Forum

> > CS2D > Servers > Program to crash servers
ForenübersichtCS2D-Übersicht Servers-ÜbersichtEinloggen, um zu antworten

Englisch Program to crash servers

11 Antworten
Zum Anfang Vorherige 1 Nächste Zum Anfang

alt Program to crash servers

AtomKuh
User Off Offline

Zitieren
Hello,

I have a program [NAME REMOVED SO PPL DON'T GOOGLE IT] that is able to make a server somehow not being online anymore. I crashed my own server with it but I could see that a lua script that was started by the server was still running.
There was a lua script installed that modifies a text document (http://unrealsoftware.de/forum_posts.php?post=411139&l#jl) every 10 seconds:
Spoiler >


I dont know if I can link the download public but I want to secure my server from these kind of attacks.

I hope someone can help me with that

alt Re: Program to crash servers

DC
Admin On Online

Zitieren
Sorry but I removed the name of the program because some people here would probably search for it and use it.

One well known attack is to crash CS2Ds network layer by sending empty UDP packets (UDP packets which only consist of a header and have 0 bytes of payload). The server itself will still run but it won't be able to communicate with clients, the USGN or via RCon anymore. Of course this makes the server quite useless.

Please try the firewall rule in the top section of this page
http://www.cs2d.com/security.php

alt Re: Program to crash servers

AtomKuh
User Off Offline

Zitieren
Thanks! The server stays online now after using this program.

iptables -A INPUT -p udp -m length --length 0:28 -j DROP


One more question: What happens to a lua script (with no addhooks) in case of a DDOS attack on my server? Does it stop running?
1× editiert, zuletzt 28.04.17 20:34:53

alt Re: Program to crash servers

GeoB99
Moderator Off Offline

Zitieren
The program you've tried to flood against your server uses the technique that user DC already explained to you (this also applies to many DoS tools such as LOIC). A server without proper firewall configuration for UDP flood abuse would just go batshitmad.

If you are running the server on a Linux machine (VPS) you can set up the iptable rule from CS2D Security page. However if your server still gets flooded and it's only DoS (when the attack comes from a single source) you can just simply block all the traffic by the following:

iptables -A INPUT -s IP-ADDRESS -j DROP


IP-ADDRESS
is where you must fill with the offender's IP. The thing is, DDoS attacks are next to impossible to mitigate without some external help. When such attacks occur, the attacker basically sends a well organised sequence of packets against your server and will wipe out the entire available space resources of your machine.

Just in case you can consult the tcpdump records to see what's going on so you can track each null packet from the source and set up each iptable rule for that. You can do that by the following command:

tcpdump -n udp dst


NOTE I'm not really sure if it's the correct syntax but I guess it is right. Make sure you have tcpdump installed on your machine first.

Unless you don't have root access by any means (or even for odd reasons) to set up iptables you can get and implement file cs2d Null-packet Protection without a hassle.

Otherwise if you run your server in a Windows machine you can use the Advanced Windows Firewall to set up a UDP rule block with IP.

user AtomKuh hat geschrieben
One more question: What happens to a lua script (with no addhooks) in case of a DDOS attack on my server? Does it stop running?


If the server completely crashes, the script will much likely to work as long as it's not an admin script for example or needs server communication. Of course everything will stop to work if the attacker tears apart your whole VPS with mass null packets.

alt Re: Program to crash servers

DC
Admin On Online

Zitieren
user AtomKuh hat geschrieben
One more question: What happens to a lua script (with no addhooks) in case of a DDOS attack on my server? Does it stop running?

A successful DDoS attack - unlike the empty UDP packet attack - normally completely kills the server which also stops all Lua script execution. If it doesn't completely crash it, it will probably slow it down if it's strong enough to do that. But the results also depend on the type of the DDoS. It could either reach server hardware limits first (everything will slow down / stop) or bandwidth limits first (CS2D keeps running including Lua but people on the server will have a high packet loss / their connection might time out).

If you're talking about the empty UDP packet attack: It does not influence the Lua execution. It will go on normally but of course hooks which are triggered by network activity can't be triggered anymore after the attack.

I don't know what exactly you mean with "no addhooks". Without any hooks Lua scripts are only run once when loaded. This is only at server startup and on map change. Only exception from this is the AI script which has a few defined functions which are called by the game - but only if you have bots in it.

alt Re: Program to crash servers

cs2d_is_a_Gem
User Off Offline

Zitieren
Such attacks only serve on linux servers.
If you use a server running Windows Server you will not have that problem.
But you remain vulnerable to service denial attacks.
On the other hand I found a way to deny each of the two DDos attacks.
If you want me to share the solution with you, send me a private message.

Pd. The possible solutions provided by @user GeoB99: are of no use.

alt Re: Program to crash servers

AtomKuh
User Off Offline

Zitieren
@user GeoB99: Thanks! After hearing that I will maybe move my server to a Windows vServer but for now I will protect my server with these iptable commands.

@user DC: For instance, this is a script (by @user MikuAuahDark:)without addhooks:
Spoiler >

alt Re: Program to crash servers

DC
Admin On Online

Zitieren
Oh, I totally forgot about timers...
But yes, same thing as explained above. It will keep running if the CS2D server program is still running.

alt Re: Program to crash servers

cs2d_is_a_Gem
User Off Offline

Zitieren
Attacks when they are directed to your network card can not be stopped with a script.
There are only two options to stop them, one is to have a giant bandwidth to restrict the attack without problems and the second option is to connect your ip to a server that receives the attack and return clean traffic to your ip.
I used the second option and there is not a hacker that can knock my connection.

alt Re: Program to crash servers

GeoB99
Moderator Off Offline

Zitieren
user cs2d_is_a_Gem hat geschrieben
Such attacks only serve on linux servers.
If you use a server running Windows Server you will not have that problem.

Where did you get that notion that Windows servers won't get any problem when it's coming about these attacks? This is plain wrong. Any server machine without proper firewall configuration, regardless of operating system platform, are easily prone to get flooded.

Plus I'd not recommend to anyone using Windows as hosting platform unless you want something which is easy to manage and to not mess up with.

user cs2d_is_a_Gem hat geschrieben
Pd. The possible solutions provided by @user GeoB99: are of no use.

I'd be happy if you can elaborate what's wrong with my solutions instead of just implying they're of "no use".

alt Re: Program to crash servers

cs2d_is_a_Gem
User Off Offline

Zitieren
The truth is you need to go deeper into the subject,
[NAME REMOVED SO PPL DON'T GOOGLE IT] Only affects linux servers.(not all)
You can know about scripting but in this topic you are a newbie.

@user GeoB99: hat geschrieben
I'd be happy if you can elaborate what's wrong with my solutions instead of just implying they're of "no use".


The reason is simple, You can not stop an attack directed at your network card with a script.(Is clear?)

I have been keeping my servers online for quite some time now and I consider myself an expert on this subject.
Sorry if I opaque you to desir that your attempt to help was useless (Actually, that was not my intention).
1× editiert, zuletzt 01.05.17 20:16:06

alt Re: Program to crash servers

AtomKuh
User Off Offline

Zitieren
Can anyone tell me how I save this iptable settings and keep it up even after a vServer reboot? It seems to disappear after some minutes
1
iptables -A INPUT -p udp -m length --length 0:28 -j DROP
Zum Anfang Vorherige 1 Nächste Zum Anfang
Einloggen, um zu antworten Servers-ÜbersichtCS2D-ÜbersichtForenübersicht