BF42 server querys broken
Re: BF42 server querys broken
We get this line all the time "Couldn't get server status! Segment did not contain a queryid." Just run a network activity trace and drop them in the firewall. Most if not all the IP addresses come from China.
We have seen this from time to time for the last few years, but it has gotten MUCH worse in the last 9-12 months.
If you have direct box access you can install Wireshark and find this pretty fast and only need a few seconds to scan and you can stop it. Look for "rules" in the code the other is usually normal game traffic.
If you do not have box access you might have a harder time getting the GSP to do this for you.
If you need more info hit me up over at MoonGamers and I can get more to you.
I can also provide a list of all IP addresses that have got us over the years so you can either just add them or watch for them to show in your network traffic.
These are only form the last 6 months as before we dropped them in with all the others but as they increased I wanted to track them so they have their own little rule.
69.162.110.123
96.42.17.206
69.162.65.228
69.162.99.35
69.162.99.38
99.198.97.162
173.243.123.69
66.96.240.87
67.171.212.25
72.29.89.12
69.162.67.21
173.244.221.96
67.212.88.102
We have seen this from time to time for the last few years, but it has gotten MUCH worse in the last 9-12 months.
If you have direct box access you can install Wireshark and find this pretty fast and only need a few seconds to scan and you can stop it. Look for "rules" in the code the other is usually normal game traffic.
If you do not have box access you might have a harder time getting the GSP to do this for you.
If you need more info hit me up over at MoonGamers and I can get more to you.
I can also provide a list of all IP addresses that have got us over the years so you can either just add them or watch for them to show in your network traffic.
These are only form the last 6 months as before we dropped them in with all the others but as they increased I wanted to track them so they have their own little rule.
69.162.110.123
96.42.17.206
69.162.65.228
69.162.99.35
69.162.99.38
99.198.97.162
173.243.123.69
66.96.240.87
67.171.212.25
72.29.89.12
69.162.67.21
173.244.221.96
67.212.88.102
Re: BF42 server querys broken
Grabbi from PFC contacted the hoster and this is what they answered. Looks like they're the victims themselves:
http://www.nfoservers.com/forums/viewto ... =25&t=4960
The ip used to belong to "DOV" clan (http://dovgaming.net/forums/index.php) and they ran a CS:S server there. Somebody must have gotten banned, got mad and started to DRDoS them, using our BF42 servers...
edit: Vunerability known and unpatched since 2003: http://www.derkeiler.com/Mailing-Lists/ ... /0060.html
http://www.nfoservers.com/forums/viewto ... =25&t=4960
The ip used to belong to "DOV" clan (http://dovgaming.net/forums/index.php) and they ran a CS:S server there. Somebody must have gotten banned, got mad and started to DRDoS them, using our BF42 servers...
edit: Vunerability known and unpatched since 2003: http://www.derkeiler.com/Mailing-Lists/ ... /0060.html
Re: BF42 server querys broken
Old attack gone, new one to follow soon... We have another DRDoS attack, this time on IPs 208.86.154.242 and 208.86.154.248. Block these through your server's ACL if you're having timeouts/connection problems/BFRM disconnects.
Re: BF42 server querys broken
What exactly is a "Server ACL" ? , what process would be taken to block these on either a server box or dedicated server ?. These recent attacks , could they lead to server lag issues ?
Nodbrother- "getting whiped every single game by some over-active 9 year old kid with too much spare time and a reaction time that is a third of yours."
Re: BF42 server querys broken
Access Control List - so to say the definition for what is allowed and what not, in this case concerning ingoing IP addresses.
How to do this depends very much on your OS. For a Windows server I've described it a little earlier in this topic, but for linux I got no clue
btw... HLSW is clear again, attack seems gone.
How to do this depends very much on your OS. For a Windows server I've described it a little earlier in this topic, but for linux I got no clue
btw... HLSW is clear again, attack seems gone.
Re: BF42 server querys broken
Hm, guess no. It's used for resolving hostnames to ip addresses, but I wouldn't know how to block an ip with that. You might also be able to modify the routing table with the "route" command, so the packets don't go out anymore. But that doesn't help much, too, since you need to stop the querys before they reach the server.
I think except with some third partie software, on Windows this should only be doable with the ip security guidelines in gpedit.msc. There's lots of tutorials in the web, also by MS. It worked good for me so far, no side effects like cutting the own wire or such ^^
I think except with some third partie software, on Windows this should only be doable with the ip security guidelines in gpedit.msc. There's lots of tutorials in the web, also by MS. It worked good for me so far, no side effects like cutting the own wire or such ^^