Nostradamus
Member
- Joined
- Jun 2, 2007
- Messages
- 219
- Reaction score
- 6
Ok, i've resolved make this public. This was posted in private development forum on OTFans, but i think it is good to warn everyone about this problem. Remember that this was solved some time ago by Sim0ne, but old servers still can have this bug.
The problem
All OTServs accepts one connection and never desconnects until they recieves the first packet from the client, with that, this connection remains active. The default timeout from system activation is 2 hours. After that period, the system closes the connection if there is no send(). So, the server waits for a send() but this will not be sended. A spam attack from 5 minutes with 60 connections per second results in socket error or memory leak.
Bandwidth
It's quite easy to crash a server using only 20kb/s upload.
Avoiding
Professional firewalls can avoid those calls, like CISCO GUARD or some anti-Ddos services from max security. In general, it is so hard to find that on OTs, because of the price. And this can only prevent in Linux servers or making a server that uses close() in the connection after 10 seconds of waiting.
The system cannot work on Windows, since it uses sockets at the same level of the network hardware, something that Windows does not give possibilites since it might crash while handling if so many sockets. In *nix systems, there is a kernel API for socket sending.
NAT modems and active firewalls can crash with so many connections, since NAT tries to proccess all those connections.
Since there is socket usage in a lower level, Linux kernel thinks that those bytes are strange, and then, closes the connections since it is unknown (does not appear on the socket register of Linux). For that, you have to create rules for the Linux firewall not block it.
Time
The success time of an attack depends of the internet, firewall and computer configurations, but we can say that 99% of the servers are with that problem in the time of that was written.
Program
Since to make that we need to edit TCP/IP directives, and Windows does not allow precisely, it is only possible to make for *nix systems. Dark-bart did that and tested with a lot of servers to comprove this theory.
The problem
All OTServs accepts one connection and never desconnects until they recieves the first packet from the client, with that, this connection remains active. The default timeout from system activation is 2 hours. After that period, the system closes the connection if there is no send(). So, the server waits for a send() but this will not be sended. A spam attack from 5 minutes with 60 connections per second results in socket error or memory leak.
Bandwidth
It's quite easy to crash a server using only 20kb/s upload.
Avoiding
Professional firewalls can avoid those calls, like CISCO GUARD or some anti-Ddos services from max security. In general, it is so hard to find that on OTs, because of the price. And this can only prevent in Linux servers or making a server that uses close() in the connection after 10 seconds of waiting.
The system cannot work on Windows, since it uses sockets at the same level of the network hardware, something that Windows does not give possibilites since it might crash while handling if so many sockets. In *nix systems, there is a kernel API for socket sending.
NAT modems and active firewalls can crash with so many connections, since NAT tries to proccess all those connections.
Since there is socket usage in a lower level, Linux kernel thinks that those bytes are strange, and then, closes the connections since it is unknown (does not appear on the socket register of Linux). For that, you have to create rules for the Linux firewall not block it.
Time
The success time of an attack depends of the internet, firewall and computer configurations, but we can say that 99% of the servers are with that problem in the time of that was written.
Program
Since to make that we need to edit TCP/IP directives, and Windows does not allow precisely, it is only possible to make for *nix systems. Dark-bart did that and tested with a lot of servers to comprove this theory.
