Hello,
Please excuse my bad English , but I need clarification on this matter as the README of serverark does not write anything about it.
I run a gameserver that is using the Gamespy sdk version 2 for the matchmaking. It's last security and feature update was released in 2002 and after the community fixed a few critical flaws such as remote password sending to clients etc. But the gamespy part is still bugged as in many older games that use it.
I noticed the server was unresponsive to status query's quite often lately but the server daemon running fine (always with players playing). As the program ran very stable in the past years and I have yet to experience a critical crash. I suspect an angry player flooding the query port. To my surprise there was a player after the automated server restart on the server with a suspicious name (DDoS/IP:PORT/) on the server. I have no packet logs yet so this is only a guess..
Now the question is why should I use serverark over IPtable rules like the following. Are there any advantages/disadvantages? Is serverark even designed for this kind of flood attacks against the query port or against players already connected flooding the gameport sending garbage data ?
iptables -A gamespy_dos_blacklist -m recent --name blacklist --set
iptables -A gamespy_dos_blacklist -j DROP
iptables -A gamespy -m recent --update --name blacklist --seconds 600 --hitcount 1 -j DROP
iptables -A gamespy -m recent --set --name counting
iptables -A gamespy -m recent --update --name counting --seconds 1 --hitcount 20 -j gamespy_dos_blacklist
iptables -A gamespy -j ACCEPT
iptables -I INPUT -p udp --dport 28672 -j gamespy
Sincerly,
Emanuel Manologlou
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello Emanuel, the old ServerArk daemon project was retired over some custom IPTABLES script that use some of the more modern plugins to do Q3-protocol protection.
If you would give me a personal Email to send you the script.zip file, I would be happy to do so. I think you will find that the new IPTABLES scripts are infinitely better at protecting against common attacks over the old ServerArk daemon.
Thanks,
Boyd
----- Original Message -----
Hello,
Please excuse my bad English , but I need clarification on this matter as the README of serverark does not write anything about it.
I run a gameserver that is using the Gamespy sdk version 2 for the matchmaking. It's last security and feature update was released in 2002 and after the community fixed a few critical flaws such as remote password sending to clients etc. But the gamespy part is still bugged as in many older games that use it.
I noticed the server was unresponsive to status query's quite often lately but the server daemon running fine (always with players playing). As the program ran very stable in the past years and I have yet to experience a critical crash. I suspect an angry player flooding the query port. To my surprise there was a player after the automated server restart on the server with a suspicious name (DDoS/IP:PORT/) on the server. I have no packet logs yet so this is only a guess..
Now the question is why should I use serverark over IPtable rules like the following. Are there any advantages/disadvantages? Is serverark even designed for this kind of flood attacks against the query port or against players already connected flooding the gameport sending garbage data ?
iptables -A gamespy_dos_blacklist -m recent --name blacklist --set
iptables -A gamespy_dos_blacklist -j DROP
iptables -A gamespy -m recent --update --name blacklist --seconds 600 --hitcount 1 -j DROP
iptables -A gamespy -m recent --set --name counting
iptables -A gamespy -m recent --update --name counting --seconds 1 --hitcount 20 -j gamespy_dos_blacklist
iptables -A gamespy -j ACCEPT
iptables -I INPUT -p udp --dport 28672 -j gamespy
Can i use serverark on a server which connects directly to the internet with pppoe and have a damn dynamic address which changing weekly? Or when disconnects/restarts?
BTW I Running 3 Enemy Territory, a COD4 and COD5 server.
Or better to find some iptables rules and translate to nftables ?
Last edit: Gyöngyösi Gábor 2021-11-26
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
Please excuse my bad English , but I need clarification on this matter as the README of serverark does not write anything about it.
I run a gameserver that is using the Gamespy sdk version 2 for the matchmaking. It's last security and feature update was released in 2002 and after the community fixed a few critical flaws such as remote password sending to clients etc. But the gamespy part is still bugged as in many older games that use it.
I noticed the server was unresponsive to status query's quite often lately but the server daemon running fine (always with players playing). As the program ran very stable in the past years and I have yet to experience a critical crash. I suspect an angry player flooding the query port. To my surprise there was a player after the automated server restart on the server with a suspicious name (DDoS/IP:PORT/) on the server. I have no packet logs yet so this is only a guess..
I verified the design error by using the following proof of concept http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1354
Now the question is why should I use serverark over IPtable rules like the following. Are there any advantages/disadvantages? Is serverark even designed for this kind of flood attacks against the query port or against players already connected flooding the gameport sending garbage data ?
iptables -A gamespy_dos_blacklist -m recent --name blacklist --set
iptables -A gamespy_dos_blacklist -j DROP
iptables -A gamespy -m recent --update --name blacklist --seconds 600 --hitcount 1 -j DROP
iptables -A gamespy -m recent --set --name counting
iptables -A gamespy -m recent --update --name counting --seconds 1 --hitcount 20 -j gamespy_dos_blacklist
iptables -A gamespy -j ACCEPT
iptables -I INPUT -p udp --dport 28672 -j gamespy
Sincerly,
Emanuel Manologlou
Hello Emanuel, the old ServerArk daemon project was retired over some custom IPTABLES script that use some of the more modern plugins to do Q3-protocol protection.
If you would give me a personal Email to send you the script.zip file, I would be happy to do so. I think you will find that the new IPTABLES scripts are infinitely better at protecting against common attacks over the old ServerArk daemon.
Thanks,
Boyd
----- Original Message -----
Hello,
Please excuse my bad English , but I need clarification on this matter as the README of serverark does not write anything about it.
I run a gameserver that is using the Gamespy sdk version 2 for the matchmaking. It's last security and feature update was released in 2002 and after the community fixed a few critical flaws such as remote password sending to clients etc. But the gamespy part is still bugged as in many older games that use it.
I noticed the server was unresponsive to status query's quite often lately but the server daemon running fine (always with players playing). As the program ran very stable in the past years and I have yet to experience a critical crash. I suspect an angry player flooding the query port. To my surprise there was a player after the automated server restart on the server with a suspicious name (DDoS/IP:PORT/) on the server. I have no packet logs yet so this is only a guess..
I verified the design error by using the following proof of concept http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1354
Now the question is why should I use serverark over IPtable rules like the following. Are there any advantages/disadvantages? Is serverark even designed for this kind of flood attacks against the query port or against players already connected flooding the gameport sending garbage data ?
iptables -A gamespy_dos_blacklist -m recent --name blacklist --set
iptables -A gamespy_dos_blacklist -j DROP
iptables -A gamespy -m recent --update --name blacklist --seconds 600 --hitcount 1 -j DROP
iptables -A gamespy -m recent --set --name counting
iptables -A gamespy -m recent --update --name counting --seconds 1 --hitcount 20 -j gamespy_dos_blacklist
iptables -A gamespy -j ACCEPT
iptables -I INPUT -p udp --dport 28672 -j gamespy
Sincerly,
Emanuel Manologlou
Serverark vs IPtables
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/serverark/discussion/general/
To unsubscribe from further messages, please visit https://sourceforge.net/auth/prefs/
Thanks for your response. I'am very interested in your new firewall script. I attached a png image of my E-Mail to this post
Hello Boyd!
Can i use serverark on a server which connects directly to the internet with pppoe and have a damn dynamic address which changing weekly? Or when disconnects/restarts?
BTW I Running 3 Enemy Territory, a COD4 and COD5 server.
Or better to find some iptables rules and translate to nftables ?
Last edit: Gyöngyösi Gábor 2021-11-26