BF42 server querys broken

Jeronimo
Posts: 196
Joined: Sun Dec 27, 2009 8:55 pm
Location: Germany
Contact:

BF42 server querys broken

Post by Jeronimo »

Ok... 2 days ago, the bf42 server querys in my HLSW started to go wild again. This means almost all servers show me a timeout with over 90% of the packets. arrrrr!!! :evil: Internet connection is fine, servers are fine (you can play on them with [almost] no problems).

This has happened before, and back then I went to the HLSW forums and asked there if they knew something, cause a bug in the software seemed to be the only reasonable explanation.
This is what it looks like in HLSW:
Image

Then, a little LUA script proved me wrong, since it shows that the returned package indeed only is "\f\", which has to be some kind of error code:

Code: Select all

-- Lua 5.1  -  http://code.google.com/p/luaforwindows/
require("socket")

local udp = socket.udp()
udp:settimeout(1)
udp:sendto("\\info\\", "84.16.237.46", 23000)
-- alternatively send "\\players\\" or "\\rules\\"
local txt = udp:receivefrom()
print(txt or "[error]")
So this actually isn't a HLSW issue, but one of the servers themselves. :|
Now I wonder... WTF is that? How is it possbile that, from one day to the other, ALL BF42 servers out there simultaneously start to behave that strange?! There's a few of them that stay unaffected, though, but check your tool or ingame browser, I'm pretty sure you'll see the same...

Does anyone have an idea what the cause for this could be? Eventually I'm almost certain that it's got to do with the gamespy server, since this is the ONLY thing that all of these servers have something to do with. Different OS, software, versions, time/date on the systems... but all of them have to contact that one gamespy server to register an internet game they're running... so what's the error there, and how to avoid it? :cry:

BTW fo0k: Would you agree that we could make a tech board for such topics? If fits nowhere else, but "General" is a bit too... general. ^^
Image
freddy
Posts: 1267
Joined: Sun Oct 18, 2009 4:58 pm

Post by freddy »

sorry cant help you but i´m glad you posted cos i have the same same problem and i thought it had something to do with my internet connection.

if its something with the gamespy servers couldnt it be like another bf game draining resourses? didn´t bbc2 cause a lot of trouble a while a go? just an idea.
User avatar
fo0k
Posts: 1433
Joined: Fri Oct 16, 2009 4:21 pm
Location: UK

Re: BF42 server querys broken

Post by fo0k »

Yes, a tech board sounds worthy. I'll add it.
freddy
Posts: 1267
Joined: Sun Oct 18, 2009 4:58 pm

Post by freddy »

i did some tests on our gameserver and found out that it transmitting alot more data then it usually do

this is with no players,should be nearly 0

Image

seems to go to 66.150.214.185
Reverse Whois:"Nuclearfallout Enterprises, Inc

i then started up my local test server with the same parameters as our main and let it run for a while

Image
Jeronimo
Posts: 196
Joined: Sun Dec 27, 2009 8:55 pm
Location: Germany
Contact:

Re:

Post by Jeronimo »

freddy wrote:seems to go to 66.150.214.185
Reverse Whois:"Nuclearfallout Enterprises, Inc
Hm very strange... reverse DNS says "c-66-150-214-185.internap-dallas.nfoservers.com". Seems to be some kind of gameserver hoster in the US...
I'll run network monitor on our server, too, as soon as I'll find the time, to see if I get the same there.
Image
freddy
Posts: 1267
Joined: Sun Oct 18, 2009 4:58 pm

Post by freddy »

a bit easier to see in this pic, as you can see i tried throttle it but then our server was totally dead in hlsw instead of "blinking" on and off

Image

edit: just checked the logs and its totally crammed with these lines over and over

Code: Select all

21/01/2011 20:59:15 : Couldn't auto-refresh player list!
21/01/2011 20:59:50 : Couldn't get server status! Segment did not contain a queryid.
21/01/2011 20:59:53 : Couldn't get server status! Segment did not contain a queryid.
21/01/2011 20:59:55 : Couldn't get server status! Segment did not contain a queryid.
21/01/2011 20:59:55 : Couldn't auto-refresh player list!
21/01/2011 20:59:55 : Couldn't get server status! Segment did not contain a queryid.
21/01/2011 20:59:56 : Couldn't get server status! Segment did not contain a queryid.
edit2: goggled it and seems im not alone http://89.20.158.66/server1/archive/201 ... -21-09.log
freddy
Posts: 1267
Joined: Sun Oct 18, 2009 4:58 pm

Post by freddy »

dont think its it, but result seem to work about the same as a dos attack? http://en.wikipedia.org/wiki/Denial-of-service_attack

quickfix= change quary port on server
Jeronimo
Posts: 196
Joined: Sun Dec 27, 2009 8:55 pm
Location: Germany
Contact:

Re: BF42 server querys broken

Post by Jeronimo »

Just made a little script to log all incoming traffic on the query port. Check this out:

Code: Select all

01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:52 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
01/23/11 13:49:53 - 66.150.214.185:27015: \\players\\status\\packets\\rules\
This little bitch sends dozens of query packages per second, directly addressed to 23000. I banned this IP in IP security guidelines now and voilà, the server runs on 23000 again, without any packet loss or error messages in the log. Thanks for the tip, freddy, it really seems like this is a DoS attack from 66.150.214.185, attacking all servers found on gamespy, spamming on port 23000 to take down any BF42 server trying to process the massive load of querys :evil:

So the solution is: ban all incoming traffic on your server from 66.150.214.185! Approved with both of our servers. Activated ban rule => red bars turn green in HLSW. :ugeek:

Here's the lua script for logging incoming UDP traffic, if you wanna try it yourself:

Code: Select all

--[[
###############################################
### Lua 5.1 - http://code.google.com/p/luaforwindows/
### UDP port logger
### (c) ,V' Jeronimo 2011
### www.valkyrie-clan.com
###############################################
]]--

require("socket")
require("os")

-- options
local logFileName = "log.txt"
local logTimeStamp = true
local udpPort = 23000		-- listen port
local udpAddress = "*" 	-- IP address to bind the port to; "*" means any ip

-- init

local udp = socket.udp()
udp:setsockname(udpAddress, udpPort)
udp:settimeout(0)
local data = "", ipFrom, portFrom
local txt = ""

-- main function
function main()
	while true do
		data, ipFrom, portFrom = udp:receivefrom()
		if data then
			if data == "STOP" then break end
			txt = (logTimeStamp and (os.date() .. " - ") or "") .. ipFrom .. ":" .. portFrom .. ": " .. data .. "\n"
			log(txt)
		else
			socket.sleep(0.1)
		end
	end
end

-- log function
function log(text)
	local file = assert(io.open(logFileName, "a"))
	file:write(text)
	file:close()
end

main()
Image
freddy
Posts: 1267
Joined: Sun Oct 18, 2009 4:58 pm

Post by freddy »

thanks man, good info!

i noticed changing the query port also affect the ingame favourites (just lists as offline)

so much better to block that IP instead. now i just have to figure out how one did that in windows without any firewalls :)
Jeronimo
Posts: 196
Joined: Sun Dec 27, 2009 8:55 pm
Location: Germany
Contact:

Re: BF42 server querys broken

Post by Jeronimo »

Run "gpedit.msc", go to => Computer config => windows settings => security settings => ip security guidelines (Hope I translated it right, only have it in german here).
Add a new entry there. Read through the dialogs and you should figure out how to block this single IP. Can also be done with whole IP subnets etc., lots of possiblities there. ;)
Image
Post Reply