009 at 8:32 AM, Tony Paloma drunkenf...@hotmail.com wrote: Ya attack has been ongoing for a couple hours now on my server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Thursday, August 06, 2009 8:00 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Oh fun, some of my servers are empty. Guess it was only a matter of time until some shitface figured it out. On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma drunkenf...@hotmail.com wrote: It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
Cam you give us more info on this? What type of attack is this? On Aug 6, 2009, at 4:56 PM, Tony Paloma drunkenf...@hotmail.com wrote: That plugin does nothing to prevent attack I (and others) have been experiencing nor does this have anything to do with running console commands before entering the game. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kyle Sanderson Sent: Thursday, August 06, 2009 2:12 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) I installed that new RconLock and my server is still going strong. If you don't want all the features that come with it, download the source like I did and strip it down. RconLock: https://forums.alliedmods.net/showthread.php?t=93934 The kid who was crashing my server a month ago / exploit: http://aluigi.freeforums.org/source-engine-seg-fault-crash-exploit-t993.html Kyle On Thu, Aug 6, 2009 at 8:32 AM, Tony Paloma drunkenf...@hotmail.com wrote: Ya attack has been ongoing for a couple hours now on my server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Thursday, August 06, 2009 8:00 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Oh fun, some of my servers are empty. Guess it was only a matter of time until some shitface figured it out. On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma drunkenf...@hotmail.com wrote: It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
From earlier in the thread: It's A2S_INFO query spam on spoofed IP addresses -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:17 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Cam you give us more info on this? What type of attack is this? On Aug 6, 2009, at 4:56 PM, Tony Paloma drunkenf...@hotmail.com wrote: That plugin does nothing to prevent attack I (and others) have been experiencing nor does this have anything to do with running console commands before entering the game. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kyle Sanderson Sent: Thursday, August 06, 2009 2:12 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) I installed that new RconLock and my server is still going strong. If you don't want all the features that come with it, download the source like I did and strip it down. RconLock: https://forums.alliedmods.net/showthread.php?t=93934 The kid who was crashing my server a month ago / exploit: http://aluigi.freeforums.org/source-engine-seg-fault-crash-exploit-t993.html Kyle On Thu, Aug 6, 2009 at 8:32 AM, Tony Paloma drunkenf...@hotmail.com wrote: Ya attack has been ongoing for a couple hours now on my server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Thursday, August 06, 2009 8:00 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Oh fun, some of my servers are empty. Guess it was only a matter of time until some shitface figured it out. On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma drunkenf...@hotmail.com wrote: It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
So it's not possible to block this? ClanAO.com On Aug 6, 2009, at 5:34 PM, Tony Paloma drunkenf...@hotmail.com wrote: From earlier in the thread: It's A2S_INFO query spam on spoofed IP addresses -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:17 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Cam you give us more info on this? What type of attack is this? On Aug 6, 2009, at 4:56 PM, Tony Paloma drunkenf...@hotmail.com wrote: That plugin does nothing to prevent attack I (and others) have been experiencing nor does this have anything to do with running console commands before entering the game. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kyle Sanderson Sent: Thursday, August 06, 2009 2:12 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) I installed that new RconLock and my server is still going strong. If you don't want all the features that come with it, download the source like I did and strip it down. RconLock: https://forums.alliedmods.net/showthread.php?t=93934 The kid who was crashing my server a month ago / exploit: http://aluigi.freeforums.org/source-engine-seg-fault-crash-exploit-t993.html Kyle On Thu, Aug 6, 2009 at 8:32 AM, Tony Paloma drunkenf...@hotmail.com wrote: Ya attack has been ongoing for a couple hours now on my server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Thursday, August 06, 2009 8:00 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Oh fun, some of my servers are empty. Guess it was only a matter of time until some shitface figured it out. On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma drunkenf...@hotmail.com wrote: It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
