Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Message spamming in console #247

Closed
ivanmaxlogiudice opened this issue Oct 18, 2016 · 9 comments
Closed

Message spamming in console #247

ivanmaxlogiudice opened this issue Oct 18, 2016 · 9 comments

Comments

@ivanmaxlogiudice
Copy link

I have this spamming all over the console:

Malformed packet number (7/8)
Malformed packet number (7/8)
Malformed packet number (7/8)
Malformed packet number (7/8)
Malformed packet number (7/8)
Malformed packet number (7/8)

What could be the reason?
@Adidasman1
Copy link
Contributor

Adidasman1 commented Oct 18, 2016
edited

Flood packets. Server on Linux? firewall (iptables) has access to?

@ivanmaxlogiudice
Copy link
Author

Linux: CentOS release 6.8 (Final)

Yes, i have access to the firewall

@WPMGPRoSToTeMa
Copy link
Contributor

I think we should move all messages of this sort to debugged printf (Con_DPrintf) or make cvar for this logging.

@Adidasman1
Copy link
Contributor

Adidasman1 commented Oct 18, 2016
edited

// add rules iptables
// 27015 game port server

iptables -A INPUT -p udp -m udp --dport 27015 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 27015 -m state --state NEW -m length --length 33:150 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 27015 -j DROP

@theAsmodai
Copy link
Collaborator

Why only up to 250?

@Adidasman1
Copy link
Contributor

Because the "new" requests valid to such threshold

@theAsmodai
Copy link
Collaborator

theAsmodai commented Oct 19, 2016
edited

Really? It's a dump of valid client connection:
http://oi65.tinypic.com/2sb4lev.jpg

WPMGPRoSToTeMa added a commit to WPMGPRoSToTeMa/rehlds that referenced this issue Oct 19, 2016
@WPMGPRoSToTeMa
Replaced Con_Printf to Con_DPrintf for net messages that can be used …
e2be649 
…for flood (related to dreamstalker#247)

Added player name and print to client for some net messages (not for all, need finish this in future)
echo -> svc_print
@WPMGPRoSToTeMa WPMGPRoSToTeMa mentioned this issue Oct 19, 2016
Merged
@Adidasman1
Copy link
Contributor

В данном скрине, соединение попадет на 1 правило, так как у него состояние "ESTABLISHED", потому что до этого был пакет "NEW" длинной в "51" с содержанием "get challenge steam" после и поменялось состояние соединения на "ESTABLISHED".

Вообще для клиента тут валидное значение длинны для пакетов "new" 51 (getchallenge steam
) и 53 (TSource Engine Query), но в этом правиле надо еще не забыть про мониторинги и запросы A2S, такие как "A2S_PLAYER" и "A2S_RULES" длинной в "37", поэтому данное правило не превышает длину в "150", почему указал 250, чтобы был запас на корявые скрипты хотя это их проблемы (изначально стояла у меня длина до 60, потом некоторые скрипты не могли получить инфу, и пришлось завышать до 150).

P.s пересмотрел логи, правило которое дропает пакет "NEW" длинной выше "150" за 2 года ни разу не сработало.

@bjallamo bjallamo mentioned this issue Oct 30, 2016
Closed
@mo0nsniper
Copy link

Great, thanks.
I really needed that rule to protect from a flood attack.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@ivanmaxlogiudice @LevShisterov @theAsmodai @WPMGPRoSToTeMa @mo0nsniper @Adidasman1