Re: [hlds_linux] CSS Server flooding or attack?

[Harry Strongburg]

On Fri, Jan 28, 2011 at 04:27:21PM +1030, PryMaL wrote:
> They've got soemthing in the region of 300 megabit at their disposal...
> not too many single sources (outside data centers) have that kind of
> bandwidth.
> So my guess still lies at DDoS
> Todays update seems to have helped a bit.

Are you implying that it's hard or expensive to get a 300Mbit+ box? Any 
skid could easily get that for less than 40 Euro. I doubt someone would 
use a botnet for attacking a server with the bug, instead of doing 
trivial UDP spoofing on a single box. :)

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] CSS Server flooding or attack?

[PryMaL]

On 28/01/2011 10:48 PM, Harry Strongburg wrote:

Are you implying that it's hard or expensive to get a 300Mbit+ box? Any
skid could easily get that for less than 40 Euro. I doubt someone would
use a botnet for attacking a server with the bug, instead of doing
trivial UDP spoofing on a single box.:)
anything more than a 100mb connection is difficult to obtain let alone 
expensive in Australia.
I guess I'm still in the mindset of "bandwidth costs $$" thanks to our 
major infrastructure failings.


--
PryMaL

Email: pry...@geekout.info
Twitter: prymal81


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

[frostschutz]

On Thu, Jan 27, 2011 at 06:53:08PM -0500, clad iron wrote:
> Would there be a way for the engine to identify
> exactly where it's coming from and drop the connection ?

It's UDP, there are no connections and you can't stop others 
from sending packets to you. So the best you can do is drop 
without spending any unnecessary CPU time.

The protocol unfortunately is DDoS by design - if a game has 
a ton of players and in one second 100 people around the 
world refresh their server list at the same time, your server 
has 100 queries to reply to 100 different IPs... per second.
So all you can do is make those queries faster.

Usually games just don't have enough players for this to be 
a problem, but Valve is a monster in that regard.

The protocol could be designed differently to make it easier 
to drop / delay unwanted packets, but protocol redesign is 
not something you do on a regular basis for gameservers. ;)

Regards
frostschutz

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] CSS Server flooding or attack?

[frostschutz]

On Fri, Jan 28, 2011 at 11:01:56PM +1030, PryMaL wrote:
> anything more than a 100mb connection is difficult to obtain let alone 
> expensive in Australia.

It's less than 100 euro per month in ... Europe.

However that doesn't mean you can use it for attacks. You can try but 
it will be a rather short lived fun. Your server will be shut down 
with the first abuse report or even before that.

It's easier to write a small Windows program and upload it somewhere, 
you wouldn't believe the number of idiots who download and execute 
.exe files that do funny things... put it on 4chan with an unrelated 
image next to it and you have a botnet with a million clients.

Bandwidth: unlimited
Price: free

That's unfortunately pretty much how it works...

Regards
frostschutz

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] CSS Server flooding or attack?

[Simon Gunton]

You will find that it will be ordered through some kiddy host offering 
gig ports and then paid for with a bent credit card will use if for a 
week till it gets yanked and by which time they are long gone.


Also if they have spoofed the IP then unlieky anyone can submit an abuse 
report about it to the right people .


Simon
Simon Gunton
Support Analyst
INX-Gaming.com
Phone: 01733 687699
EMail: si...@inx-gaming.co.uk 

Support: http://support.inx-network.com 
This e-mail and any attachments are confidential. If you are not the 
intended recipient, please contact the sender. Please then delete the 
email and do not disclose the contents to anyone.


Any views or opinions presented in this email or its attachments are 
solely those of the author and do not necessarily represent those of 
INX-Network Limited


On 28/01/2011 12:53, frostschutz wrote:

On Fri, Jan 28, 2011 at 11:01:56PM +1030, PryMaL wrote:

anything more than a 100mb connection is difficult to obtain let alone
expensive in Australia.

It's less than 100 euro per month in ... Europe.

However that doesn't mean you can use it for attacks. You can try but
it will be a rather short lived fun. Your server will be shut down
with the first abuse report or even before that.

It's easier to write a small Windows program and upload it somewhere,
you wouldn't believe the number of idiots who download and execute
.exe files that do funny things... put it on 4chan with an unrelated
image next to it and you have a botnet with a million clients.