Not with any currently available utilities. You can limit the number of queries allowed per second using an iptables rule, but it will also prevent regular players from seeing your server during an attack. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:57 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) So it's not possible to block this? ClanAO.com On Aug 6, 2009, at 5:34 PM, Tony Paloma drunkenf...@hotmail.com wrote: From earlier in the thread: It's A2S_INFO query spam on spoofed IP addresses -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:17 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Cam you give us more info on this? What type of attack is this? On Aug 6, 2009, at 4:56 PM, Tony Paloma drunkenf...@hotmail.com wrote: That plugin does nothing to prevent attack I (and others) have been experiencing nor does this have anything to do with running console commands before entering the game. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kyle Sanderson Sent: Thursday, August 06, 2009 2:12 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) I installed that new RconLock and my server is still going strong. If you don't want all the features that come with it, download the source like I did and strip it down. RconLock: https://forums.alliedmods.net/showthread.php?t=93934 The kid who was crashing my server a month ago / exploit: http://aluigi.freeforums.org/source-engine-seg-fault-crash-exploit-t993.html Kyle On Thu, Aug 6, 2009 at 8:32 AM, Tony Paloma drunkenf...@hotmail.com wrote: Ya attack has been ongoing for a couple hours now on my server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Thursday, August 06, 2009 8:00 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Oh fun, some of my servers are empty. Guess it was only a matter of time until some shitface figured it out. On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma drunkenf...@hotmail.com wrote: It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences
Re: [hlds] TF2 Crashes (Alec Sanger)
Is it the same IP or does it change? Would changing sv_max_queries_max do anything? On Aug 6, 2009, at 6:04 PM, Tony Paloma drunkenf...@hotmail.com wrote: Not with any currently available utilities. You can limit the number of queries allowed per second using an iptables rule, but it will also prevent regular players from seeing your server during an attack. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:57 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) So it's not possible to block this? ClanAO.com On Aug 6, 2009, at 5:34 PM, Tony Paloma drunkenf...@hotmail.com wrote: From earlier in the thread: It's A2S_INFO query spam on spoofed IP addresses -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:17 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Cam you give us more info on this? What type of attack is this? On Aug 6, 2009, at 4:56 PM, Tony Paloma drunkenf...@hotmail.com wrote: That plugin does nothing to prevent attack I (and others) have been experiencing nor does this have anything to do with running console commands before entering the game. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kyle Sanderson Sent: Thursday, August 06, 2009 2:12 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) I installed that new RconLock and my server is still going strong. If you don't want all the features that come with it, download the source like I did and strip it down. RconLock: https://forums.alliedmods.net/showthread.php?t=93934 The kid who was crashing my server a month ago / exploit: http://aluigi.freeforums.org/source-engine-seg-fault-crash-exploit-t993.html Kyle On Thu, Aug 6, 2009 at 8:32 AM, Tony Paloma drunkenf...@hotmail.com wrote: Ya attack has been ongoing for a couple hours now on my server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Thursday, August 06, 2009 8:00 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Oh fun, some of my servers are empty. Guess it was only a matter of time until some shitface figured it out. On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma drunkenf...@hotmail.com wrote: It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list
Re: [hlds] TF2 Crashes (Alec Sanger)
It's different IPs. Random IPs. Like I said, it's spoofed. Changing the max queries cvar will only change when source engine decides to stop giving replies but doesn't seem to help the lag. An iptables rule will prevent server lag but still have the same no-reply problem which prevents players from seeing your server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 4:22 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Is it the same IP or does it change? Would changing sv_max_queries_max do anything? On Aug 6, 2009, at 6:04 PM, Tony Paloma drunkenf...@hotmail.com wrote: Not with any currently available utilities. You can limit the number of queries allowed per second using an iptables rule, but it will also prevent regular players from seeing your server during an attack. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:57 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) So it's not possible to block this? ClanAO.com On Aug 6, 2009, at 5:34 PM, Tony Paloma drunkenf...@hotmail.com wrote: From earlier in the thread: It's A2S_INFO query spam on spoofed IP addresses -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Thursday, August 06, 2009 3:17 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Cam you give us more info on this? What type of attack is this? On Aug 6, 2009, at 4:56 PM, Tony Paloma drunkenf...@hotmail.com wrote: That plugin does nothing to prevent attack I (and others) have been experiencing nor does this have anything to do with running console commands before entering the game. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kyle Sanderson Sent: Thursday, August 06, 2009 2:12 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) I installed that new RconLock and my server is still going strong. If you don't want all the features that come with it, download the source like I did and strip it down. RconLock: https://forums.alliedmods.net/showthread.php?t=93934 The kid who was crashing my server a month ago / exploit: http://aluigi.freeforums.org/source-engine-seg-fault-crash-exploit-t993.html Kyle On Thu, Aug 6, 2009 at 8:32 AM, Tony Paloma drunkenf...@hotmail.com wrote: Ya attack has been ongoing for a couple hours now on my server. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Thursday, August 06, 2009 8:00 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Oh fun, some of my servers are empty. Guess it was only a matter of time until some shitface figured it out. On Wed, Aug 5, 2009 at 3:57 AM, Tony Paloma drunkenf...@hotmail.com wrote: It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list
