Re: [hlds] TF2 DDOS AS2_INFO attack
This... actually isn't a bad idea. It's a pain to implement, though, for a couple of reasons. First, the assumption by most on this thread is that it's a single guy operating from a single (or just a handful) of computers. They further assume that he's forging the source IP addresses so the requests look like they're coming from many many different machines. If this is true, there's no way to trace or block him based upon the information included in the packets he's creating. I think this assumption is wrong, as I'll explain below. Second, if this assumption is incorrect you need to find a way to identify each and every source and block them one at a time. Netblocks are at best a crude measure which risks blocking many legitimate clients. Such a process needs to be automated as much as possible or it's not effective. Now, why do I think that this is probably not coming from just a handful of sources? Simple. DDoS stands for Distributed Denial of Service, after all. Botnets are reaching incredible proportions. It's easy to rent as many as a quarter million compromised machines if you want to and you have the cash. Too cheap or too poor to rent someone else's network of infected PCs? No problem. Tools exist to build new malware and they're easy to come by if you're willing to start looking in the right places. All you have to do is build your bot code and figure out a way to get it loaded on 5,000, 10,000, or more PCs. After that, DDoS to your heart's content. Script kiddies do this _all_ _the_ _time_. So, when under attack your choices are: * Wait it out. * Work with your vendor to figure out a way block the attack in the first place. (Valve, obviously, in this case.) * Automate the process of identifying sources and filtering them out. * Cry a lot. Generally, I settle for a combination of the first and second options. If an attack gets bad enough, I work with my local ISP to implement the third. (My server is co-located in their datacenter and they're really good guys to work with.) Generally, some combination of tcpwrapper, netfilter, and iptables will do the job on my Linux server. Sometimes we find it easier to just block it at one of their routers so they don't have to deal with the traffic on their network. Every now and again, I find myself following the fourth option until I figure out what's going on and fall back on some combination of the first three options. :-) HTH. =JpS=SgtRock Date: Sat, 5 Sep 2009 11:33:44 -0700 From: Kyle Sanderson kyle.l...@gmail.com Subject: Re: [hlds] TF2 DDOS AS2_INFO attack To: Half-Life dedicated Win32 server mailing list hlds@list.valvesoftware.com Message-ID: a7fe91400909051133j64c0619evf87c5d76c7d72...@mail.gmail.com Content-Type: text/plain; charset=UTF-8 If you guys have root access, why are you not using netstat to grab his IP and table him? I've done this in the past and it's worked out pretty well for me. Kyle. On Sat, Sep 5, 2009 at 11:26 AM, Kenny Loggins kenny.logg...@clanao.com wrote: This guys ISP has to know dam well what he's doing. Its not had to see that packets that leave your network originate from IP's that are not even on your network. Maybe we need to track down the ISP and go after him.. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Claudio Beretta Sent: Saturday, September 05, 2009 12:57 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 DDOS AS2_INFO attack Or someone willing to take down a server.. and taking down other random ones just to avoid giving away his intentions. When did this attack started on your server? On mine it started at 4PM CEST (2PM UTC) BTW, this guy must be using spoofed addresses, since I'm being hit by approx 8 AS2_INFO requests every 5 minutes from unique IP addresses. On Sat, Sep 5, 2009 at 7:25 PM, Kenny Logginskenny.logg...@clanao.com wrote: Same here he's hitting one of my server also... I'm up for painting the wall's red with this guy when I find him... My guess is some new inexperienced server admin looking to take down the poplar servers so he can get people into his server... He'll make some good red paint! -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Garry Ilverz Sent: Saturday, September 05, 2009 11:30 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 DDOS AS2_INFO attack My server is also under this type of attack.. So Valve hasnt fixed it .. Or it is some new exploit. sv_max_queries_sec_global 1 doesnt help. Server's fps is still dropping and its lagging like hell :( On Sat, Sep 5, 2009 at 7:23 PM, Saul Rennison saul.renni...@gmail.comwrote: sv_max_queries_sec_global 1? Will make your server appear
Re: [hlds] Left 4 Dead Update Available
Will you PLEASE quit releasing your patches on Friday afternoon I'm getting sick of having to update my client and server before I can play. This is getting ridiculous! On Fri, Jan 23, 2009 at 5:13 PM, hlds-requ...@list.valvesoftware.comwrote: -- Message: 1 Date: Fri, 23 Jan 2009 13:53:11 -0800 From: Jason Ruymen jas...@valvesoftware.com Subject: [hlds] Left 4 Dead Update Available To: Half-Life dedicated Win32 server mailing list hlds@list.valvesoftware.com, hlds_li...@list.valvesoftware.com hlds_li...@list.valvesoftware.com, hlds_annou...@list.valvesoftware.com hlds_annou...@list.valvesoftware.com Message-ID: ec42140f113a234ea70d682a310d100a01d869e...@exchange07.valvesoftware.com Content-Type: text/plain; charset=us-ascii A required update for Left 4 Dead has been released. Please use hldsupdatetool to receive the update. The specific changes include: - Fixed an exploit with melee where swapping weapons ignored the intended delay between swings. - In Versus mode, the Tanks' health now reflects the damage he takes from burning. - Fixed an exploit related to the joinclass command Jason ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
[hlds] L4D: TK'ing becoming more of an issue
45 seconds timeout before leaving the spawn? What for? It can take a lot longer than that to get organized when playing with newbies or strangers. If you mean not just the initial spawn but leaving any safe house, I'm even less thrilled. Some of us need our bio breaks more frequently than others. After all, you don't buy beer, you rent it. :) Besides, a 45 second timer before leaving the spawn doesn't really address the problem you wish to solve (getting rid of griefers). Sadly, not a single major game engine that I'm aware of provides a good way of dealing with this issue out of the box. The good news is that we will have alternative methods of banning and kicking them once SourceMod has been adapted for L4D. Until then, we'll just have to accept that the best option is to only play with people we know. - Message: 3 Date: Sun, 07 Dec 2008 23:24:12 + From: [EMAIL PROTECTED] Subject: [hlds] L4D: TK'ing becoming more of an issue To: hlds@list.valvesoftware.com Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes I rent a server, but occasionally I have to join other servers without active administrators. In the past couple of days I've run across game degrading behavior stemming from pairs of team killers. They aren't autokicked nor vote kicked. Typically I just leave and find another lobby, but it happened twice in a gaming session and feel that it could be resolved fairly easily and quickly by Valve. If a player chooses not to leave a spawn area within 45 seconds, they should be auto-kicked. If a player chooses to shoot at a team player for 30 seconds (or a total of 25 health), they should be auto-kicked. There are probably other harsher rules, but should control some of the behavior in the game. It's become a more frequent problem and one that can't be resolved by a team that can't get a majority of the votes for a vote kick. -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Advert plugin for L4D?
Let's not oversell things, fellas. SourceMod's website /clearly/ states that the development branch that supports L4D is still considered to be alpha code. That means major features haven't been coded yet. Complete crashes and/or data corruption are to be expected even with features that are implemented. Therefore, I would strongly recommend not rolling it out unless you are volunteering to help the dev team debug their codebase. If you are in a position to help them out, by all means feel free. Just don't get pissed if there is major breakage. :) Message: 8 Date: Sat, 29 Nov 2008 15:53:45 +0100 From: Johan Andersson [EMAIL PROTECTED] Yes. http://www.sourcemod.net/ -- Message: 9 Date: Sat, 29 Nov 2008 15:54:23 +0100 From: Saint K. [EMAIL PROTECTED] Yes it has. www.sourcemod.net -- From: Philip Bembridge [EMAIL PROTECTED] Sent: Saturday, November 29, 2008 3:44 PM To: Half-Life dedicated Win32 server mailing list hlds@list.valvesoftware.com Subject: Re: [hlds] Advert plugin for L4D? Has sourcemod been ported to left 4 dead yet? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
[hlds] Email trimming WAS Lame Bitching
You'll note from my From: address that I'm using a Gmail account. However, I subscribe to the digest version, not the individual emails. It dramatically limits the number of emails from this list that I have to skim. However, it REALLY sucks when people don't bother to trim emails because I end up having to wade through pages and pages of repeatedly quoted material in order to read new posts. Please, everyone, START TRIMMING YOUR RESPONSES! It's a simple common courtesy that won't take more than a few seconds and it'll make life for many of us a lot easier. TIA -- Message: 2 Date: Wed, 26 Nov 2008 12:55:59 + From: Olly [EMAIL PROTECTED] Subject: Re: [hlds] Lame Bitching (a.k.a. Re: How about someserverinstructions and server.cfg) To: Half-Life dedicated Win32 server mailing list hlds@list.valvesoftware.com Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=UTF-8 Wow this is getting grossly off-topic. Use GMail, it will hide all quotes with a show quoted text link, so it doesn't matter where people write them, it also then keeps all emails in the same thread. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] How about some server instructions and server.cfg files?
