Results 1 to 6 of 6

Thread: getstatus flood ?

  1. #1
    Testing Crew Member dax's Avatar
    Join Date
    Aug 2010
    Location
    liverpool uk
    Posts
    549

    Default getstatus flood ?

    hi all ...
    seems we have an attempted getstatus flood attacker at our server ,but i want to check to be sure .
    seems they use the same ip each time ,but on different ports ....
    this is just a small portion during a map .

    Taking item Binoculars away from player
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 41.47.57.76:10672 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 186.124.128.85:1557 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    Boyka<MD> was machine-gunned by =COH=[CPT][US-JP4]FISHERMAN(PT) in the lower right leg
    Taking item Binoculars away from player
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 108.61.78.148:-16160 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 109.49.164.98:-14105 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    broadcast: print "555 timed out\n"
    Going to CS_ZOMBIE for 555
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 195.240.209.146:1060 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus
    SV packet 81.225.63.229:-32128 : getstatus

    port 7130 is also used from the same ip ,can anyone confirm this is a flood attempt ?
    if so should i get our host to block the ip ???
    =COH=Ubersoldier/Dax
    mess with the best ,die like the rest !!!

  2. #2
    Über Prodigy & Developer Razo[R]apiD's Avatar
    Join Date
    May 2010
    Location
    Poland, Lublin
    Posts
    3,257

    Default

    Yes this is the flood attempt. It's up to you if you want to block it. Currently it's not really a big issue if you are using protections such as AntiPacket Flood or GsProtector.

    They may also spoof IP address, because UDP is a connectionless protocol.

  3. #3
    Testing Crew Member dax's Avatar
    Join Date
    Aug 2010
    Location
    liverpool uk
    Posts
    549

    Default

    hi Razor...
    ok thanks ,he is very determined, been trying for over a week....but last night was the only time it gave any problem.
    did a trace and seems to originate in sweden ,but as you say it could be a spoofed i.p..
    =COH=Ubersoldier/Dax
    mess with the best ,die like the rest !!!

  4. #4
    Testing Crew Member dax's Avatar
    Join Date
    Aug 2010
    Location
    liverpool uk
    Posts
    549

    Default

    hi all ...
    still getting bombarded with this ...
    seems to be trying a new tactic or am i just getting paranoid ....lol !!!!
    from the logs last nite ...
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 88.68.198.20:7138 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 88.68.198.20:7138 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 108.61.78.147:-8348 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 81.109.116.216:-6969 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 88.68.198.20:7138 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 88.68.198.20:7138 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 88.68.198.20:7138 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 88.68.198.20:7138 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    SV packet 173.177.25.73:7130 : getstatus
    SV packet 46.246.16.26:7130 : getstatus
    just a short section ,does not seem to affect the server ,so not too bothered ,but thought i should
    let you all know ...
    =COH=Ubersoldier/Dax
    mess with the best ,die like the rest !!!

  5. #5
    Über Prodigy & Developer Razo[R]apiD's Avatar
    Join Date
    May 2010
    Location
    Poland, Lublin
    Posts
    3,257

    Default

    If it doesnt affect the server then it means that flood protection works properly. But good to know, seems like someone tries to switch IPs to get through "delay window"

  6. #6
    Testing Crew Member dax's Avatar
    Join Date
    Aug 2010
    Location
    liverpool uk
    Posts
    549

    Default get status attack

    hi again ...looks like they got through on our new ip ...only been up 2 days !!!!server.txt

    will up the flood delay to 150 see if that helps !!!
    Last edited by dax; February 15th, 2013 at 08:50 AM. Reason: edit
    =COH=Ubersoldier/Dax
    mess with the best ,die like the rest !!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •