mirror of
https://github.com/GameServerManagers/LinuxGSM.git
synced 2026-04-25 06:05:57 +03:00
[GH-ISSUE #473] GameServerQuery helps attacker get server offline. #393
Labels
No labels
Atomic
Epic
cannot reproduce
command: backup
command: console
command: debug
command: details
command: fast-dl
command: install
command: mods
command: monitor
command: post-details
command: restart
command: send
command: start
command: stop
command: update
command: update-lgsm
command: validate
command: wipe
distro: AlmaLinux
distro: Arch Linux
distro: CentOS
distro: Debian
distro: Fedora
distro: RedHat
distro: Rocky Linux
distro: Ubuntu
distro: openSUSE
engine: goldsrc
engine: source
game: 7 Days to Die
game: ARMA 3
game: Ark: Survival Evolved
game: Assetto Corsa
game: Avorion
game: BATTALION: Legacy
game: Barotrauma
game: Battalion 1944
game: Battlefield 1942
game: Black Mesa: Deathmatch
game: Blade Symphony
game: Call of Duty 2
game: Call of Duty 4
game: Call of Duty: United Offensive
game: Counter-Strike 1.6
game: Counter-Strike 2
game: Counter-Strike: Global Offensive
game: Counter-Strike: Source
game: Day of Infamy
game: Dayz
game: Death Match Classic
game: Don't Starve Together
game: ET: Legacy
game: Eco
game: Factorio
game: Factorio
game: Garry's Mod
game: Half-Life
game: Hurtword
game: Insurgecy
game: Insurgecy
game: Insurgency: Sandstorm
game: Just Cause 3
game: Killing Floor
game: Killing Floor 2
game: Left 4 Dead 2
game: Minecraft
game: Minecraft Bedrock
game: Mordhau
game: Multi Theft Auto
game: Mumble
game: Natural Selection 2
game: No More Room in Hell
game: Pavlov VR
game: Post Scriptum
game: Project Zomboid
game: Quake 3
game: QuakeWorld
game: Red Orchestra: Ostfront 41-45
game: Return to Castle Wolfenstein
game: Rising World
game: Rust
game: San Andreas Multiplayer
game: Satisfactory
game: Soldat
game: Soldier of Fortune 2
game: Squad
game: Squad 44
game: Starbound
game: Stationeers
game: Sven Co-op
game: Team Fortress 2
game: Teamspeak 3
game: Teeworlds
game: Terraria
game: The Front
game: Unreal Tournament 2004
game: Unreal Tournament 3
game: Unreal Tournament 99
game: Unturned
game: Valheim
game: Wurm Unlimited
game: Zombie Master Reborn
game: label missing
good first issue
help wanted
info: alerts
info: dependency
info: docker
info: docs
info: email
info: query
info: steamcmd
info: systemd
info: tmux
info: website
info: website
needs more info
outcome: duplicate
outcome: issue resolved
outcome: issue resolved
outcome: issue unresolved
outcome: pr accepted
outcome: pr rejected
outcome: unconfirmed
outcome: wontfix
outcome: wrong forum
potential-duplicate
priority
pull-request
type: bug
type: feature
type: feature
type: feature request
type: game server request
type: refactor
waiting response
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/LinuxGSM#393
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @iNilo on GitHub (Aug 26, 2015).
Original GitHub issue: https://github.com/GameServerManagers/LinuxGSM/issues/473
Originally assigned to: @UltimateByte on GitHub.
Hey, Im opening this issue to make you aware of an rather unfortunate issue.
I'm hosting some CSGO Servers and I'm sure it's purely accidental that this happened but when an attacker UDP floods the srcds ports (27015) the srcds will stop responding on those ports (out of self protection?).
So when running a cronjob every minute that checks for an offline server the 5 millisecond timeout is causing a restart.
https://github.com/dgibbs64/linuxgsm/blob/master/GameServerQuery/gsquery.py#L17
TLDR: attacker floods ports, query script thinks server is offline, attacker succeeds in taking down a (full) server.
This might be an unsolvable problem on your part and may require the server owners to protect against UDP floods, but I want to let you know this is happening
@dgibbs64 commented on GitHub (Aug 26, 2015):
Thanks for this info Will have to see if there is a way around this problem. Maybe there is some sort of whitelist for SRCDS or something. Will have to play around. However if anyone does find a way around this issue please post it.
@iNilo commented on GitHub (Aug 26, 2015):
My first idea is to RCON query the server since that is TCP and afaik the RCON was still available when under attack.
But that's just an entire different way then the current implementation
@dgibbs64 commented on GitHub (Aug 26, 2015):
That may be possible. Will take a while to implement something though
@ghost commented on GitHub (Aug 26, 2015):
Hi,
this can be solved with the following iptables rule:
-A INPUT -p udp -m udp --dport 27015 -m state --state NEW -m recent --set --name DEFAULT --rsource
-A INPUT -p udp -m udp --dport 27015 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name DEFAULT --rsource -j DROP
basically this rule will drop anyone who send more than 10 requests in less than 60 seconds. those numbers are not mandatory and you can adapt for your needs.
@dgibbs64 commented on GitHub (Aug 26, 2015):
Thats a really useful bit of info
@iNilo commented on GitHub (Aug 26, 2015):
Yea, not just useful its awesome. just reminds me how powerful iptables are and should really try and understand the iptables chains
@digimon-dk commented on GitHub (Mar 21, 2016):
I'm new to iptables . is it right to do it like this in ubuntu ??
command:
sudo iptables -A INPUT -p udp -m udp --dport 27015 -m state --state NEW -m recent --set --name DEFAULT --rsource
-A INPUT -p udp -m udp --dport 27015 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name DEFAULT --rsource -j DROP
Thanks for a awesome work 👍
@dgibbs64 commented on GitHub (Mar 21, 2016):
The UFW is probably a better option and simpler for Ubuntu. My understanding is that is uses iptables but makes it simple to use
https://wiki.ubuntu.com/UncomplicatedFirewall
Here is a tutorial that may help
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-14-04
@AlexCS1337 commented on GitHub (Mar 22, 2016):
Nice info on the iptables etc, I think I had similar problem on my Gmod server haha
@dgibbs64 commented on GitHub (Jul 12, 2016):
This could do with updating on the WIKI. I require a knowledgeable person to create a brief page about firewalls for Ubuntu and CentOS and how to protect your query port
@UltimateByte commented on GitHub (Aug 27, 2016):
Will do it.
@UltimateByte commented on GitHub (Aug 28, 2016):
Is this enough for now ?
https://github.com/GameServerManagers/LinuxGSM/wiki/Firewalls
@UltimateByte commented on GitHub (Oct 18, 2016):
Well, i guess it's enough. :)
@lock[bot] commented on GitHub (Jul 19, 2018):
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.