On Tue, Nov 25, 2008 at 1:06 PM, [EMAIL PROTECTED]wrote: Message: 1 Date: Tue, 25 Nov 2008 17:09:54 - From: [EMAIL PROTECTED] Subject: Re: [hlds] How about some server instructions and server.cfg files? To: 'Half-Life dedicated Win32 server mailing list' hlds@list.valvesoftware.com Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii None of this is about documentation. It's about the server being done in a certain way, and you wishing it was different. Some of the things you are talking about make good sense to me (there should be a proper lobby for direct connect / steam group joins, although this is a client issue not a server one). Some of them should not imo be possible without a server-side mod (like changing game behaviour like the amount of zombies; can't remember offhand if that exists as a cheat command atm or not). Some of them make no sense (like wanting to limit to coop or versus only - what's supposed to happen after a versus lobby has tried to connect to a server that's restricted the maps to coop only?) [BIG snip] You're looking at it from the wrong point of view. I've been managing all kinds of servers both as a hobby and professionally for about 25 years. Valve's lack of documentation has historically been pretty bad in comparison to the other app- and game- servers that I've run over that time. L4D seems to take that lack of documentation to an entirely new level. In addition, there does seem to have been no thought put into what server admins (you know, the guys who actually own/rent/maintain the boxes that people play on) might want in terms of control. For example, take the lack of documentation (or capability, no way to tell /because/ we don't have any doc) concerning a simple co-op only or versus only option. I may want to set up co-op only because my testing has found that co-op only requires less CPU and/or RAM resources. (That does seem to be the case, btw, based upon what I've seen for load averages when people play different games.) Or, I may want to set up co-op only server(s) and versus only server(s) because I know that I have people who play on my server who happen to prefer one or the other. You make this statement: Some of them make no sense (like wanting to limit to coop or versus only - what's supposed to happen after a versus lobby has tried to connect to a server that's restricted the maps to coop only?) To begin with, if there were clear documentation we'd know if it were possible to prevent that from ever happening in the first place. In addition, why would a lobby (I'm still unclear what a lobby is supposed to do that a decent server browser can't) want to connect to a server that doesn't want the traffic? Let me restate that a bit... why would any player want to connect to a server that wasn't set up the way that he wanted to play. Further, why should I let a player or any group of players dictate to me how my server will be run? I paid for it, I maintain it. I don't charge anyone for the privilege of playing on it. I do, however, expect that anyone who plays on my server will play by my rules or leave. I've got 4 L4D servers running right now on a dual CPU box. 3 of the servers are public and 1 is limited to members of a single Steam group. I did my best to set them up as co-op only. I even went so far as to delete the versus maps only to see the automatic update process put them back in (I know, stupid sysadmin trick #47! lol). I've found that when players vote two or more of the servers to run versus maps, there's lag that shows up on all servers. I don't like it, but there it is. Now, take my little example and expand it to cover a vendor renting out hundreds or thousands of servers. If they can't restrict the number of players connecting, then they have no control over the level of service that they provide all of their customers. Simply going from all co-op to all versus doubles the amount of bandwidth that they need to budget because it doubles the number of players. That's such a highly variable demand that it essentially blows their capacity planning out of the water. No vendor is going to be happy with that kind of uncertainty, and will have to find other ways to limit what people can do with an L4D server. No, the lack of documentation, as illustrated in this one simple example, has huge implications for every server admin. Personally, I think Valve is being very shortsighted. If they cause server admins enough pain, they simply will find other games to host. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] hlds Digest, Vol 9, Issue 262
Date: Tue, 25 Nov 2008 16:31:23 -0500 From: Mike O'Laughlen [EMAIL PROTECTED] Subject: Re: [hlds] How about some server instructions and server.cfg files? The whole approach to the game was to allow the players to control the dynamics of their sessions. TF2 and other games in the past were geared towards the server admins. L4D lobbies solve a lot of issues. Oh, wow. Are you seriously saying this is a good idea? The guys who own the very infrastructure that Valve depends upon are just supposed to give up control of their computers?? How on Earth did anyone at Valve ever think this was a good idea? lol Sigh. OK, I know what I have to do, then. If I want to run co-op servers only, I'm going to have to take one or more of several steps: 1. My L4D servers that are set to public will probably go private. 2. The Versus maps have to come off the hard drive. 3. Auto update has to be disabled. If I want to run versus servers only, step 2 becomes remove the co-op maps. What an awkward, clumsy way to handle what should have been a simple game mechanic. Heck, it would have been trivially easy for another variable or two to be added to the lobby system. One to indicate co-op or versus mode could have been a simple Boolean response from a lobby query would have made this transparent to both server admins and players alike. I'll keep my handful of L4Dservers on my hardware up for the time being. However, I'm going to think long and hard about how I want to promote them beyond my circle of friends. Also, I'm going to think long and hard about whether or not I choose to host another Valve game. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] How about some server instructions and server.cfg files? (shoskins73)