Re: [hlds] TF2 Crashes (Alec Sanger)
This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
Have you done a traceroute/ping to your server to see if it's a network issue? Is your server running on a higher priority than other services on your machine? What else is running on the machine? It's possible another program is taking over the available resources on the server and causing this freezing lag, or you are having some type of network issue. You said it doesn't happen at the same time for everyone...so it may very well be a network issue. -- Cc2iscooL Head Admin/Owner http://www.cc2iscool.com On Wed, Aug 5, 2009 at 2:14 AM, Hutch hu...@halsplayground.com wrote: I too have had occasional crashes but rarely, mostly freezing lag... Attached is a net graph taken from in game showing a gap when it occurs. This issue has been with us since the last one or two updates and affects everyone on the server, but not always at the same time. Also it does not get felt on every server at the same time it seems. I had this same issue a while back when valve capped or altered the maxrate or whatever it was, like 5 updates back. Almost seems to me like they re-implemented it without saying so. I ran the server the other day with zero sourcemod, zero plugins, freshly downloaded server instances and still got it. I've tried different rates, etc, Tried with split rate, without, unlimited maxrate, limited, etc... All to no avail... Swapped our ram, had a 19hr down time to check all aspects of the server, reinstalled the OS (windows server2003 R2)... Running 32 man server, on and on and on... Server physically checks out fine and is better than the last server I was running a few weeks back. Swapped machines right when this last update came out. Next step, new chassis, new rack I suppose. The funny thing is though, I have heard of other servers getting this too so it always leads me back to thinking steam dinked with something. CPU usage is way low normally but does jumpo a bit when the lag occurs, so nothing strange there... Pagefile activity shows nothing unusual... I do not see any unusual processes popping up or such on the machine. Ram seems steady as well... Seems to happen more often as the server gets full... Any how... Attached is a link to a jpg for your viewing pleasure... Notice the Redish orange'ish bar at the very bottom... Sometimes it comes right before the lag.. WTF is that? Excuse the Choke 1, normally I run with 0 choke, steady as a rock... Was experimenting with different rates at the time. http://www.halsplayground.com/Lag1.jpgLAG PICT HERE !!! Hutch ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
Also counterstrike server runs just fine just TF2. I have to look at it more but I don't see any network problems at all. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Cc2iscooL Sent: Wednesday, August 05, 2009 2:24 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Have you done a traceroute/ping to your server to see if it's a network issue? Is your server running on a higher priority than other services on your machine? What else is running on the machine? It's possible another program is taking over the available resources on the server and causing this freezing lag, or you are having some type of network issue. You said it doesn't happen at the same time for everyone...so it may very well be a network issue. -- Cc2iscooL Head Admin/Owner http://www.cc2iscool.com On Wed, Aug 5, 2009 at 2:14 AM, Hutch hu...@halsplayground.com wrote: I too have had occasional crashes but rarely, mostly freezing lag... Attached is a net graph taken from in game showing a gap when it occurs. This issue has been with us since the last one or two updates and affects everyone on the server, but not always at the same time. Also it does not get felt on every server at the same time it seems. I had this same issue a while back when valve capped or altered the maxrate or whatever it was, like 5 updates back. Almost seems to me like they re-implemented it without saying so. I ran the server the other day with zero sourcemod, zero plugins, freshly downloaded server instances and still got it. I've tried different rates, etc, Tried with split rate, without, unlimited maxrate, limited, etc... All to no avail... Swapped our ram, had a 19hr down time to check all aspects of the server, reinstalled the OS (windows server2003 R2)... Running 32 man server, on and on and on... Server physically checks out fine and is better than the last server I was running a few weeks back. Swapped machines right when this last update came out. Next step, new chassis, new rack I suppose. The funny thing is though, I have heard of other servers getting this too so it always leads me back to thinking steam dinked with something. CPU usage is way low normally but does jumpo a bit when the lag occurs, so nothing strange there... Pagefile activity shows nothing unusual... I do not see any unusual processes popping up or such on the machine. Ram seems steady as well... Seems to happen more often as the server gets full... Any how... Attached is a link to a jpg for your viewing pleasure... Notice the Redish orange'ish bar at the very bottom... Sometimes it comes right before the lag.. WTF is that? Excuse the Choke 1, normally I run with 0 choke, steady as a rock... Was experimenting with different rates at the time. http://www.halsplayground.com/Lag1.jpgLAG PICT HERE !!! Hutch ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
Do you guys have the anti-DDoS plugin installed? There is a flood script out there that can do something similar to that which that plugin can help deter. -- Cc2iscooL Head Admin/Owner http://www.cc2iscool.com On Wed, Aug 5, 2009 at 2:23 AM, Kenny Loggins kenny.logg...@clanao.comwrote: This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
