Forum

> > CS2D > Servers > Program to crash servers
Forums overviewCS2D overview Servers overviewLog in to reply

English Program to crash servers

11 replies
To the start Previous 1 Next To the start

old Program to crash servers

AtomKuh
User Off Offline

Quote
Hello,

I have a program [NAME REMOVED SO PPL DON'T GOOGLE IT] that is able to make a server somehow not being online anymore. I crashed my own server with it but I could see that a lua script that was started by the server was still running.
There was a lua script installed that modifies a text document (http://unrealsoftware.de/forum_posts.php?post=411139&l#jl) every 10 seconds:
Spoiler >


I dont know if I can link the download public but I want to secure my server from these kind of attacks.

I hope someone can help me with that

old Re: Program to crash servers

DC
Admin On Online

Quote
Sorry but I removed the name of the program because some people here would probably search for it and use it.

One well known attack is to crash CS2Ds network layer by sending empty UDP packets (UDP packets which only consist of a header and have 0 bytes of payload). The server itself will still run but it won't be able to communicate with clients, the USGN or via RCon anymore. Of course this makes the server quite useless.

Please try the firewall rule in the top section of this page
http://www.cs2d.com/security.php

old Re: Program to crash servers

AtomKuh
User Off Offline

Quote
Thanks! The server stays online now after using this program.

iptables -A INPUT -p udp -m length --length 0:28 -j DROP


One more question: What happens to a lua script (with no addhooks) in case of a DDOS attack on my server? Does it stop running?
edited 1×, last 28.04.17 08:34:53 pm

old Re: Program to crash servers

GeoB99
Moderator Off Offline

Quote
The program you've tried to flood against your server uses the technique that user DC already explained to you (this also applies to many DoS tools such as LOIC). A server without proper firewall configuration for UDP flood abuse would just go batshitmad.

If you are running the server on a Linux machine (VPS) you can set up the iptable rule from CS2D Security page. However if your server still gets flooded and it's only DoS (when the attack comes from a single source) you can just simply block all the traffic by the following:

iptables -A INPUT -s IP-ADDRESS -j DROP


IP-ADDRESS
is where you must fill with the offender's IP. The thing is, DDoS attacks are next to impossible to mitigate without some external help. When such attacks occur, the attacker basically sends a well organised sequence of packets against your server and will wipe out the entire available space resources of your machine.

Just in case you can consult the tcpdump records to see what's going on so you can track each null packet from the source and set up each iptable rule for that. You can do that by the following command:

tcpdump -n udp dst


NOTE I'm not really sure if it's the correct syntax but I guess it is right. Make sure you have tcpdump installed on your machine first.

Unless you don't have root access by any means (or even for odd reasons) to set up iptables you can get and implement file cs2d Null-packet Protection without a hassle.

Otherwise if you run your server in a Windows machine you can use the Advanced Windows Firewall to set up a UDP rule block with IP.

user AtomKuh has written
One more question: What happens to a lua script (with no addhooks) in case of a DDOS attack on my server? Does it stop running?


If the server completely crashes, the script will much likely to work as long as it's not an admin script for example or needs server communication. Of course everything will stop to work if the attacker tears apart your whole VPS with mass null packets.

old Re: Program to crash servers

DC
Admin On Online

Quote
user AtomKuh has written
One more question: What happens to a lua script (with no addhooks) in case of a DDOS attack on my server? Does it stop running?

A successful DDoS attack - unlike the empty UDP packet attack - normally completely kills the server which also stops all Lua script execution. If it doesn't completely crash it, it will probably slow it down if it's strong enough to do that. But the results also depend on the type of the DDoS. It could either reach server hardware limits first (everything will slow down / stop) or bandwidth limits first (CS2D keeps running including Lua but people on the server will have a high packet loss / their connection might time out).

If you're talking about the empty UDP packet attack: It does not influence the Lua execution. It will go on normally but of course hooks which are triggered by network activity can't be triggered anymore after the attack.

I don't know what exactly you mean with "no addhooks". Without any hooks Lua scripts are only run once when loaded. This is only at server startup and on map change. Only exception from this is the AI script which has a few defined functions which are called by the game - but only if you have bots in it.

old Re: Program to crash servers

cs2d_is_a_Gem
User Off Offline

Quote
Such attacks only serve on linux servers.
If you use a server running Windows Server you will not have that problem.
But you remain vulnerable to service denial attacks.
On the other hand I found a way to deny each of the two DDos attacks.
If you want me to share the solution with you, send me a private message.

Pd. The possible solutions provided by @user GeoB99: are of no use.

old Re: Program to crash servers

AtomKuh
User Off Offline

Quote
@user GeoB99: Thanks! After hearing that I will maybe move my server to a Windows vServer but for now I will protect my server with these iptable commands.

@user DC: For instance, this is a script (by @user MikuAuahDark:)without addhooks:
Spoiler >

old Re: Program to crash servers

DC
Admin On Online

Quote
Oh, I totally forgot about timers...
But yes, same thing as explained above. It will keep running if the CS2D server program is still running.

old Re: Program to crash servers

cs2d_is_a_Gem
User Off Offline

Quote
Attacks when they are directed to your network card can not be stopped with a script.
There are only two options to stop them, one is to have a giant bandwidth to restrict the attack without problems and the second option is to connect your ip to a server that receives the attack and return clean traffic to your ip.
I used the second option and there is not a hacker that can knock my connection.

old Re: Program to crash servers

GeoB99
Moderator Off Offline

Quote
user cs2d_is_a_Gem has written
Such attacks only serve on linux servers.
If you use a server running Windows Server you will not have that problem.

Where did you get that notion that Windows servers won't get any problem when it's coming about these attacks? This is plain wrong. Any server machine without proper firewall configuration, regardless of operating system platform, are easily prone to get flooded.

Plus I'd not recommend to anyone using Windows as hosting platform unless you want something which is easy to manage and to not mess up with.

user cs2d_is_a_Gem has written
Pd. The possible solutions provided by @user GeoB99: are of no use.

I'd be happy if you can elaborate what's wrong with my solutions instead of just implying they're of "no use".

old Re: Program to crash servers

cs2d_is_a_Gem
User Off Offline

Quote
The truth is you need to go deeper into the subject,
[NAME REMOVED SO PPL DON'T GOOGLE IT] Only affects linux servers.(not all)
You can know about scripting but in this topic you are a newbie.

@user GeoB99: has written
I'd be happy if you can elaborate what's wrong with my solutions instead of just implying they're of "no use".


The reason is simple, You can not stop an attack directed at your network card with a script.(Is clear?)

I have been keeping my servers online for quite some time now and I consider myself an expert on this subject.
Sorry if I opaque you to desir that your attempt to help was useless (Actually, that was not my intention).
edited 1×, last 01.05.17 08:16:06 pm

old Re: Program to crash servers

AtomKuh
User Off Offline

Quote
Can anyone tell me how I save this iptable settings and keep it up even after a vServer reboot? It seems to disappear after some minutes
1
iptables -A INPUT -p udp -m length --length 0:28 -j DROP
To the start Previous 1 Next To the start
Log in to reply Servers overviewCS2D overviewForums overview