-- Message: 6 Date: Tue, 25 Nov 2008 15:21:06 -0800 From: shoskins73 [EMAIL PROTECTED] Subject: Re: [hlds] How about some server instructions and server.cfg files? Fact is, Valve have already publicly stated (when the demo was out) and again by Chet Faliszek that they are aware of the issues, they are working to implement the Server Browser and surrounding functionality back into the game while maintaining the Lobby system. So your statement here is in-fact incorrect. Do they want to use the Lobby system, yes. Do they want to stiff Server admins and the community overall? No. This is great news, if true. Do you have any links? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] hlds Digest, Vol 9, Issue 129
First, can we PLEASE start deleting all the extraneous stuff? It's bad enough at the best of times. It's /really/ awful when someone's mailer mungs up the margins. Second, Jake: Hasn't Timothy done just what was asked? He said what he wants to see in a browser and explained why. No threats to dump Valve. No calling them names. Just a succinct expression of his needs. BTW, I'm in full agreement with Timothy. A nice, simple, tabbed server brower with filtering, please. Nothing else needed or wanted. Thanks. (MASSIVE snip) Message: 2 Date: Wed, 12 Nov 2008 15:50:39 -0500 From: Jake Skenna [EMAIL PROTECTED] Subject: Re: [hlds] Status To: Half-Life dedicated Win32 server mailing list hlds@list.valvesoftware.com Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=KOI8-R Erik has already explained what valve is doing and why they are doing it. They are not changing it because you don't like matchmaking. This is not a list to whine about you losing faith in a company. Feel free to make a comment on what they are trying to do at the moment, but people are not here to listen to whining. On Wed, Nov 12, 2008 at 3:43 PM, Timothy L Havener [EMAIL PROTECTED] wrote: Fine. You want constructive criticism? Here it is. Keep it simple. Stop trying to reinvent the wheel. Give us a simple single tabbed server browser with a filter system and stop with this console copycat garbage. I am a PC gamer for a reason. If I wanted an xbox I would go out out and buy one. (Another MASSIVE snip) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
[hlds] TF2's popularity definitely slipping fast WAS Internet vs. Custom Tab
I've been following the custom tab topic through the digest for a few weeks. In general, I agree that the custom tab seems like a really bad idea. However, Valve probably figured that they had to do _something_ to try to get players back. Take a look at the history graph that Zeitgeist keeps for online FPSes: http://www.onlinegamingzeitgeist.com/games/ TF2 has gone from a high of 3rd overall to 19th.It has seen its online player count go from from a high of 11,000 players back in late October down below 1,400 players today, and the slide shows no sign of stopping. It's slid so far, you have to go down to the bottom graph in order to get a good view of its current status. Meanwhile, CS and CS: are dominating the charts with online player counts at 95,000 and 50,000 respectively. (#3 CoD4 is hovering a bit below 15,000.) I don't think it's any single event that's driving the player count down. Personally, I just don't find the game as much fun to keep playing over the long haul as I thought I would. Based upon this chart, I'm clearly not alone in feeling that way. I wish I could put my finger on why the mod is doing so badly. Personally, I thought the original TF on QW was a fantastic mod. I played it to death and played a lot of TFC, too. (TFC, btw, is chugging along with just under 1,000 players.) The implication of all this is that we TF2 server administrators have to ask ourselves whether it's worth our time to keep our servers up if we can't keep them populated. The custom tab fiasco hasn't helped what is clearly a bad situation. Personally, I'm just about ready to shut my TF2 server down and find a game that people actually want to play. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] TF2's popularity definitely slipping fast
You're confusing snapshots with weekly averages. It's been my experience that weekly averages tend to run lower than daily or up to date numbers. As to how he gathers his data? From Zeitgeist's About page: What the scripts on this website do is visit the Gamespy Stats page once an hour and grab its data. Then, at the end of each day, new graphics are generated, updating the page. With these graphics, it's possible to see how a the online presence of certain games - and its community, consequentially - is born, increases, decreases, and dies. This is not a 100% scientifically accurate representation, though. No online gaming stats are; in this case, this one only covers the servers known to GameSpy (regardless of server connection client). Other sources with similar information will have slightly different results. Still, I think the overall player flow is pretty much enough to detect the transformations on online gaming usage. I've checked GameSpy's snapshot data against the two that you linked on more than one occasion. Generally, I've found that the three sites track reasonably closely. I'd wager that if you took the time to collect data from Server Spy and Game Monitor the same way that Zeitgeist has done for GameSpy, you'd get very similar results. I'm positive that the broad trends would definitely track very closely. Another source: http://www.serverspy.net/site/stats/ -Dustin On Tue, Apr 8, 2008 at 11:56 AM, Dustin Wyatt [EMAIL PROTECTED] wrote: Zeitgeist is WAY off. As of right now, other sources like game-monitor.com are reporting 6-7 thousand players and in the evenings (USA) it hits 12k. -Dustin ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds