Server Crasher
Axle
Join Date: 2002-11-19 Member: 9320Members
<div class="IPBDescription">Ban this guy pls</div> Okay, I was playing a game of NS on MFOTS server today and this guy comes in and threatens a server crash if he didn't get his way. Well he crashed it and admitted it, then demanded his way again. So, I got the status and dumped the console to have proof. His id is <b>1496118</b>.
I attatched the condump to the post as proof.
(TEAM) PORSKYTOO: thx for welding
gooze: teams
PORSKYTOO killed NSPlayer with heavymachinegun
(TEAM) Mr.Bear: oh well, anyways i know we are owning dem
<b>Nasty Terrorist: EVEN THE **obscenity** TEAMS YOU AMERICANS</b>
(TEAM) EflfK: reactor
[bd]-raziel killed -|RtM|-**Atilla* with heavymachinegun
(TEAM) EflfK: oine marine go via portal
PORSKYTOO killed Nasty Terrorist with heavymachinegun
(TEAM) EflfK: uging
Eric the Red killed self with phasegate
Mr.Bear: lagg
<b>Nasty Terrorist: EVEN TEAMS NOW OR SERVER CRASH</b>
(TEAM) Mr.Bear: long time since they attacked
endonosis killed self with turret
(TEAM) EflfK: they are baically finished
-=MDK=- Axle overflowed
]retry
Commencing connection retry to 146.20.89.1:27016
Connecting to 146.20.89.1:27016...
Connection accepted by 146.20.89.1:27016
BUILD 2056 SERVER (0 CRC)
Server # 15
[bd]-raziel: oh tuff
Netchan_CheckForCompletion: Lost/dropped fragment would cause stall, retrying connection
Commencing connection retry to 146.20.89.1:27016
Connecting to 146.20.89.1:27016...
Connection accepted by 146.20.89.1:27016
BUILD 2056 SERVER (0 CRC)
Server # 16
-=MDK=- Axle has joined the game
-=MDK=- Axle has joined the game
Xcom has joined the game
Xcom has joined the game
-|RtM|-**Atilla* has joined the game
-|RtM|-**Atilla* has joined the game
Eric the Red has joined the game
Eric the Red has joined the game
YAMOTO has joined the game
YAMOTO has joined the game
octo Sneaker has joined the game
octo Sneaker has joined the game
mattw has joined the game
mattw has joined the game
EflfK has joined the game
EflfK has joined the game
]bind f8
"f8" = "hotkey88"
Unit 2 has joined the game
Unit 2 has joined the game
Big Cheeky has joined the game
Big Cheeky has joined the game
Nyogtha has joined the game
Nyogtha has joined the game
]bind f10 "condump condump"
Destroyer dropped
Unknown command: hotkey88
Mr.Bear has joined the game
Mr.Bear has joined the game
BUILD 2056 SERVER (0 CRC)
Server # 15
[bd]-raziel: oh tuff
Netchan_CheckForCompletion: Lost/dropped fragment would cause stall, retrying connection
Commencing connection retry to 146.20.89.1:27016
Connecting to 146.20.89.1:27016...
Connection accepted by 146.20.89.1:27016
BUILD 2056 SERVER (0 CRC)
Server # 16
-=MDK=- Axle has joined the game
-=MDK=- Axle has joined the game
Xcom has joined the game
Xcom has joined the game
-|RtM|-**Atilla* has joined the game
-|RtM|-**Atilla* has joined the game
Eric the Red has joined the game
Eric the Red has joined the game
YAMOTO has joined the game
YAMOTO has joined the game
octo Sneaker has joined the game
octo Sneaker has joined the game
mattw has joined the game
mattw has joined the game
EflfK has joined the game
EflfK has joined the game
]bind f8
"f8" = "hotkey88"
Unit 2 has joined the game
Unit 2 has joined the game
Big Cheeky has joined the game
Big Cheeky has joined the game
Nyogtha has joined the game
Nyogtha has joined the game
]bind f10 "condump condump"
Destroyer dropped
Unknown command: hotkey88
Mr.Bear has joined the game
Mr.Bear has joined the game
console dumped to C:\GAMES\HALF-LIFE\ns\condump000.txt
<b>Big Cheeky: ME MARINES OR I CRASH AGAIN</b>
EflfK: who did that?
]bind f8
"f8" = "hotkey88"
Destroyer has joined the game
Destroyer has joined the game
]bind f9
"f9" is not bound
<b>Big Cheeky: MY TURN FOR MARINES</b>
]bind f9 status
hostname: MFOTS.com Natural Selection v1.02
version : 46/1.1.1.0 2056 insecure
tcp/ip : 146.20.89.1:27016
map : ns_bast at: 0 x, 0 y, 0 z
players : 17 active (20 max)
# name userid uniqueid frag time ping loss adr
# 1 "Pred" 283 2593017 0 01:05 66 1
# 2 "octo Sneaker" 290 258182 0 01:05 176 0
<b># 3 "Big Cheeky" 271 1496118 0 01:24 148 0</b>
# 4 "YAMOTO" 282 18374 0 01:05 106 0
# 5 "-=MDK=- Axle" 284 44337 0 01:05 91 0
# 6 "-|RtM|-**Atilla*" 285 1332807 0 01:05 95 0
# 7 "Unit 2" 293 1884443 0 00:55 90 0
# 8 "Xcom" 287 321711 0 01:05 72 0
# 9 "endonosis" 288 31426 0 01:05 127 0
#10 "Eric the Red" 289 2111388 0 01:05 117 1
#11 "Nyogtha" 211 449602 0 1:16:42 183 0
#12 "Destroyer" 296 2819881 0 00:20 156 1
#13 "EflfK" 291 1672148 0 01:05 105 0
#14 "mattw" 292 1586969 0 01:04 186 0
#15 "Mr.Bear" 294 1378294 0 00:43 197 0
17 users
I attatched the condump to the post as proof.
(TEAM) PORSKYTOO: thx for welding
gooze: teams
PORSKYTOO killed NSPlayer with heavymachinegun
(TEAM) Mr.Bear: oh well, anyways i know we are owning dem
<b>Nasty Terrorist: EVEN THE **obscenity** TEAMS YOU AMERICANS</b>
(TEAM) EflfK: reactor
[bd]-raziel killed -|RtM|-**Atilla* with heavymachinegun
(TEAM) EflfK: oine marine go via portal
PORSKYTOO killed Nasty Terrorist with heavymachinegun
(TEAM) EflfK: uging
Eric the Red killed self with phasegate
Mr.Bear: lagg
<b>Nasty Terrorist: EVEN TEAMS NOW OR SERVER CRASH</b>
(TEAM) Mr.Bear: long time since they attacked
endonosis killed self with turret
(TEAM) EflfK: they are baically finished
-=MDK=- Axle overflowed
]retry
Commencing connection retry to 146.20.89.1:27016
Connecting to 146.20.89.1:27016...
Connection accepted by 146.20.89.1:27016
BUILD 2056 SERVER (0 CRC)
Server # 15
[bd]-raziel: oh tuff
Netchan_CheckForCompletion: Lost/dropped fragment would cause stall, retrying connection
Commencing connection retry to 146.20.89.1:27016
Connecting to 146.20.89.1:27016...
Connection accepted by 146.20.89.1:27016
BUILD 2056 SERVER (0 CRC)
Server # 16
-=MDK=- Axle has joined the game
-=MDK=- Axle has joined the game
Xcom has joined the game
Xcom has joined the game
-|RtM|-**Atilla* has joined the game
-|RtM|-**Atilla* has joined the game
Eric the Red has joined the game
Eric the Red has joined the game
YAMOTO has joined the game
YAMOTO has joined the game
octo Sneaker has joined the game
octo Sneaker has joined the game
mattw has joined the game
mattw has joined the game
EflfK has joined the game
EflfK has joined the game
]bind f8
"f8" = "hotkey88"
Unit 2 has joined the game
Unit 2 has joined the game
Big Cheeky has joined the game
Big Cheeky has joined the game
Nyogtha has joined the game
Nyogtha has joined the game
]bind f10 "condump condump"
Destroyer dropped
Unknown command: hotkey88
Mr.Bear has joined the game
Mr.Bear has joined the game
BUILD 2056 SERVER (0 CRC)
Server # 15
[bd]-raziel: oh tuff
Netchan_CheckForCompletion: Lost/dropped fragment would cause stall, retrying connection
Commencing connection retry to 146.20.89.1:27016
Connecting to 146.20.89.1:27016...
Connection accepted by 146.20.89.1:27016
BUILD 2056 SERVER (0 CRC)
Server # 16
-=MDK=- Axle has joined the game
-=MDK=- Axle has joined the game
Xcom has joined the game
Xcom has joined the game
-|RtM|-**Atilla* has joined the game
-|RtM|-**Atilla* has joined the game
Eric the Red has joined the game
Eric the Red has joined the game
YAMOTO has joined the game
YAMOTO has joined the game
octo Sneaker has joined the game
octo Sneaker has joined the game
mattw has joined the game
mattw has joined the game
EflfK has joined the game
EflfK has joined the game
]bind f8
"f8" = "hotkey88"
Unit 2 has joined the game
Unit 2 has joined the game
Big Cheeky has joined the game
Big Cheeky has joined the game
Nyogtha has joined the game
Nyogtha has joined the game
]bind f10 "condump condump"
Destroyer dropped
Unknown command: hotkey88
Mr.Bear has joined the game
Mr.Bear has joined the game
console dumped to C:\GAMES\HALF-LIFE\ns\condump000.txt
<b>Big Cheeky: ME MARINES OR I CRASH AGAIN</b>
EflfK: who did that?
]bind f8
"f8" = "hotkey88"
Destroyer has joined the game
Destroyer has joined the game
]bind f9
"f9" is not bound
<b>Big Cheeky: MY TURN FOR MARINES</b>
]bind f9 status
hostname: MFOTS.com Natural Selection v1.02
version : 46/1.1.1.0 2056 insecure
tcp/ip : 146.20.89.1:27016
map : ns_bast at: 0 x, 0 y, 0 z
players : 17 active (20 max)
# name userid uniqueid frag time ping loss adr
# 1 "Pred" 283 2593017 0 01:05 66 1
# 2 "octo Sneaker" 290 258182 0 01:05 176 0
<b># 3 "Big Cheeky" 271 1496118 0 01:24 148 0</b>
# 4 "YAMOTO" 282 18374 0 01:05 106 0
# 5 "-=MDK=- Axle" 284 44337 0 01:05 91 0
# 6 "-|RtM|-**Atilla*" 285 1332807 0 01:05 95 0
# 7 "Unit 2" 293 1884443 0 00:55 90 0
# 8 "Xcom" 287 321711 0 01:05 72 0
# 9 "endonosis" 288 31426 0 01:05 127 0
#10 "Eric the Red" 289 2111388 0 01:05 117 1
#11 "Nyogtha" 211 449602 0 1:16:42 183 0
#12 "Destroyer" 296 2819881 0 00:20 156 1
#13 "EflfK" 291 1672148 0 01:05 105 0
#14 "mattw" 292 1586969 0 01:04 186 0
#15 "Mr.Bear" 294 1378294 0 00:43 197 0
17 users
Comments
dude, who is your teacher and what books did you read? dont mind me going off topic for a sec.
The crashes seemed to be related to an overflow of some type, buy I'm not sure what command the people were using to overflow the server. The crashes reminded me of the fun mode exploits in AdminMod.
Sometimes the flood would not crash the server but make the server to go insane and start flooding everyone causing lots of flush_packets and strange reactions from server commands until a restart was required or the server simply crashed out.
Anyhow, I installed HLGuard and I haven't been crashed since, dunno if it blocked the exploit or what but it seems to have taken care of the issue. The server has been kinda dead (even though the pings are doing alot better) durring the day and early morning, so less people/time for me to test with. I'm logging everything now to see why people are leaving, going from full to empty in an hour seems strange to me.
Do you know what mods MFOTS has installed? I think the problem is more related to the mods installed than the server its self, although I could be wrong...
Sure enough I'd banned him the other day. He came on the server with the name "Kurt Cobain is god" and just started spamming it over and over until I kicked and banned him.
Strange guy. Glad he's gone after reading this.
BUILD 2056 SERVER (0 CRC)
Server # 15
BUILD 2056 SERVER (0 CRC)
Server # 16
etc... he just made it drop all the clients some how
What the **obscenity**? shut up, nic cards have 100 meg/s bandwidth, this person neither crashed the server nor ping flooded to over 100 meg/second
The problem most likely, if it's an overflow is, he sent some command which broadcasts to all, I believe say commands can do it, and send lots, fast, this causes too much data to the client, therefore overflows. Admin mod's "glow red" etc is extremely susceptable because of the amount of text it sends back.
I COULD USE THE SAME STORY AGAINST YOU AND STICK YOUR WON ID AT THE TOP SO EVERYONE BANS YOU.
I COULD USE THE SAME STORY AGAINST YOU AND STICK YOUR WON ID AT THE TOP SO EVERYONE BANS YOU.<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
lol, and why DON't you want him banned? maybe it's you? or perhaps a friend?
I COULD USE THE SAME STORY AGAINST YOU AND STICK YOUR WON ID AT THE TOP SO EVERYONE BANS YOU.<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
lol, and why DON't you want him banned? maybe it's you? or perhaps a friend?<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Because all it takes is for someone to insert someones WON ID they don't like and that's it. Banned. Would you like that done to you? At least provide some demos and screenshots ffs.
Of course you don't have to take anyones word for it. Looks like he's working his way around all the servers so I'm sure he'll get to everyone eventually <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' valign='absmiddle' alt='smile.gif'><!--endemo-->
This guy did it multiple times.
and you can't destroy structures with ff off anymore...flay fixed it! <!--emo&::asrifle::--><img src='http://www.unknownworlds.com/forums/html/emoticons/asrifle.gif' border='0' valign='absmiddle' alt='asrifle.gif'><!--endemo-->
There isn't any certain programs, only trojans can do DDoSing. Usually controlled by a IRC chat server.
For anyone wanting to know how it works here is the old school version : <a href='http://grc.com/dos/grcdos.htm' target='_blank'>http://grc.com/dos/grcdos.htm</a>
here is the new school version : <a href='http://grc.com/dos/drdos.htm' target='_blank'>http://grc.com/dos/drdos.htm</a>
Blocking ICMP messages is the easiest way to stop the old school, thus elimating the DDoS threat. beause you just ignore ping msgs.
100mb bandwidth is its capacity, not theory. it all depends on the software: encapsulation methods, header lengths, challange/response methods, TCP ACKs and SYNs. Too many factors there. But 100mb is its total bandwidth, but blame the software, not the hardware most of the time.
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->shut up, nic cards have 100 meg/s bandwidth, this person neither crashed the server nor ping flooded to over 100 meg/second<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
its not 100meg/sec, its 100M<b>bits</b>/sec.
I COULD USE THE SAME STORY AGAINST YOU AND STICK YOUR WON ID AT THE TOP SO EVERYONE BANS YOU.<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
lol, and why DON't you want him banned? maybe it's you? or perhaps a friend?<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Because all it takes is for someone to insert someones WON ID they don't like and that's it. Banned. Would you like that done to you? At least provide some demos and screenshots ffs.<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
SO, are you the same "Hardee" that wreaked havoc on the Thievery UT mod when that first came out too?
Yeah, I remember you.
<a href='http://www.ttlg.com/forums/showthread.php?s=&threadid=54860' target='_blank'>http://www.ttlg.com/forums/showthread.php?...&threadid=54860</a>
<a href='http://www.ttlg.com/forums/showthread.php?s=&threadid=56582' target='_blank'>http://www.ttlg.com/forums/showthread.php?...&threadid=56582</a>
<a href='http://www.ttlg.com/forums/showthread.php?s=&threadid=56432' target='_blank'>http://www.ttlg.com/forums/showthread.php?...&threadid=56432</a>
Coincidence another "Hardee" shows up in a NS thread about hacking servers? i think not.
I can't, I have a list of 10 people I have banned, I can provide con dumps if you like, for the whole day no less, but I can't give you screenshots or demos because I'm not IN the server, I'm monitoring my server thru HLSW.
We need some way to organize this. We need a list of server ops who can prove they are server ops. Give IP's send NS Guides in there and have them talk to the person and make sure that was really him, make sure his server is really a server, stable and good pings with a reasonable player limit and that it's still there the next day, that the admins aren't kicking people for no reason etc.
And then we need to make them a private password protected forum where they can share info like this just on their word. The forum would have to have some set rules like you can't suggest banning someone because they cuss since a lot of people allow cussing on thier server (myself included) and you'd have to post a description of what they did, etc. Proof would be nice, but lets face it, no system anywhere is perfect. Innocent people get convicted, you just have to do your best to prevent it.
We do need to do something though. For one, I'd like a list of people who come on servers and yell slurs, I'd like a list of people who crash server, etc. My server dumped all players twice in a row last night. I don't know why or how. All I know is it didn't crash or reboot, it just dumped everyone twice. When I logged in to see what was going on (to see if it would dump me) it was fine and it filled back up again a few hours later and nothing has happened since. I believe someone did it on purpose, but hell if I know who.
I have played on some of the servers of people who post WonID's here, if I've played on their server and it was a good server and no admin kicked me for saying a bad word or for killing too many people as a <!--emo&::skulk::--><img src='http://www.unknownworlds.com/forums/html/emoticons/skulk.gif' border='0' valign='absmiddle' alt='skulk.gif'><!--endemo--> then I listen to them when they post a name to be banned. Not always, and usually not if they post a list of names and ID's and say "these people all did bad stuff!" and not if they banned someone for something silly like cussing, but if I've played there and they tell me that this guy crashed their server or logged on and spammed racial slurs over the mic, or whatever, yeah I consider it.
We need something stable, something at least a little more secure. Yes, some people who don't deserve it will probably get banned. Yes sometimes people's roommates/brothers/sisters/uncle bob's really do get on their computer and do things that get those people in trouble. And yes sometimes a server admin is just gonna lie to get someone they don't like banned. But with NS guides constantly hopping from server to server seeing things and monitoring things we could probably keep a self-policing forum of people we could relatively trust when they give ID"s that should be banned.
The fact is, it doesn't do a lot to discourage jerks and racists and bigots and grief players from acting that way if all I can do is ban them from my server. There's too many others coming up too fast. And too many admins, over time, will stop paying close attention to their servers.
Look what happened to CS.
We need some kind of blacklist, if for no other reason than to at least hope to discourage a handful of people from behaving like this.
Just my two cents.
Of course: 277679.
If you have Admin-Mod, I believe you can prevent this by adding these to your users.ini file:
//ANTI-EXPLOIT RESERVES
*%:gnfuth8gfdsg49hjgre:16384
~:fh43sithiegfdgjr535:16384
`DEAD:h34yfgdsh54ht78:16384
Maybe it will prevent it; maybe it won't...couldn't hurt...
I didn't quote the whole post because i wanted to keep the length down, but you're right about everything. Thats what i ment by theory, but there are differences in the bios in certain nic cards. So hardware can be to blame.
Also someone on my server today said something interesting......
"Don't go in the cc the server will crash!"
two seconds later my server crashed.
So whats up with that?
I have tried it in my own server and it caused all clients to be booted.