I use the term DDOS lightly, because as far as I can see there’s absolutely no substance behind the fact that any distributed denial of service attacks are actually taking place, I use the term because it’s something that seems to have ‘stuck’ when it comes to describing the issue of high profile games being disrupted.
It seems to me that the issue lies somewhere between STV and HLDS and the issue is most likely some kind of exploit that isn’t captured by normal logging.
Last night during the TF2TV Cast of ESH we struggled with the same lag issues that have plagued other high profile games. However with a sensible, logical approach we managed to side step the issues and enjoy a night of lag free casting and gaming.
I thought I’d document this approach so as to hopefully give others a fighting chance of hosting their games without fear of some asexual, spotty, albino, Hungarian retard causing problems 2 minutes after the game goes live.
So, here goes.
- Find a server that’s;
- Neutral
- Has no obvious links to you “Knights Clan Server!” probably isn’t a good idea!
- Preferably not listed within the master server list (I.e. it won’t appear if you click on the Internet tab within the in game browser)
- Contact your server provider and ask if you can have your server removed from the master server list
- Has rcon tv_enable 0 set
- Hide your IP address in IRC, if you’re auth’d with Q simply type ‘/mode YourName +x’ or pay a few quid for a hosted BNC.
- Go offline in Steam Friends (I know this makes organisation far more difficult but it’s absolutely essential)
Only once you’ve completed those steps should you even contemplate handing out the Server IP address and joining the server.
If TF2 is going to enjoy the kind of longevity it deserves then the smooth running of community events like webcasts are essential. We can either take it in the ass or we can do something about it now. So, clan leaders, I’m looking at you to impress upon your team the importance of taking these measures seriously. It’ll only be effective if *everyone* follows the procedure above to the letter.
Jesus, that sounded preachy!
Oh and I’d appreciate the feedback of anyone (server admins especially) in tracking the behaviour of the exploit, too. Was anyone online in steam when you got attacked? Was STV Enabled? Had you announced the server IP anywhere?
That’s all.
Love and Kisses
ShoX
33 comments
Tweetsv_max_queries_sec_global 1 (default = 60).
to make it invisible to master servers. Connecting might take longer to it and also it won’t be responding from friends. Might have some other effects, didn’t really test it.
- # - nice! +1Also, even with all of these things it’s still possible to find out the server IP.
- # - nice! +2also, nice article
a.) good article shox, deffo worked yesterday
b.) we set up such a server and will try next days
c.) to all the people still playing EMS/ESL: either get ddos’d or get penalty points for “refusing broadcast” -> good fkin job ESL
- # - nice! +2First of all, what’s happening lately is not a ddos. It’s a very old DoS exploit that any shitnerd can launch from the comfort of his parents’ basement. It works by spamming the server info command to the relat or gameserver. It’s possible to spam hundreds of these commands per second on your own. Because it takes much more cpu power and bandwidth to respond to these server info requests than to send them it’s easy to take a gameserver down.
The real fix would be for Valve to implement a small cache for the server info. So if the server info gets requested more than once per second, you get a cached response which costs no cpu time.
However this exploit is as old as the orangebox and it still hasn’t been fixed.
There is one little tool that acts as a cache, but you can’t set this up without root access to your server.
- # - nice! +4How do you explain the individual players being attacked in the highlander match then?
- # - nice! +1“Hungarian retard causing problems 2 minutes after the game goes live.”
Hey…
- # - nice! +2“How do you explain the individual players being attacked in the highlander match then?”
get ip from irc, flood with icmp packets. that would be my guess
- # - nice! +1I’m with Linus.
In our Epsilon match yesterday, the servers got attacked, not the players.
- # - nice! +3Why would anyone do this for starters?
- # - nice! +0Did you even read the first paragraph Arie ? :D
Do you have a URL for the fix? Have you tried exploiting a server yourself? Does it give the same kind of issues we’ve been seeing?
A stop gap solution might be to pressure local server providers to implement the fix on behalf of their clients.
- # - nice! +0Re: Defur
Some people are just morons.
- # - nice! +0Arie. I have root access to my servers. What’s the fix?
- # - nice! +1Is this going to be the end of IRC as the defacto comp tool for setting up matches? What’s out there to take its place? Needs to be open, configurable and managable/moderable but secure enough to hide your IP.
- # - nice! +0this was also a problem during my css times, as far as i can remember some css players found a fix for it, an extra config to be loaded in the server, that would stop the so called Ddos, i believe there was a raging forum post on cadred about this issue
- # - nice! +0The least you could do is make people REGISTER to this website in order to see the IPs.
The effort of registering every time you get banned, should drive some of those shitnerds away.
- # - nice! +1Agro: forum.i3d.net/hlds-valve-windo...
IRC is still fine, just auth before joining channels and mode +x.
- # - nice! +2Good to know that there are people with expertise around. Cool article
- # - nice! +0Has no obvious links to you “Knights Clan Server!” probably isn’t a good idea!
“Preferably not listed within the master server list (I.e. it won’t appear if you click on the Internet tab within the in game browser)
Contact your server provider and ask if you can have your server removed from the master server list
Has rcon tv_enable 0 set”
You dont need to disable sourcetv. -nomaster in the startup options will make sure that it neither the server nor the stv gets listed.
- # - nice! +2i agree with the server racio, but how have they been able to “ddos” the stv at the showmatch then?
- # - nice! +0Some awesome feedback thus far, thanks!
I’m going to have a play around with this UDP Caching proxy over the weekend, gather some data and fire off some information to Robin with the hope of him taking the whole thing a bit more seriously.
We must have some people around here with contacts within MPUK/N1/Clanhost too? If this UDP cache is scaleable we could try and get providers to make it part of their default offering until Valve give us a proper fix.
- # - nice! +0They didnt ddos the stv of the servers, they attacked the relay’s.
- # - nice! +0If i remember well, the yesterday’s match between blight and dignitas had no tv but it has been ddos’d on 2 different server. Why would it be linked to a use of tv ?
- # - nice! +0there was originally a STV-related exploit too, which valve allegedly fixed, but I have no idea if they did or not
we were just trying to cut down on all possibilities.. we got it right in the end
- # - nice! +0Because there’s more than one way of doing it.
- # - nice! +0If anyone of you know where to get these exploits please message me. I would be interested in testing all the possible fixes but without the exploits it’s pretty useless.
Thanks,
Ronny
- # - nice! +0nice-servers.com
We’ve updated all our servers with the rules above + some more.
www.nice-servers.com/en/blog/8...
Cheers,
Ronny
- # - nice! +2nice-servers.com
amazing ronny, nice work (see what I did there?)
- # - nice! +0I’m sure no one looks here anymore, but here’s what Robin had to say:
“Yep, we’re aware of the issue Arie describes, and have some folks looking into it. We’re also working on an improved status/rich-presence display in Steam. Once the Steam chaps ship that, we’ll be able to use that to add a private game’ option to TF2, which would hide the server details, so you wouldn’t need to go offline in friends.”
- # - nice! +0hide_server 1 if you want to remove your server from the master list.
- # - nice! +0I am Hungarian so obviously I take offense to this. :(
- # - nice! +0I see the tf2wiki got hacked.
- # - nice! +0www.pcr-online.biz/news/35343/...
- # - nice! +0