Raised This Month: $319 Target: $400
 79%   Almost there!

[CS:GO/L4D2] DoS Protect [UPDATED 26.10.12]


Post New Thread Reply   
 
Thread Tools Display Modes
ph
AlliedModders Donor
Join Date: Mar 2006
Old 09-08-2013 , 05:47   Re: [CS:GO] DoS Protect [UPDATED 26.10.12]
Reply With Quote #41

Quote:
Originally Posted by Franc1sco View Post
Upload this and then upload this overwriting the qcache_mm.so file


btw, you are spanish? because you have a spanish name



Francisco,

Do you have a windows version?
__________________
ph is offline
irogue
Senior Member
Join Date: Jan 2011
Location: Australia
Old 09-16-2013 , 12:25   Re: [CS:GO] DoS Protect [UPDATED 26.10.12]
Reply With Quote #42

Quote:
Originally Posted by Zephyrus View Post
i could probably compile a version that would write them to one of the log files, it would only be an extra line, if its requested
Hey, can you compile a version (I am using l4d2 - windows) that logs to a file any attacks, because from what i understand the extension will only allow the command to show a list of attacks when entered manually and not save this to a log file of sorts?

thanks
irogue is offline
Kigen
BANNED
Join Date: Feb 2008
Old 10-02-2013 , 01:37   Re: [CS:GO/L4D2] DoS Protect [UPDATED 26.10.12]
Reply With Quote #43

I would highly recommend not using this until the logging of IPs is removed. This plugin is a vulnerable to DoSing the box via consuming all available memory on the box. The use of spoofed IPs sending empty packets would overwhelm the box's RAM. Thus resulting in the entire machine being unusable.
Kigen is offline
Peruanazo
New Member
Join Date: Oct 2013
Old 10-02-2013 , 03:52   Re: [CS:GO/L4D2] DoS Protect [UPDATED 26.10.12]
Reply With Quote #44

Hi, the antiddos Protection works in L4D2 Linux?
Peruanazo is offline
Zephyrus
Cool Pig B)
Join Date: Jun 2010
Location: Hungary
Old 10-02-2013 , 12:56   Re: [CS:GO/L4D2] DoS Protect [UPDATED 26.10.12]
Reply With Quote #45

Quote:
Originally Posted by Kigen View Post
I would highly recommend not using this until the logging of IPs is removed. This plugin is a vulnerable to DoSing the box via consuming all available memory on the box. The use of spoofed IPs sending empty packets would overwhelm the box's RAM. Thus resulting in the entire machine being unusable.
LOL. 1 IP record ~ 16 bytes. if you have enough ip to fill the ram with that its called DDOS anyway and not DOS, so your least problem will be the ram. and btw, 8gb ram can hold 536870912 IPs. omfg. having said that, if you send 1000 packets / second, it would take 149 hours to fill 8gb memory.
__________________
Taking private C++/PHP/SourcePawn requests, PM me.

Last edited by Zephyrus; 10-02-2013 at 13:01.
Zephyrus is offline
napalm00
Veteran Member
Join Date: Jun 2011
Location: Italy, sadly
Old 10-02-2013 , 17:05   Re: [CS:GO/L4D2] DoS Protect [UPDATED 26.10.12]
Reply With Quote #46

Quote:
Originally Posted by Kigen View Post
I would highly recommend not using this until the logging of IPs is removed. This plugin is a vulnerable to DoSing the box via consuming all available memory on the box. The use of spoofed IPs sending empty packets would overwhelm the box's RAM. Thus resulting in the entire machine being unusable.
Quote:
Originally Posted by Zephyrus View Post
LOL. 1 IP record ~ 16 bytes. if you have enough ip to fill the ram with that its called DDOS anyway and not DOS, so your least problem will be the ram. and btw, 8gb ram can hold 536870912 IPs. omfg. having said that, if you send 1000 packets / second, it would take 149 hours to fill 8gb memory.
Precisely this and also the SourceHook list used by this extension (and possibly most lists out there, if not all) calls malloc() which in turn asks the OS wether it should use the RAM or virtual memory, so you'll never really end up overflowing the RAM by using lists to cache IPs from a DoS attack.
__________________
napalm00 is offline
Kigen
BANNED
Join Date: Feb 2008
Old 10-02-2013 , 22:49   Re: [CS:GO/L4D2] DoS Protect [UPDATED 26.10.12]
Reply With Quote #47

Lets say an attacker only has one machine and must hide it. So he decides to only use 10Mbps. The attack packet is 42 bytes. 10Megabits is 1310720 bytes. Divide that by 42 and you get approx. 31207 packets per second. Then we will look at the server. Most will be using shared hosting. This means that only a few hundred megabytes of memory will be available to the server. Lets say you are right that the IP record only takes 16 bytes (btw, look up struct padding). So lets say the server has 500MB extra aside from base SRCDS use (which is around 200-300MB). 500MB is 524288000 bytes. That means 32768000 IP records can be stored. That means that the server would only last 1050 seconds before it consumes all that available memory. Then lets say another server on the box crashes/restarts (because this is a shared host). Then server would then start to allocate into that space the other server was using. However, the other server would no longer be able to malloc() SRCDS's needed space. Then angry customer complains to the host provider. The host provider then sees that your SRCDS server is consuming an abnormal amount of RAM and then tries to restart it. But your server would fast consume the available memory. They would suspend your service.

All this because of a poorly coded plugin you were using.

I seriously hope you guys are joking about not caring about the list growing infinitely. You don't even at least have pruning to keep the list under a certain size so that when someone runs the command they don't see over 1000 lines of IPs. Seriously, its pointless to be keeping a record of attacking IPs anyway since they will most likely be spoofed.

I've seen attacker keep up a sustained spoofed IP attack at 100Mbps for over 2 months. That caused me to have to make my own anti-DoS plugin that covers all types of attacks against an SRCDS.

Last edited by Kigen; 10-02-2013 at 22:50.
Kigen is offline
Zephyrus
Cool Pig B)
Join Date: Jun 2010
Location: Hungary
Old 10-03-2013 , 00:41   Re: [CS:GO/L4D2] DoS Protect [UPDATED 26.10.12]
Reply With Quote #48

Quote:
Originally Posted by Kigen View Post
Lets say an attacker only has one machine and must hide it. So he decides to only use 10Mbps. The attack packet is 42 bytes. 10Megabits is 1310720 bytes. Divide that by 42 and you get approx. 31207 packets per second. Then we will look at the server. Most will be using shared hosting. This means that only a few hundred megabytes of memory will be available to the server. Lets say you are right that the IP record only takes 16 bytes (btw, look up struct padding). So lets say the server has 500MB extra aside from base SRCDS use (which is around 200-300MB). 500MB is 524288000 bytes. That means 32768000 IP records can be stored. That means that the server would only last 1050 seconds before it consumes all that available memory. Then lets say another server on the box crashes/restarts (because this is a shared host). Then server would then start to allocate into that space the other server was using. However, the other server would no longer be able to malloc() SRCDS's needed space. Then angry customer complains to the host provider. The host provider then sees that your SRCDS server is consuming an abnormal amount of RAM and then tries to restart it. But your server would fast consume the available memory. They would suspend your service.

All this because of a poorly coded plugin you were using.

I seriously hope you guys are joking about not caring about the list growing infinitely. You don't even at least have pruning to keep the list under a certain size so that when someone runs the command they don't see over 1000 lines of IPs. Seriously, its pointless to be keeping a record of attacking IPs anyway since they will most likely be spoofed.

I've seen attacker keep up a sustained spoofed IP attack at 100Mbps for over 2 months. That caused me to have to make my own anti-DoS plugin that covers all types of attacks against an SRCDS.
1. 16 bytes is the alignment size that x86 uses too, maybe you should look it up instead
2. any sane hosting would set up iptables rules in the first place, so if this extension causes a machine crash the customers do have a valid reason to complain, as they shouldnt even have to use it in the first place if they would have chosen a decent provider
3. by telling ppl not to use this, you basically tell them to eat 100% CPU in case of an attack instead of just having a server that crashs after running out of its memory (if someone even use spoofed ips to do such... i havent met anyone doing so)
4. instead of telling ppl not to use this, you could have just as well provided the 2 lines to add to the code, to clear up the sourcehook list once it has 1000 ips in it
5. feel free to share your great anti-dos plugin if this is poorly written...
6. most ppl dont get attacked by someone who has enough knowledge to spoof UDP headers
7. blame shitty internet providers without ingress/egress filtering, any ISP/Datacenter without such is poorly designed, so this plugin is the least of your problems
8. "That caused me to have to make my own anti-DoS plugin that covers all types of attacks against an SRCDS." -> as you havent made anything like that publicly available i assume you made it for your own server and i have to tell you how useless it was instead of just using 2-3 iptables rules, BUT ITS PROBABLY PROPERLY WRITTEN, so you have that at least, but dont judge yourself pls for not being able to use iptables that being sad any plugin against srcds dos is poorly designed because you should be using iptables instead
__________________
Taking private C++/PHP/SourcePawn requests, PM me.

Last edited by Zephyrus; 10-03-2013 at 00:47.
Zephyrus is offline
Kigen
BANNED
Join Date: Feb 2008
Old 10-03-2013 , 01:00   Re: [CS:GO/L4D2] DoS Protect [UPDATED 26.10.12]
Reply With Quote #49

It doesn't take a genius to spoof IPs. Often someone will create a "service" and then sell it. Someone gets paid basically to DoS your box.

But I do think your taking this as a personal attack when I'm trying to point out an obvious flaw. I seriously do not understand the point of keeping the attacking IP list in the first place. Also, since you coded it I would have thought that you would have simply fixed it. My first post was an advisory that there was a major problem.

I currently have intentions of releasing KAD in the future. I'm rewriting it however because it was initially written during the that two month attack I mentioned earlier and was written only for Windows. Some of the highest attacks I've seen against it are appox 500Mbps of a mix of A2S_INFO and A2S_CHALLENGE attacks.

I really don't understand why your trying to justify keeping a list of attacking IPs. Because if I was to "contribute" all I would do is strip it out.
Kigen is offline
Chesterfield
Senior Member
Join Date: Apr 2013
Old 11-05-2013 , 12:31   Re: [CS:GO/L4D2] DoS Protect [UPDATED 26.10.12]
Reply With Quote #50

Hello guys, i have a few questions.

Is this actually working? my server has been attacked and i've found this protection to block those attacks, will this help me?
Chesterfield is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 01:15.


Powered by vBulletin®
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Theme made by Freecode