Onslaught Onslaught Server Discussion

Go Back   Omnip)o(tentS Forums > SERVERS > Unreal Tournament > Onslaught
Reply
 
Thread Tools Display Modes
Old 11-17-2013, 01:23 PM   #41
Wormbo
Wormlike
 
Wormbo's Avatar
 
Join Date: Dec 2009
Posts: 907
Default
Reply With Quote


I think the voice chatter exploit doesn't actually require a connection. UT uses UDP, i.e. a connectionless protocol. The "connection" is established on the application level, but the voice chatter exploit just sends a UDP packet to the game server without establishing a player connection first.
Wormbo is offline  
Old 11-17-2013, 07:26 PM   #42
Mr.Crow
Server Sponsor

 
Join Date: Dec 2006
Location: Pennsylvania USA
Posts: 401
Default
Reply With Quote


5th round of randomizer, shit map, 8:24 est
Mr.Crow is offline  
Old 11-20-2013, 11:40 PM   #43
Turbo K
Community Veteran

 
Turbo K's Avatar
 
Join Date: Jun 2010
Posts: 1,486
Default
Reply With Quote


12:37AM EST on 11/21. It was the end of the first round of Dreamus2E
Turbo K is offline  
Old 11-21-2013, 01:56 PM   #44
laboRHEinz
Just Registered
 
Join Date: Jan 2012
Posts: 18
Default
Reply With Quote


Quote:
Originally Posted by Carpe Diem View Post
Yes we did. However, Heinz changed his story shortly after when we (and by we, I mean Analog) couldn't
get it working.

Quote:
Originally Posted by laboRHEinz
I've been checking out several binaries on my test rig over last weekend, not only the both I've sent you, trying many different ini-settings as well. Unfortunately though, I still wasn't able to get any of the patched versions working combined with voice chat. Thus, I'm less and less convinced now it's ever been any issue of your settings, I rather think now that you were right all the time. Somehow I probably mixed up the chain of events on my server i.e. the order of using a patched binary and functional voice chat. If that's really the case, I'm terribly sorry then for kinda loudmouthing and possibly having watered your mouths. My apologies.
As for the fix, I'm suspecting there isn't one. Prior to moving the server I spent a month trying to locate
a binary that specifically addressed this issue. Any that we found didn't work. So this is our second kick
at the can, and when Heinz said he had it working... there was joy. Then when we couldn't get it working,
he posted his "ha ha ha... made you look" thing (above). for this, I have banned him.

Of course I'm kidding, I extend the communities thanks to Heinz for all the help/work he put into our attempted
excommunication of the vile Voice_Max_Chatters bug. I'm not sure where we go from here; right now it's
either live with these crashes or disable voice chat on the server
mmhhmm... well yeah, mea culpa, sorry again. To let me look less like what I am (a moron, obviously), here's another slice of my PM (posted also because it might help finding the assistance I'm looking for):
Quote:
Originally Posted by laboRHEinz
[...]However, this is not the end of the road as for running an invulnerable server with voice chat enabled. There seems to be another way, namely by using iptables, as FuzzySlippers already proposed. Point is, the voice max chatters crash is not caused by DoS-attacks, [..] this kind of crash attack in fact is performed by only one single intentionally malformed packet. [removed hacker name] once published a proof of concept while also providing a simple script / executable to the public. I've upped it for you:
[link & instructions removed]
As simple as that, it's only one damn packet causing the server to crash. On the other hand, exactly this simplicity also is the chance to defend it, you'd 'just' have to set your firewall accordingly. Now, I've put 'just' in quotation marks by intention, because this is exactly what took me so long to reply here: I've been trying to set up iptables accordingly on my test server throughout the last damn whole weekend, but I didn't manage to... grrrmpff. All I got was this stupid "iptables: No chain/target/match by that name." message over and over again, no matter what I did. I've searched countless forums and even recompiled my kernel several times, but still. Actually, the command should be:
Code:
sudo iptables -A INPUT -p udp --dport 7777 -m length --length 40 -m string --hex-string '|000001082000|' --algo bm --from 27 --to 33 -j DROP
but my box (Ubuntu server 12.04 LTS) just wouldn't want to accept it.[...]
I'm still on this iptables track, I've even asked some of my colleagues (literally Linux pros) but they couldn't help out either. Perhaps anyone out there reading this could help getting this rule working?

Not sure whether length and string checking of each UDP-packet would lead to performance problems but it's at least worth a try. And performance issues could be avoided by a stateful firewall.
laboRHEinz is offline  
Old 11-22-2013, 08:37 PM   #45
dimshade
Getting there...

 
Join Date: May 2006
Location: Florida
Posts: 563
Default
Reply With Quote


22-Nov at 2137 on 4th round of Dria TMU.
__________________
"Conan! What is best in life?" ... "To crush your enemies, to see them driven before you, and to hear the lamentations of their women."
dimshade is offline  
Old 11-23-2013, 03:18 PM   #46
-Goose-
Getting there...
 
Join Date: Mar 2007
Posts: 321
Default
Reply With Quote


Quote:
Originally Posted by laboRHEinz
sudo iptables -A INPUT -p udp --dport 7777 -m length --length 40 -m string --hex-string '|000001082000|' --algo bm --from 27 --to 33 -j DROP
I tried this on Ubuntu 13.10 and it applied the rule just fine... (iptables version 1.4.18)

You might try creating a new chain and applying the rule to that.

EDIT: Also might want to check the chain is not lower case? sudo iptables -L -v
-Goose- is offline  
Old 11-23-2013, 04:28 PM   #47
Carpe Diem
seize this !! .l..

 
Carpe Diem's Avatar
 
Join Date: Apr 2006
Location: Vancouver
Posts: 7,577
Default
Reply With Quote


Quote:
Originally Posted by -Goose- View Post
Quote:
Originally Posted by laboRHEinz
sudo iptables -A INPUT -p udp --dport 7777 -m length --length 40 -m string --hex-string '|000001082000|' --algo bm --from 27 --to 33 -j DROP

I tried this on Ubuntu 13.10 and it applied the rule just fine... (iptables version 1.4.18)

You might try creating a new chain and applying the rule to that.

EDIT: Also might want to check the chain is not lower case? sudo iptables -L -v
I don't know what's going on here, but I like the sound of where it might go...


<-- nothing to do with post, just 'cuz...
__________________
Black holes are where God divided by 0. - Steven Wright






Carpe Diem is offline  
Old 11-23-2013, 05:23 PM   #48
dimshade
Getting there...

 
Join Date: May 2006
Location: Florida
Posts: 563
Default
Reply With Quote


Not sure if crash, but I cannot see the ONS or AS server.
__________________
"Conan! What is best in life?" ... "To crush your enemies, to see them driven before you, and to hear the lamentations of their women."
dimshade is offline  
Old 11-23-2013, 05:26 PM   #49
mistertropical
Just Registered
 
Join Date: Oct 2013
Posts: 57
Default
Reply With Quote


Where's the onslaught server????? :x
mistertropical is offline  
Old 11-23-2013, 05:28 PM   #50
mistertropical
Just Registered
 
Join Date: Oct 2013
Posts: 57
Default
Reply With Quote


Quote:
Originally Posted by dimshade View Post
Not sure if crash, but I cannot see the ONS or AS server.
your sig is my brother's favorite quote lol

freakin weirdos
mistertropical is offline  
Old 11-23-2013, 05:28 PM   #51
analog
Community Veteran

 
analog's Avatar
 
Join Date: Jun 2005
Location: Red Sox Nation
Posts: 2,677
Default
Reply With Quote


Rule added, let us know if you see any difference.

Quote:
Originally Posted by -Goose- View Post
I tried this on Ubuntu 13.10 and it applied the rule just fine... (iptables version 1.4.18)

You might try creating a new chain and applying the rule to that.

EDIT: Also might want to check the chain is not lower case? sudo iptables -L -v
analog is offline  
Old 11-23-2013, 05:28 PM   #52
WMD40
Got there...

 
WMD40's Avatar
 
Join Date: Mar 2007
Location: USA
Posts: 342
Default
Reply With Quote


Quote:
Originally Posted by mistertropical View Post
Where's the onslaught server????? :x
Probably hiding behind a firewall.
__________________
There are three kinds of men: The ones that learn by reading. The few who learn by observation. The rest of them have to pee on the electric fence and find out for themselves.
-Will Rogers
WMD40 is offline  
Old 11-23-2013, 05:55 PM   #53
WMD40
Got there...

 
WMD40's Avatar
 
Join Date: Mar 2007
Location: USA
Posts: 342
Default
Reply With Quote


Quote:
Originally Posted by analog View Post
Rule added, let us know if you see any difference.
-Players couldn't connect to the game server from the game.
-Game server advertising was still functioning, showing 22/32 player count.
-Gametracker update stalled beyond 22 minutes, last indicating a MMMU game run.
-Trace route could reach the game server.
__________________
There are three kinds of men: The ones that learn by reading. The few who learn by observation. The rest of them have to pee on the electric fence and find out for themselves.
-Will Rogers
WMD40 is offline  
Old 11-23-2013, 06:19 PM   #54
laboRHEinz
Just Registered
 
Join Date: Jan 2012
Posts: 18
Default
Reply With Quote


Quote:
Originally Posted by -Goose- View Post
I tried this on Ubuntu 13.10 and it applied the rule just fine... (iptables version 1.4.18)

You might try creating a new chain and applying the rule to that.

EDIT: Also might want to check the chain is not lower case? sudo iptables -L -v
Thanks a lot, sounds promising, gonna check it out tomorrow on my test server (even if it means having to freshly install the next Linux version ((super barf...))). I didn't expect any version conflicts since this rule / option was out already several years ago.

analog, you're probably a bit overhasty: your server seems to run on port 9000, thus, the option '--dport 7777' is wrong. --dport means destination port, so, if you really want to apply this firewall rule prior to any checking, you should type:

sudo iptables -A INPUT -p udp --dport 9000 -m length --length 40 -m string --hex-string '|000001082000|' --algo bm --from 27 --to 33 -j DROP

However, I wouldn't recommend applying any untested commands or iptables rules. Firewalls always are a bit headstrong.
laboRHEinz is offline  
Old 11-24-2013, 07:31 AM   #55
analog
Community Veteran

 
analog's Avatar
 
Join Date: Jun 2005
Location: Red Sox Nation
Posts: 2,677
Default
Reply With Quote


I added it as 9000 and another for 8500 for the AS server.

Quote:
Originally Posted by laboRHEinz View Post
Thanks a lot, sounds promising, gonna check it out tomorrow on my test server (even if it means having to freshly install the next Linux version ((super barf...))). I didn't expect any version conflicts since this rule / option was out already several years ago.

analog, you're probably a bit overhasty: your server seems to run on port 9000, thus, the option '--dport 7777' is wrong. --dport means destination port, so, if you really want to apply this firewall rule prior to any checking, you should type:

sudo iptables -A INPUT -p udp --dport 9000 -m length --length 40 -m string --hex-string '|000001082000|' --algo bm --from 27 --to 33 -j DROP

However, I wouldn't recommend applying any untested commands or iptables rules. Firewalls always are a bit headstrong.
analog is offline  
Old 11-24-2013, 02:42 PM   #56
Egg of Loon
aka:Makeen DeSilva
 
Egg of Loon's Avatar
 
Join Date: Oct 2008
Location: Kansas City, Missouri
Posts: 192
Default
Reply With Quote


Server crashed today 2:37 cst playing Magicisle.
Egg of Loon is offline  
Old 11-24-2013, 03:47 PM   #57
Pi
3.14159265358979323846,,

 
Pi's Avatar
 
Join Date: Apr 2006
Location: USA
Posts: 3,504
Default
Reply With Quote


'log: server not responding to ssh
__________________

...and there's the rest who are just jumping around like a bunch of half-drunk monkeys spamming and camping their little hearts out. ~Coyote

Pi is offline  
Old 11-24-2013, 04:47 PM   #58
analog
Community Veteran

 
analog's Avatar
 
Join Date: Jun 2005
Location: Red Sox Nation
Posts: 2,677
Default
Reply With Quote


Yes, we had some issues today, sorry... Kernel update and firewall update and everything should be back now.

Quote:
Originally Posted by Pi View Post
'log: server not responding to ssh
analog is offline  
Old 11-25-2013, 04:04 PM   #59
laboRHEinz
Just Registered
 
Join Date: Jan 2012
Posts: 18
Default
Reply With Quote


k, upgrading my test box from 12.04 to 12.10 did the trick, it now eats the rule (I'm gonna kill my so-called linux-pro colleagues tomorrow...). Hence I was finally able to check it, with a slight modification though: I used the -I option (for insert I guess) to place the rule in the first line instead of -A which adds it at the end of the rules list (possibly important, depending on your iptables set up).

At first, I used a vulnerable binary without this rule -> ran the hacker script -> server crashed.

Rule applied -> hacker script -> server didn't crash anymore, script returned just a timeout.

Voice chat was working (this time really ), no noticeable packetloss, server appeared in server browser as normal.

Thus, in fact, it should work as intended, unless there's another modification of this malformed packet. Therefore, it might be not a bad idea to remove the exact command from our former posts? You never know if there's a script kiddie with too much time out there, too much insight posted in public could backfire then.
laboRHEinz is offline  
Old 11-25-2013, 10:34 PM   #60
Mr.Crow
Server Sponsor

 
Join Date: Dec 2006
Location: Pennsylvania USA
Posts: 401
Default
Reply With Quote


Just crashed 11:32 est after playing desert junkyard, magicisle won the vote and we got evo v14
Mr.Crow is offline  
Reply


Go Back   Omnip)o(tentS Forums > SERVERS > Unreal Tournament > Onslaught

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Server crashes - Voice Carpe Diem Onslaught 25 09-20-2015 10:57 AM
Server crashes Carpe Diem Onslaught 280 08-23-2013 01:45 PM
Server crashes. Dr.Gonzo Onslaught 6 06-04-2012 03:59 PM
ONS Server crashes Carpe Diem Mappers' Corner 5 11-15-2010 03:28 PM
what causes crashes Wallace Humor 3 06-10-2005 03:12 PM


All times are GMT -5. The time now is 09:28 AM.