Yep the one from Drunk F00L also new players cannot connect just as described in the forums. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Cc2iscooL Sent: Wednesday, August 05, 2009 2:30 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Crashes (Alec Sanger) Do you guys have the anti-DDoS plugin installed? There is a flood script out there that can do something similar to that which that plugin can help deter. -- Cc2iscooL Head Admin/Owner http://www.cc2iscool.com On Wed, Aug 5, 2009 at 2:23 AM, Kenny Loggins kenny.logg...@clanao.comwrote: This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
Possible to block this Tony? I lost over 200 players -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Tony Paloma Sent: Wednesday, August 05, 2009 2:58 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
I just noticed this and my server went offline 03:09:51 L 08/05/2009 - 03:09:46: Cabbage Lord15STEAM_0:0:19631297 connected, address 71.190.181.66:27005 03:09:51 L 08/05/2009 - 03:09:46: [META] Loaded 0 plugins (2 already loaded) 03:09:51 L 08/05/2009 - 03:09:46: Cabbage Lord15STEAM_0:0:19631297 disconnected (reason Server shutting down) 03:09:51 L 08/05/2009 - 03:09:46: server_message: quit 03:09:51 L 08/05/2009 - 03:09:46: Log file closed 03:09:51 L 08/05/2009 - 03:09:46: server_message: restart -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Tony Paloma Sent: Wednesday, August 05, 2009 2:58 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
His profile http://steamcommunity.com/profiles/76561197999528322 -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 3:11 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) I just noticed this and my server went offline 03:09:51 L 08/05/2009 - 03:09:46: Cabbage Lord15STEAM_0:0:19631297 connected, address 71.190.181.66:27005 03:09:51 L 08/05/2009 - 03:09:46: [META] Loaded 0 plugins (2 already loaded) 03:09:51 L 08/05/2009 - 03:09:46: Cabbage Lord15STEAM_0:0:19631297 disconnected (reason Server shutting down) 03:09:51 L 08/05/2009 - 03:09:46: server_message: quit 03:09:51 L 08/05/2009 - 03:09:46: Log file closed 03:09:51 L 08/05/2009 - 03:09:46: server_message: restart -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Tony Paloma Sent: Wednesday, August 05, 2009 2:58 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) It is an attack. It's A2S_INFO query spam on spoofed IP addresses and it's happening to tons of servers. I think some community is trying to fill their servers by emptying out a ton of others. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Kenny Loggins Sent: Wednesday, August 05, 2009 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] TF2 Crashes (Alec Sanger) This is some attack for sure I have not had any issues myself but everything points to a person doing it server by server. The network traffic meter shows a slow steady drop in traffic. After looking in the logs I notice people talking about it a few other times today any remember noticing a server drop out and come back up quick (I didn't have time to look more into it) no problems at all before the exploit was pointed out today. Not saying that's bad I just hope they can be remedy this quick as I'm sure it's not going to stop with just our servers. I was on my forums at the time and didn't even notice this was going on no network issues at all. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2 Crashes (Alec Sanger)
Cc and drunkenf00l, no one else is allowed look Cc: Have you done a traceroute/ping to your server to see if it's a network issue? Yes, numerous times and see zero loss, but occasional an ever so slight raise in the ping. traceroute gets through just fine as well. Cc: Is your server running on a higher priority than other services on your machine? What else is running on the machine? It's possible another program is taking over the available resources on the server and causing this freezing lag, or you are having some type of network issue. Yes, the game servers are running abovenormal and at one point used to run them as high. I messed with assigning instances to different processors and then dropped it back to all processors. No, there is nothing else running software wise. The box is solely for game servers. Removed IIS and everything else I could. Windows defender, all... Cc: Do you guys have the anti-DDoS plugin installed? There is a flood script out there that can do something similar to that which that plugin can help deter. I am running to see if its an exploit the following plugins at the time: sm_rconlock 0.2.8 (Just added today and its still happening) sm_commandblocker_version 1.0 dosp_version 1.0.0.0 daf_version Version 3 of SourceOP.com DoS Attack Fix Plugin DFool: It is an attack. It's A2S_INFO query spam on spoofed IP addresses. Do any of the above mentioned plugins I am using protect against this particular exploit? If not can you add physics_select and A2S_INFO to the command blocker plugin? I did verify like Tony that the physics cmd crashes server in console, but in game I can not get it to do anything simply by spamming the cmd in console. As far as a network issue, I suppose my next step is have the box moved to a different rack maybe later on this evening. Perhaps that will help. But, so far, all appropriate traffic seems to be able to go to and from the box. Hell I used my linux box at the house and just left constant ping on for hours to see if I would get any loss and nothing, except again I would notice a very slight raise in the response. Normally it responds 12-15ms, and it would jump to maybe 18 to 21ms. Nothing severe, and again with no loss... Hutch ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
