Reply Subscribe

FlyingPants · 30th December 2013

Does this fix actually work?

Ravin · 30th December 2013

On that note, I was able to get into my server just fine without any lag.

Maybe things are now fixed? Try it out yourselves.

**Sievers808** · 30th December 2013

Ravin posted:

On that note, I was able to get into my server just fine without any lag.

Maybe things are now fixed? Try it out yourselves.

I ran the update on my server as well, but haven't been able to test yet and haven't received word from anyone whether it's working or not...
But damn I sure hope it works xD

vehementix · 30th December 2013

Lol the laypeople just hearing the buzzword DDOS and applying it to everything and arguing on the internet about how to solve it between two interfaces they don't know :|

**Sievers808** · 30th December 2013

vehementix posted:

Lol the laypeople just hearing the buzzword DDOS and applying it to everything and arguing on the internet about how to solve it between two interfaces they don't know :|

This doesn't have anything to do with the OP and doesn't help anyone. Why post this just to bash ppl?
It doesn't effing matter what it's called, DDoS or exploit or "stupid french ppl" (which i disagree with but w/e) everyone knows that they're talking about so it's not a big deal.

csnewman · 30th December 2013

thomasfn posted:

These actually aren't bad ideas. Are you sure the exploit is zero-length packets?

Unless it has changed in the last day then im pretty sure, many people have reported it to being a zero packet

Edited:

Ravin posted:

On that note, I was able to get into my server just fine without any lag.

Maybe things are now fixed? Try it out yourselves.

Not all server seem ok? Maybe some need restarting

GavGod'sGift · 30th December 2013

Ussyless posted:

invade france

Come at me.

Loadingue · 30th December 2013

The guys behind the attacks are preparing something, they will make an announcement in 10 minutes.

Edit: It's gonna take a bit more time, there was an unexpected update to Rust.

Packard · 30th December 2013

Where are you hearing that?

Loadingue · 30th December 2013

Packard posted:

Where are you hearing that?

On their TeamSpeak; I can speak French so I understand everything they're saying.

They've apparently tricked Garry into thinking he could fix the exploit, when he actually couldn't; and now they've brought the servers down again. Some servers may not be down, because they weren't updated.

Ned · 30th December 2013

Loadingue posted:

On their TeamSpeak; I can speak French so I understand everything they're saying.

They've apparently tricked Garry into thinking he could fix the exploit, when he actually couldn't; and now they've brought the servers down again. Some servers may not be down, because they weren't updated.

if u are on their teamspeak why dont u tell us how they do it. maybe that would help fix the exploit....

streaky · 30th December 2013

vehementix posted:

Lol the laypeople just hearing the buzzword DDOS and applying it to everything

Lol laypeople. DDoS for laypeople - preventing access to something with the attack coming from >= 2 sources. If 500 people turn up at your bank asking for free gold that is - by definition - a DDoS. The thing is it *does* apply to everything.

Source: I build software to manage entire datacenters and deal with this garbage all the time.

Btw filtering out 0-byte UDP packets is a little bit nonsense because they'll just start flinging 1-byte packets at you instead.

Not for nothing but I've been telling game devs for at least a decade to put their UDP down SSL'ed TCP pipes but nobody ever listens.

Loadingue · 30th December 2013

Ned posted:

if u are on their teamspeak why dont u tell us how they do it. maybe that would help fix the exploit....

For one, I don't know anything about hacking or coding or whatever. For two, they're not going to tell me how exactly they're doing it, even if I ask nicely.

It's a public TeamSpeak; hundreds of people have gone there to see what's up in the last few days.

**thomasfn** · 30th December 2013

Loadingue posted:

On their TeamSpeak; I can speak French so I understand everything they're saying.

They've apparently tricked Garry into thinking he could fix the exploit, when he actually couldn't; and now they've brought the servers down again. Some servers may not be down, because they weren't updated.

If there's 1 exploit in uLink that brings servers down, there are likely others. They probably have some sort of "bank" of known exploits - when one is fixed, they move on to the next.

Loadingue · 30th December 2013

thomasfn posted:

If there's 1 exploit in uLink that brings servers down, there are likely others. They probably have some sort of "bank" of known exploits - when one is fixed, they move on to the next.

Yes, they said something along those lines. There are many exploits to bring servers down, and Garry only fixed one; and they apparently made Garry think it was the only one. But not anymore.

Jack B · 30th December 2013

It appears to be back...

**thomasfn** · 30th December 2013

If uLink didn't obfuscate their sodding binaries, I could have at least taken a look through it to find some obvious exploits, or learnt how the protocol works and built a proxy that protects from exploits.

Deadagain · 30th December 2013

Loadingue posted:

Yes, they said something along those lines. There are many exploits to bring servers down, and Garry only fixed one; and they apparently made Garry think it was the only one. But not anymore.

Garry has previously recognized there are multiple bugs with ulink:

We use a networking library called uLink. It works well for us. We can get 300 people on a single server. We’re happy. But it is not without its issues. I get the feeling that it’s not that widely used – so there’s a lot of relatively simple exploits that haven’t been found.

**LuaChobo** · 31st December 2013

OneBadPanda posted:

Since you a jerk I'm going to pull you apart. It doesn't matter if you use a server or your own connection. Every IP address is registered (unless falsified temporarily). Yes, if you don't use your own IP it will take longer to track you down. The best thing to do as a DDoS is to console into someone else's server (physically be there) and start the attack. Everything remote can be traced with the right forensics team. If you OWN that server and it is hosted in someones data-center then yes, they can track it to you. Because to own a server in someone else's data-center, that data-center likely has some financial transactions or log of who owns what server.

If the IP is falsified, routers still hold these forwarding database tables (mac/IP listing) generally for 3 days or until their table fills up.

Even VPNs can technically be traced. If you use a VPN you are given an IP address from a DHCP server. That DHCP server creates a log of who has what IP. The thing with VPNs is that most people who host them delete these records frequently. But if they trace it to a server, hack into it and start exporting these entries as soon as it gets in, then they could find out who you are if you disconnect/reconnect.

How about you quit talking.

I should add the reason why it is extremely difficult to trace it back to the user is because there are different administrators across different networks and coordinating a trace within the time that the information is expired/deleted is not possible without some planning.

ahahaahahaha you guys essentially ignore every point i make to continue to talk shit

try actually researching what you are talking about

saber50 · 31st December 2013

csnewman posted:

DDos is a denial of service. DDos is not just when you spam the server with losts of pings, it is anything that denys the service, like an exploit

Actually DoS is denial of service. DDoS is a type of DoS. This is a DoS but not a DDoS.