Anyone know what's going on exactly? A solution to these attacks?

Page 1 of 8 12345678 LastLast
Results 1 to 15 of 109
  1. #1
    Valued Member NvrGnaStp is offline
    MemberRank
    Jan 2012 Join Date
    Escanaba, MILocation
    111Posts

    talk Anyone know what's going on exactly? A solution to these attacks?

    So lately damn near every server has been attacked. From personal experience we have stopped it temporarily by changing the ports the server uses and blocking inbound connections through certain ports using the firewall, but this has only proven to be a temporary, couple hour fix. Has anyone come up with a permanent solution? It sounds like even Gamigo was attacked earlier, with a 2 hour downtime, and ragezone has been offline twice in the past 48 hours. When we first stopped the attack I think we upset the attacker because moments later we ran into a DoS attack, recognized by commview and took it out within minutes. Now consider the low population of the server, we are really not a threat to anyone so I assume it is the same person. Anyone else have more information to help us sort this out?


  2. #2
    Member SeanLiT is offline
    MemberRank
    Feb 2013 Join Date
    68Posts

    Re: Anyone know what's going on exactly? A solution to these attacks?

    If it's some dood going around dosing servers there's nothing much you can do other than purchase protection. I don't really understand what is really going on but is he attacking in on ports to make a service crash or something? I quickly read another thread about it...

  3. #3
    Valued Member NvrGnaStp is offline
    MemberRank
    Jan 2012 Join Date
    Escanaba, MILocation
    111Posts

    Re: Anyone know what's going on exactly? A solution to these attacks?

    It's not a dos attack... It's some sort of attack on the port of either the login, or the world manager service which causes the world manager service to crash, and the firewall doesn't help.

  4. #4
    Account Upgraded | Title Enabled! munozvo5 is offline
    MemberRank
    Jan 2009 Join Date
    275Posts

    Re: Anyone know what's going on exactly? A solution to these attacks?

    Matthew 24:14: And this gospel of the kingdom will be preached in the whole world as a testimony to all nations, and then the end will come.

  5. #5
    Success and nothing less Manova is offline
    MemberRank
    Nov 2011 Join Date
    936Posts

    Re: Anyone know what's going on exactly? A solution to these attacks?

    From what you're describing, it sounds like packet manipulation. I could be wrong though. :)

  6. #6
    Member hannesa is offline
    MemberRank
    Apr 2013 Join Date
    87Posts

    Re: Anyone know what's going on exactly? A solution to these attacks?

    It is a Invalides packet which is sent to the World Manager and this brings to the crash.
    The solution is pretty simple, although perhaps only temporarily until the aggressor program be rewritten.

    But I think this attack is very fair in contrast to those which paralyze the whole server.

    I'm sorry for this broken english but im very tired right now and used google translate

  7. #7
    Rada Rada. Delius is offline
    MemberRank
    Jul 2012 Join Date
    AustraliaLocation
    431Posts

    Re: Anyone know what's going on exactly? A solution to these attacks?

    From what I've viewed from starring at TCPView the attacker is under a Tor Proxy that seems to be on a very specific timer of roughly 45 minutes. It seems to make a quick 0.5 connection sending a total of 5 bytes/packets, w/e and then kills the connection. Next 45 minutes round it seems to be under a new proxy name. It seems if you keep all services offline but the manager server it doesn't get attacked, but as soon as the "login" service is turned on the attacks begin?

    Hope this gives enough information for someone to think of something.

  8. #8
    Apprentice Ashers is offline
    MemberRank
    Jul 2013 Join Date
    7Posts

    Re: Anyone know what's going on exactly? A solution to these attacks?

    There are dark clouds approaching.

  9. #9
    Account Upgraded | Title Enabled! Kalachu is offline
    MemberRank
    May 2009 Join Date
    TorLocation
    237Posts

    Re: Anyone know what's going on exactly? A solution to these attacks?

    Quote Originally Posted by Delius View Post
    From what I've viewed from starring at TCPView the attacker is under a Tor Proxy that seems to be on a very specific timer of roughly 45 minutes. It seems to make a quick 0.5 connection sending a total of 5 bytes/packets, w/e and then kills the connection. Next 45 minutes round it seems to be under a new proxy name. It seems if you keep all services offline but the manager server it doesn't get attacked, but as soon as the "login" service is turned on the attacks begin?

    Hope this gives enough information for someone to think of something.
    look up blocking tor hope that helps then if they use a vpn :) block that as well there's other methods but try that.
    Last edited by Kalachu; 19-10-13 at 06:47 AM.

  10. #10
    Rada Rada. Delius is offline
    MemberRank
    Jul 2012 Join Date
    AustraliaLocation
    431Posts

    Re: Anyone know what's going on exactly? A solution to these attacks?

    Quote Originally Posted by jhongeek View Post
    look up blocking tor hope that helps then if they use a vpn :) block that as well there's other methods but try that.
    Okay thanks! I'll give that a go, however will blocking Tor just cause the attacking address appear as a normal old IP?

  11. #11
    -.- NextIdea is offline
    MemberRank
    Nov 2012 Join Date
    343Posts

    Re: Anyone know what's going on exactly? A solution to these attacks?

    Quote Originally Posted by Delius View Post
    From what I've viewed from starring at TCPView the attacker is under a Tor Proxy that seems to be on a very specific timer of roughly 45 minutes. It seems to make a quick 0.5 connection sending a total of 5 bytes/packets, w/e and then kills the connection. Next 45 minutes round it seems to be under a new proxy name. It seems if you keep all services offline but the manager server it doesn't get attacked, but as soon as the "login" service is turned on the attacks begin?

    Hope this gives enough information for someone to think of something.
    The 5 bytes is probably sent by the login service as all Fiesta services send that data when whoever connects.
    That isn't enough to determine are other services running and it just is to test ports to find the Manager.


    It would help if someone could capture the packets before the Manager service crash.

  12. #12
    Member ChubbyCrab is offline
    MemberRank
    Jan 2012 Join Date
    95Posts

    Re: Anyone know what's going on exactly? A solution to these attacks?

    That's the problem with pservers that run with precompiled services and no sourcecode available.
    You can code a "port-guard" to prevent package manipulation attacks like this. It's a service all incoming connections will be passed trough. All other ports can be closed this way. The service then forwards the packages internal to the corresponding fiesta-services.
    To prevent the attacks, it have to check for the manipulated package and stops it before the World_manager tries to process it.
    So it is a kind of "try & catch"-error service/guard, of course it would be much easier with sourcecode =/

    Problem with this solution is the performance, becaue the service have to handle ALOT of packages per second, so maybe a good coded multi-threading service would be needed OR you have to run 5 or more instances of the guard, like you can do with the ZoneServers at the moment.

  13. #13
    Rada Rada. Delius is offline
    MemberRank
    Jul 2012 Join Date
    AustraliaLocation
    431Posts

    Re: Anyone know what's going on exactly? A solution to these attacks?

    This is the Fiesta community. Dat most likely ain't gonna happen.

    Quote Originally Posted by NextIdea View Post

    It would help if someone could capture the packets before the Manager service crash.
    I will try my best. But it will be hard as the connection doesn't show up for much more than a second; unless ofc someone can recommend a better program?

    Either way I think it will just have to result in waiting it out and hoping that this no life dude/girl finds a nice boy/girl to "pass time" with rather than taking down Pservers
    The "Its Gamigo!" has already begun :c
    Last edited by Delius; 19-10-13 at 03:11 PM.

  14. #14
    Anotha One Wicious is offline
    MemberRank
    Jan 2013 Join Date
    StockholmLocation
    839Posts

    Re: Anyone know what's going on exactly? A solution to these attacks?

    Quote Originally Posted by Delius View Post
    This is the Fiesta community. Dat ain't gonna happen.
    Not with that attitude.

  15. #15
    -.- NextIdea is offline
    MemberRank
    Nov 2012 Join Date
    343Posts

    Re: Anyone know what's going on exactly? A solution to these attacks?

    Quote Originally Posted by Delius View Post
    I will try my best. But it will be hard as the connection doesn't show up for much more than a second; unless ofc someone can recommend a better program?
    FiestaShark was created to capture all Fiesta related packets.



Page 1 of 8 12345678 LastLast

Advertisement