Bandwidth: unlimited
Price: free

That's unfortunately pretty much how it works...

Regards
frostschutz

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

[Marco Padovan]

TCP for example...

Il 28/01/2011 13:45, frostschutz ha scritto:

On Thu, Jan 27, 2011 at 06:53:08PM -0500, clad iron wrote:

Would there be a way for the engine to identify
exactly where it's coming from and drop the connection ?

It's UDP, there are no connections and you can't stop others
from sending packets to you. So the best you can do is drop
without spending any unnecessary CPU time.

The protocol unfortunately is DDoS by design - if a game has
a ton of players and in one second 100 people around the
world refresh their server list at the same time, your server
has 100 queries to reply to 100 different IPs... per second.
So all you can do is make those queries faster.

Usually games just don't have enough players for this to be
a problem, but Valve is a monster in that regard.

The protocol could be designed differently to make it easier
to drop / delay unwanted packets, but protocol redesign is
not something you do on a regular basis for gameservers. ;)

Regards
frostschutz

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] CSS Server flooding or attack?

[Marco Padovan]

there are big attacks (gbit?) dos coming from gameservers hosters too...

People exploiting Q3 based games and hoster letting them abuse their 
hosted services... ( 
http://www.lemuria.org/security/application-drdos.html )


Unfortunatly it's not just kids with gbit ports :(

Il 28/01/2011 14:04, Simon Gunton ha scritto:
You will find that it will be ordered through some kiddy host offering 
gig ports and then paid for with a bent credit card will use if for a 
week till it gets yanked and by which time they are long gone.


Also if they have spoofed the IP then unlieky anyone can submit an 
abuse report about it to the right people .


Simon
Simon Gunton
Support Analyst
INX-Gaming.com
Phone: 01733 687699
EMail: si...@inx-gaming.co.uk 

Support: http://support.inx-network.com 
This e-mail and any attachments are confidential. If you are not the 
intended recipient, please contact the sender. Please then delete the 
email and do not disclose the contents to anyone.


Any views or opinions presented in this email or its attachments are 
solely those of the author and do not necessarily represent those of 
INX-Network Limited


On 28/01/2011 12:53, frostschutz wrote:

On Fri, Jan 28, 2011 at 11:01:56PM +1030, PryMaL wrote:

anything more than a 100mb connection is difficult to obtain let alone
expensive in Australia.

It's less than 100 euro per month in ... Europe.

However that doesn't mean you can use it for attacks. You can try but
it will be a rather short lived fun. Your server will be shut down
with the first abuse report or even before that.

It's easier to write a small Windows program and upload it somewhere,
you wouldn't believe the number of idiots who download and execute
.exe files that do funny things... put it on 4chan with an unrelated
image next to it and you have a botnet with a million clients.

Bandwidth: unlimited
Price: free

That's unfortunately pretty much how it works...

Regards
frostschutz

___
To unsubscribe, edit your list preferences, or view the list 
archives, please visit:

http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives, 
please visit:

http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Linux How-to

[stalker]

Florian, thanks, that is exactly what I needed to know.
I put sank_sounds into my
addons/amxmodx/configs/plugins.ini
restarted the server and now I have sank_sounds loading.
My only problem now is the beginning of the sounds are chopped off when
someone types in a keyword like doh, the sound comes out ...oh loosing 
the d,
many sounds do this but some don't  I guess the ones that play ok have 
leading
dead sound (which is also being lost but since it's empty sound you 
don't miss it).




On 1/24/2011 12:53 PM, Florian Zschocke wrote:

sank_sounds is a AMXX plugin, not a Metamod plugin. Do not load it in
Metamod but in AMXX.

On Wed, Jan 19, 2011 at 4:59 PM, stalker  wrote:

I am trying to get sank_sounds to work but it fails to load, complain of
invalid ELF header.

I put a snd-list.cfg into/addons/amxmodx/configs folder
I placed the sank_sounds.amxx file into the AmxModX plugins folder.
I edited the metamod/plugins.ini

meta list
Currently loaded plugins:
  description  stat pend  file  vers  src   load
  unlod
  [ 1] Playername   RUN   -playername_mm_i6  v2.81 ini   Chlvl
Pause
  [ 2] AMX Mod XRUN   -amxmodx_mm_i386.  v1.8.1.3  ini   Start
ANY
  [ 3] Spawn&  Chat Pr  RUN   -sc-prot_mm_i686.  v2.01 ini   ANY
ANY
  [ 4] Stripper2RUN   -stripper2_mm_i38  v1.00.00  ini   ANY
Pause
  [ 5]
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux




___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

[Saul Rennison]

I thought that TCP would solve the issue for queries and stuff like
that but in practice TCP is just as prone to DDoS as UDP -.-

On Friday, 28 January 2011, Marco Padovan  wrote:
> TCP for example...
>
> Il 28/01/2011 13:45, frostschutz ha scritto:
>
> On Thu, Jan 27, 2011 at 06:53:08PM -0500, clad iron wrote:
>
> Would there be a way for the engine to identify
> exactly where it's coming from and drop the connection ?
>
> It's UDP, there are no connections and you can't stop others
> from sending packets to you. So the best you can do is drop
> without spending any unnecessary CPU time.
>
> The protocol unfortunately is DDoS by design - if a game has
> a ton of players and in one second 100 people around the
> world refresh their server list at the same time, your server
> has 100 queries to reply to 100 different IPs... per second.
> So all you can do is make those queries faster.
>
> Usually games just don't have enough players for this to be
> a problem, but Valve is a monster in that regard.
>
> The protocol could be designed differently to make it easier
> to drop / delay unwanted packets, but protocol redesign is
> not something you do on a regular basis for gameservers. ;)
>
> Regards
> frostschutz
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>

-- 

Thanks,
 - Saul.

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

[Emil Larsson]

Since it requires a handshake, TCP is impossible to spoof (unlike UDP). It
would make it a bit easier to block IP's since a handshake will fail if a
spoofed IP is used. Of course, most DOS bugs in SRCDS are from bugs and lack
of packet caching/priority.

However it also have higher overhead, which is why you rarely see
gameservers using it as a protocol.

On Fri, Jan 28, 2011 at 3:05 PM, Saul Rennison wrote:

> I thought that TCP would solve the issue for queries and stuff like
> that but in practice TCP is just as prone to DDoS as UDP -.-
>
> On Friday, 28 January 2011, Marco Padovan 
> wrote:
> > TCP for example...
> >
> > Il 28/01/2011 13:45, frostschutz ha scritto:
> >
> > On Thu, Jan 27, 2011 at 06:53:08PM -0500, clad iron wrote:
> >
> > Would there be a way for the engine to identify
> > exactly where it's coming from and drop the connection ?
> >
> > It's UDP, there are no connections and you can't stop others
> > from sending packets to you. So the best you can do is drop
> > without spending any unnecessary CPU time.
> >
> > The protocol unfortunately is DDoS by design - if a game has
> > a ton of players and in one second 100 people around the
> > world refresh their server list at the same time, your server
> > has 100 queries to reply to 100 different IPs... per second.
> > So all you can do is make those queries faster.
> >
> > Usually games just don't have enough players for this to be
> > a problem, but Valve is a monster in that regard.
> >
> > The protocol could be designed differently to make it easier
> > to drop / delay unwanted packets, but protocol redesign is
> > not something you do on a regular basis for gameservers. ;)
> >
> > Regards
> > frostschutz
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
> --
>
> Thanks,
>  - Saul.
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

[Saint K .]

http://www.networksorcery.com/enp/protocol/ip/option009.htm

From: hlds_linux-boun...@list.valvesoftware.com 
[hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Emil Larsson 
[ail...@gmail.com]
Sent: 28 January 2011 15:20
To: Half-Life dedicated Linux server mailing list
Subject: Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server  
update?

Since it requires a handshake, TCP is impossible to spoof (unlike UDP). It
would make it a bit easier to block IP's since a handshake will fail if a
spoofed IP is used. Of course, most DOS bugs in SRCDS are from bugs and lack
of packet caching/priority.

However it also have higher overhead, which is why you rarely see
gameservers using it as a protocol.

On Fri, Jan 28, 2011 at 3:05 PM, Saul Rennison wrote:

> I thought that TCP would solve the issue for queries and stuff like
> that but in practice TCP is just as prone to DDoS as UDP -.-
>
> On Friday, 28 January 2011, Marco Padovan 
> wrote:
> > TCP for example...
> >
> > Il 28/01/2011 13:45, frostschutz ha scritto:
> >
> > On Thu, Jan 27, 2011 at 06:53:08PM -0500, clad iron wrote:
> >
> > Would there be a way for the engine to identify
> > exactly where it's coming from and drop the connection ?
> >
> > It's UDP, there are no connections and you can't stop others
> > from sending packets to you. So the best you can do is drop
> > without spending any unnecessary CPU time.
> >
> > The protocol unfortunately is DDoS by design - if a game has
> > a ton of players and in one second 100 people around the
> > world refresh their server list at the same time, your server
> > has 100 queries to reply to 100 different IPs... per second.
> > So all you can do is make those queries faster.
> >
> > Usually games just don't have enough players for this to be
> > a problem, but Valve is a monster in that regard.
> >
> > The protocol could be designed differently to make it easier
> > to drop / delay unwanted packets, but protocol redesign is
> > not something you do on a regular basis for gameservers. ;)
> >
> > Regards
> > frostschutz
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
> --
>
> Thanks,
>  - Saul.
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

[Frederic Fortier]

 Yes, a gameserver on TCP is really a bad idea because the handshake 
creates a very high overhead. I'm pretty sure you can test it out by 
yourself by adding -tcp to your client's startup line, and see if you 
enjoy playing with a choke of about 60. Which is why UDP is used 
instead: while it's easier to spoof the IP and DDOS without risking to 
be IP blocked, it's still better than not being to play the game at all.


Le 2011-01-28 09:20, Emil Larsson a écrit :

Since it requires a handshake, TCP is impossible to spoof (unlike UDP). It
would make it a bit easier to block IP's since a handshake will fail if a
spoofed IP is used. Of course, most DOS bugs in SRCDS are from bugs and lack
of packet caching/priority.

However it also have higher overhead, which is why you rarely see
gameservers using it as a protocol.

On Fri, Jan 28, 2011 at 3:05 PM, Saul Rennisonwrote:


I thought that TCP would solve the issue for queries and stuff like
that but in practice TCP is just as prone to DDoS as UDP -.-

On Friday, 28 January 2011, Marco Padovan
wrote:

TCP for example...

Il 28/01/2011 13:45, frostschutz ha scritto:

On Thu, Jan 27, 2011 at 06:53:08PM -0500, clad iron wrote:

Would there be a way for the engine to identify
exactly where it's coming from and drop the connection ?

It's UDP, there are no connections and you can't stop others
from sending packets to you. So the best you can do is drop
without spending any unnecessary CPU time.

The protocol unfortunately is DDoS by design - if a game has
a ton of players and in one second 100 people around the
world refresh their server list at the same time, your server
has 100 queries to reply to 100 different IPs... per second.
So all you can do is make those queries faster.

Usually games just don't have enough players for this to be
a problem, but Valve is a monster in that regard.

The protocol could be designed differently to make it easier
to drop / delay unwanted packets, but protocol redesign is
not something you do on a regular basis for gameservers. ;)

Regards
frostschutz

___
To unsubscribe, edit your list preferences, or view the list archives,

please visit:

http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives,

please visit:

http://list.valvesoftware.com/mailman/listinfo/hlds_linux


--

Thanks,
  - Saul.

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux




___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Source Dedicated Server Update Available

[Silent]

Hi,

did you disable A2S_PING at all?

I don't get any reply for that.

A2S_INFO does work as specified in
http://developer.valvesoftware.com/wiki/Server_queries

Other commands do work as expected too.

Thanks,

Silent_Water



Am 28.01.2011 00:34, schrieb Jason Ruymen:
> An optional update is now available for dedicated servers that run Team 
> Fortress 2, Counter-Strike: Source, Day of Defeat: Source or Half-Life 2: 
> Deathmatch.  The specific changes include:
>
> - Improved engine handling of server queries
>
> Jason
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

[Saul Rennison]

Please, read what I initially said.

"TCP would solve the issue for queries"

What's the issue with moving the query system from UDP 27015 to TCP 27016?
:/ However, TCP is also prone to DDoS via SYN floods:

"SYN flood  sends a flood of TCP/SYN
packets, often with a forged sender address. Each of these packets is
handled like a connection request, causing the server to spawn a half-open
connection , by sending
back a TCP/SYN-ACK packet, and waiting for a packet in response from the
sender address. However, because the sender address is forged, the response
never comes. These half-open connections saturate the number of available
connections the server is able to make, keeping it from responding to
legitimate requests until after the attack ends."

(see: http://en.wikipedia.org/wiki/SYN_flood)

Basically, ANY transport-layer protocol can be DDoS'd and brought down with
enough bandwidth-- it's the nature of the internet.

Thanks,
 - Saul.


On 28 January 2011 15:12, Frederic Fortier  wrote:

>
>  Yes, a gameserver on TCP is really a bad idea because the handshake
> creates a very high overhead. I'm pretty sure you can test it out by
> yourself by adding -tcp to your client's startup line, and see if you enjoy
> playing with a choke of about 60. Which is why UDP is used instead: while
> it's easier to spoof the IP and DDOS without risking to be IP blocked, it's
> still better than not being to play the game at all.
>
> Le 2011-01-28 09:20, Emil Larsson a écrit :
>
>  Since it requires a handshake, TCP is impossible to spoof (unlike UDP). It
>> would make it a bit easier to block IP's since a handshake will fail if a
>> spoofed IP is used. Of course, most DOS bugs in SRCDS are from bugs and
>> lack
>> of packet caching/priority.
>>
>> However it also have higher overhead, which is why you rarely see
>> gameservers using it as a protocol.
>>
>> On Fri, Jan 28, 2011 at 3:05 PM, Saul Rennison> >wrote:
>>
>>  I thought that TCP would solve the issue for queries and stuff like
>>> that but in practice TCP is just as prone to DDoS as UDP -.-
>>>
>>> On Friday, 28 January 2011, Marco Padovan
>>> wrote:
>>>
 TCP for example...

 Il 28/01/2011 13:45, frostschutz ha scritto:

 On Thu, Jan 27, 2011 at 06:53:08PM -0500, clad iron wrote:

 Would there be a way for the engine to identify
 exactly where it's coming from and drop the connection ?

 It's UDP, there are no connections and you can't stop others
 from sending packets to you. So the best you can do is drop
 without spending any unnecessary CPU time.

 The protocol unfortunately is DDoS by design - if a game has
 a ton of players and in one second 100 people around the
 world refresh their server list at the same time, your server
 has 100 queries to reply to 100 different IPs... per second.
 So all you can do is make those queries faster.

 Usually games just don't have enough players for this to be
 a problem, but Valve is a monster in that regard.

 The protocol could be designed differently to make it easier
 to drop / delay unwanted packets, but protocol redesign is
 not something you do on a regular basis for gameservers. ;)

 Regards
 frostschutz

 ___
 To unsubscribe, edit your list preferences, or view the list archives,

>>> please visit:
>>>
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux

 ___
 To unsubscribe, edit your list preferences, or view the list archives,

>>> please visit:
>>>
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux

  --
>>>
>>> Thanks,
>>>  - Saul.
>>>
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>  ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>>
>>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Source Dedicated Server Update Available

[Saul Rennison]

It wouldn't surprise me if they did, you can calculate ping from any packet
to Source servers.

Thanks,
 - Saul.


On 28 January 2011 15:19, Silent  wrote:

> Hi,
>
> did you disable A2S_PING at all?
>
> I don't get any reply for that.
>
> A2S_INFO does work as specified in
> http://developer.valvesoftware.com/wiki/Server_queries
>
> Other commands do work as expected too.
>
> Thanks,
>
> Silent_Water
>
>
>
> Am 28.01.2011 00:34, schrieb Jason Ruymen:
> > An optional update is now available for dedicated servers that run Team
> Fortress 2, Counter-Strike: Source, Day of Defeat: Source or Half-Life 2:
> Deathmatch.  The specific changes include:
> >
> > - Improved engine handling of server queries
> >
> > Jason
> >
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] sv_autojointeam dont work on dods

[Kigen]

I cannot find the plugin you say causes people to be kicked with KAC.
Do you have a direct link?

On Sat, Jan 22, 2011 at 6:38 AM, Svensk Ljud & Ljus Produktion
 wrote:
> Hi
>
> Ive been searching for a way to restrikt teamjoin to autojoin on dods
> servers.
>
> sv_autojointeam 1 dont work - "Unknown command" is the respond.
>
> I did find a plugin on http://www.dodsourceplugins.net/ teamrandomonly but
> KAC kicks all then this plugin is present so it didnt work (tried to raise
> max-commands/sec in KAC)
>
> Does anyone know a way ?
>
> Thanks in advance !
>
> Peter
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

[John]

SYN floods are a very well-understood attack and SYN cookies provide a 
good defense against them.


One nice thing about TCP connections is that the handshake is done at 
the level of the OS, not the application -- so it can take advantage of 
other resources while the game server continues to chug along 
independently, and there's more opportunity for tweaking.


-John

On 1/28/2011 7:28 AM, Saul Rennison wrote:

Please, read what I initially said.

"TCP would solve the issue for queries"

What's the issue with moving the query system from UDP 27015 to TCP 27016?
:/ However, TCP is also prone to DDoS via SYN floods:

"SYN flood  sends a flood of TCP/SYN
packets, often with a forged sender address. Each of these packets is
handled like a connection request, causing the server to spawn a half-open
connection, by sending
back a TCP/SYN-ACK packet, and waiting for a packet in response from the
sender address. However, because the sender address is forged, the response
never comes. These half-open connections saturate the number of available
connections the server is able to make, keeping it from responding to
legitimate requests until after the attack ends."

(see: http://en.wikipedia.org/wiki/SYN_flood)

Basically, ANY transport-layer protocol can be DDoS'd and brought down with
enough bandwidth-- it's the nature of the internet.

Thanks,
  - Saul.


On 28 January 2011 15:12, Frederic Fortier  wrote:


  Yes, a gameserver on TCP is really a bad idea because the handshake
creates a very high overhead. I'm pretty sure you can test it out by
yourself by adding -tcp to your client's startup line, and see if you enjoy
playing with a choke of about 60. Which is why UDP is used instead: while
it's easier to spoof the IP and DDOS without risking to be IP blocked, it's
still better than not being to play the game at all.

Le 2011-01-28 09:20, Emil Larsson a écrit :

  Since it requires a handshake, TCP is impossible to spoof (unlike UDP). It

would make it a bit easier to block IP's since a handshake will fail if a
spoofed IP is used. Of course, most DOS bugs in SRCDS are from bugs and
lack
of packet caching/priority.

However it also have higher overhead, which is why you rarely see
gameservers using it as a protocol.

On Fri, Jan 28, 2011 at 3:05 PM, Saul Rennison
wrote:

  I thought that TCP would solve the issue for queries and stuff like

that but in practice TCP is just as prone to DDoS as UDP -.-

On Friday, 28 January 2011, Marco Padovan
wrote:


TCP for example...

Il 28/01/2011 13:45, frostschutz ha scritto:

On Thu, Jan 27, 2011 at 06:53:08PM -0500, clad iron wrote:

Would there be a way for the engine to identify
exactly where it's coming from and drop the connection ?

It's UDP, there are no connections and you can't stop others
from sending packets to you. So the best you can do is drop
without spending any unnecessary CPU time.

The protocol unfortunately is DDoS by design - if a game has
a ton of players and in one second 100 people around the
world refresh their server list at the same time, your server
has 100 queries to reply to 100 different IPs... per second.
So all you can do is make those queries faster.

Usually games just don't have enough players for this to be
a problem, but Valve is a monster in that regard.

The protocol could be designed differently to make it easier
to drop / delay unwanted packets, but protocol redesign is
not something you do on a regular basis for gameservers. ;)

Regards
frostschutz

___
To unsubscribe, edit your list preferences, or view the list archives,


please visit:


http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives,


please visit:


http://list.valvesoftware.com/mailman/listinfo/hlds_linux

  --

Thanks,
  - Saul.

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

  ___

To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux




___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux



___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

[Gary Stanley]

At 09:20 AM 1/28/2011, Emil Larsson wrote:

Since it requires a handshake, TCP is impossible to spoof (unlike UDP). It
would make it a bit easier to block IP's since a handshake will fail if a
spoofed IP is used. Of course, most DOS bugs in SRCDS are from bugs and lack
of packet caching/priority.


Errr.. You can spoof  most of IP, just not the handshakes. That's why 
synfloods multilate servers, because of their sheer PPS. Most ISP's 
don't use BCP38, so it's easier for source-routed IPs to leave their 
network. Bottom line is you cannot protect yourself against DDOS. 
Only thing you can do is hope you have more transit than the attackers.











___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

[Gary Stanley]

At 09:20 AM 1/28/2011, Emil Larsson wrote:

Since it requires a handshake, TCP is impossible to spoof (unlike UDP). It
would make it a bit easier to block IP's since a handshake will fail if a
spoofed IP is used. Of course, most DOS bugs in SRCDS are from bugs and lack
of packet caching/priority.


Errr.. You can spoof  most of IP, just not the handshakes. That's why 
synfloods multilate servers, because of their sheer PPS. Most ISP's 
don't use BCP38, so it's easier for source-routed IPs to leave their 
network. Bottom line is you cannot protect yourself against DDOS. 
Only thing you can do is hope you have more transit than the attackers.











___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] sv_autojointeam dont work on dods

[Don P]

Try here post 20  its the only thing I can find that he could be talking
about.
https://forums.alliedmods.net/showthread.php?t=78070&page=2

On Fri, Jan 28, 2011 at 10:21 AM, Kigen  wrote:

> I cannot find the plugin you say causes people to be kicked with KAC.
> Do you have a direct link?
>
> On Sat, Jan 22, 2011 at 6:38 AM, Svensk Ljud & Ljus Produktion
>  wrote:
> > Hi
> >
> > Ive been searching for a way to restrikt teamjoin to autojoin on dods
> > servers.
> >
> > sv_autojointeam 1 dont work - "Unknown command" is the respond.
> >
> > I did find a plugin on http://www.dodsourceplugins.net/ teamrandomonly
> but
> > KAC kicks all then this plugin is present so it didnt work (tried to
> raise
> > max-commands/sec in KAC)
> >
> > Does anyone know a way ?
> >
> > Thanks in advance !
> >
> > Peter
> >
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Is today's TF2/DODS/CSS update a required server update?

[John]

On 1/28/2011 2:07 PM, Gary Stanley wrote:
Bottom line is you cannot protect yourself against DDOS. Only thing 
you can do is hope you have more transit than the attackers. 


That's partially true. With DDoS attacks that exceed your transit 
capacity, the link size does come into play. However, many DDoS attacks 
do not, and can still be effective in bringing down targets. The 
distributed UDP query DDoS attacks that many have seen lately are a good 
example of this, in that the application stops responding properly long 
before the line's capacity is exceeded. Similarly, SYN floods can be 
very small and still lead to resource exhaustion, as the OS on the 
target machine expends CPU cycles and dedicates memory to responding to 
each request.


With a DDoS attack that is less than the speed of transit links, 
filtering and other techniques often work well. For instance, simple 
iptables rules (as many have seen) can cut limit attacks based on 
per-source or per-destination rate, packet length, strings inside the 
packet, and so on. Similarly, SYN cookies work extremely well at 
countering SYN floods because they take memory out of the equation, 
allowing most modern machines to handle very large attacks (right up to 
near line rate). There's a solid market niche based around (expensive) 
DDoS-mitigation appliances that attempt to automatically detect inbound 
attacks and filter them, making the process relatively hands-off; these 
work best for tracked TCP traffic.


The real reason that game servers should switch to TCP queries is that 
doing so would cut down on *reflection* attacks. Having a simple spoofed 
UDP query packet that can result in a response that is several times as 
large makes it very easy to harness remote game servers in very large 
attacks -- without requiring a network of compromised machines, and 
without revealing the true source of the attack. This scenario has 
become quite common lately


-John

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

[hlds_linux] Query problem after update

[David Parker]

Hello,

I updated my TF2 server with the optional update, and now it does not respond 
to A2A_PING queries at all.  It's running, and it responds to A2S_INFO just 
fine.  Is this the "fix" for the flood attacks?

Thanks,
Dave
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Query problem after update

[Kyle Sanderson]

It's a very poor fix, I'm having connection issues to servers on my
client. I'm also finding I'm unable to reject client connections
properly now.

On Fri, Jan 28, 2011 at 6:10 PM, David Parker  wrote:
> Hello,
>
> I updated my TF2 server with the optional update, and now it does not respond 
> to A2A_PING queries at all.  It's running, and it responds to A2S_INFO just 
> fine.  Is this the "fix" for the flood attacks?
>
>    Thanks,
>    Dave
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux