Raised This Month: $12 Target: $400
 3% 

[EXTENSION] Query Cache 1.7 (Updated!)


Post New Thread Reply   
 
Thread Tools Display Modes
asherkin
SourceMod Developer
Join Date: Aug 2009
Location: OnGameFrame()
Old 08-05-2010 , 18:34   Re: [EXTENSION] Query Cache 1.7 (Updated!)
Reply With Quote #11

Quote:
Originally Posted by Afronanny View Post
Which way does it better, yours or Wazz's?
If your talking about the stuff in the code labeled Wazz Method, you have to go through each stage until it works, the last one is just called "Wazz Method" because it's the only way that would work on his machine.

EDIT: Here is VoiDeD's code that he uses: http://voided.pastebin.com/eCmw0kA1
__________________
asherkin is offline
jldrake
Junior Member
Join Date: Oct 2007
Old 08-06-2010 , 03:20   Re: [EXTENSION] Query Cache 1.7 (Updated!)
Reply With Quote #12

Hello, we have been getting attacked for the past 2 days.

Do you know of any kind of fix for the following:

They all appear to be spoofed ips, They are causing a massive amount of lag.

Packet: Looks like Source Query
ffffffff54536f7572636520456e67696e65205175657 27900

If you know a fix let me know! Thank you!
jldrake is offline
jldrake
Junior Member
Join Date: Oct 2007
Old 08-06-2010 , 03:22   Re: [EXTENSION] Query Cache 1.7 (Updated!)
Reply With Quote #13

This seems to be another packet they are using to attack us with: I dont know what this on is.
ffffffff71303030303030303030303030303000
jldrake is offline
AzuiSleet
Fool
Join Date: Jul 2008
Old 08-06-2010 , 03:32   Re: [EXTENSION] Query Cache 1.7 (Updated!)
Reply With Quote #14

Quote:
Originally Posted by jldrake View Post
Hello, we have been getting attacked for the past 2 days.

Do you know of any kind of fix for the following:

They all appear to be spoofed ips, They are causing a massive amount of lag.

Packet: Looks like Source Query
ffffffff54536f7572636520456e67696e65205175657 27900

If you know a fix let me know! Thank you!
There are two problems you have to deal with when it comes to this specific attack, the first is the denial of service caused by sending over 60 OOB packets per second. When that point is reached the engine will stop sending ANY OOB packets (including connect challenges) during that window. That's the first DoS which this plugin prevents.

The second problem is compounded by the fix for the first problem, which is that it replies to every A2S_INFO query. This floods the network and causes an increase in CPU usage and takes up network bandwidth (backscatter).

The solution would be a rather simple QoS system, giving game packets priority over OOB packets. This would give the least amount of impact to the players in game, and since OOB packets don't need to be recieved right away they can take a much lower priority.
AzuiSleet is offline
jldrake
Junior Member
Join Date: Oct 2007
Old 08-06-2010 , 05:19   Re: [EXTENSION] Query Cache 1.7 (Updated!)
Reply With Quote #15

60 pps is low. I have blocked 99% of the attack all the way down to 325 pps. Its barely touches my bandwidth at all yet it lags the entire server so bad I cant connect. The plugin doesn't appear to help at all shows it as running in meta list and everything.... I just dont notice any difference. We are still unable to connect to the server.

I dont know what you mean by QoS System, OOB packets.... Or how I would set this up.

Thanks for the help, I appreciate it.

By the way I'm using Windows.
- version appears on server browser as locked but its not locked. Users can still join as well.\
You can connect through console but if you connect off the browser it asks for a password.

Last edited by jldrake; 08-06-2010 at 14:57.
jldrake is offline
AzuiSleet
Fool
Join Date: Jul 2008
Old 08-06-2010 , 16:01   Re: [EXTENSION] Query Cache 1.7 (Updated!)
Reply With Quote #16

Quote:
Originally Posted by jldrake View Post
60 pps is low. I have blocked 99% of the attack all the way down to 325 pps. Its barely touches my bandwidth at all yet it lags the entire server so bad I cant connect. The plugin doesn't appear to help at all shows it as running in meta list and everything.... I just dont notice any difference. We are still unable to connect to the server.
Any OOB packet will count against the window limit, this particular plugin only covers A2S_INFO, it looks like you're being spammed with connect challenges as well.

Quote:
Originally Posted by jldrake View Post
I dont know what you mean by QoS System, OOB packets.... Or how I would set this up.
You don't, it's up to someone with effort to implement it.
AzuiSleet is offline
Afronanny
Veteran Member
Join Date: Aug 2009
Old 08-07-2010 , 00:13   Re: [EXTENSION] Query Cache 1.7 (Updated!)
Reply With Quote #17

Quote:
Originally Posted by jldrake View Post
This seems to be another packet they are using to attack us with: I dont know what this on is.
ffffffff71303030303030303030303030303000

Try this. It now has a timer to block these if there are more than 5 in 5 seconds. Source code is available here
Attached Files
File Type: dll querycache.ext.dll (99.5 KB, 218 views)

Last edited by Afronanny; 08-07-2010 at 00:20.
Afronanny is offline
thetwistedpanda
Good Little Panda
Join Date: Sep 2008
Old 08-07-2010 , 00:56   Re: [EXTENSION] Query Cache 1.7 (Updated!)
Reply With Quote #18

Any luck on fixing the dirty hidden password for Windows?
__________________
thetwistedpanda is offline
jldrake
Junior Member
Join Date: Oct 2007
Old 08-07-2010 , 13:53   Re: [EXTENSION] Query Cache 1.7 (Updated!)
Reply With Quote #19

If we could just get the password removed on the browser so users dont have to connect through console we would be set.

I have also been able to patch mine by my secureport firewall. Limiting that packet per second.
jldrake is offline
Afronanny
Veteran Member
Join Date: Aug 2009
Old 08-07-2010 , 17:54   Re: [EXTENSION] Query Cache 1.7 (Updated!)
Reply With Quote #20

Quote:
Originally Posted by jldrake View Post
If we could just get the password removed on the browser so users dont have to connect through console we would be set.

I have also been able to patch mine by my secureport firewall. Limiting that packet per second.
I honestly don't know why a password is being reported. Perhaps valve changed CBaseServer::GetPassword to report an empty string rather than just NULL. I'll test it out and see.
Afronanny is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 03:44.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode