[cod] Query limiting...

Marco Padovan evcz at evcz.tk
Fri Oct 14 18:20:16 EDT 2011


Hi ryan, thanks for your reply :)

Il 14/10/2011 23:35, Ryan C. Gordon ha scritto:
>
>> We are running some bots that manage the servers and do cleanup things
>> when they are left empty... with this patch enabled servers we
>> constantly appearing offline (forced restart!) or without users
>> (automatic restart, logs cleanup and so on)... this was causing a lot of
>> problems...
>
> Do the bots have to hit each server faster than once per second? Maybe
> just set the sv_queryIgnoreTime cvar to 500...even that would help
> mitigate a DDoS attack, as most of the incoming packets get thrown
> away instead of all of them getting replied to.
Bots are coded to be "kind": they do checks on their own generally once
every 15minutes.
But the same bots are also used to do manual scans (the user can ask the
bot to query his own server and to report the current status or to check
how many players are in it)

Incidentally it happened once that a user queried the server a few
milliseconds before the bot was going to scan his server... the result
was that the server didn't replied to the bot and the bot thought it was
dead.

Another similar thing happened later: the server appeared to be working
and reported correctly its vital parameters to the bot (getstatus) but
it did not report the players in it (getinfo?) so the bot thought it was
online but empty...

These were just two rare examples that were very critical... we tested
the binaries for a full week and I was able to catch only those two
glitches... so such an issue might not be that frequent :)

Additionally while using monitoring tools like HLSW (
http://www.hlsw.de/ ) the server get queried generally 1 time /
second... so with the default parameters it appears offline half of the
time (setting the timeout to 500solve this specific "issue")

I have to admit that detecting this kind of attacks on a single game
server instance is hard.
It's easier to filter them while being able to monitor a whole network
pipe (were you can impose very high limits (pps) on the firewalls that
does not affect single real users in any way (even aggressive ones) but
that immediately triggers the antidos filters when a real reflection dos
start as it targets dozen of servers resulting in a very high packet
rate that a real user wouldn't be able push out at such an high rate)
>
>> Is there a way to set a whitelist?
>
> It whitelists LAN addresses by default (do the bots run on external
> networks?). I don't have any further whitelist mechanism at this moment.
Yes, bots run on external networks :(
I'm aware that white-lists are "evil" with this kind of things as people
could abuse them to make an attack against the white-listed IP(s).
>
>> Can the cvars like sv_queryIgnoreMegs be changed on runtime via rcon
>> or server.cfg?
>
> It can't be changed after startup (I haven't checked, but I think that
> it works in server.cfg). It definitely won't let you change it midgame
> via rcon or the console, though.
>
> --ryan.

PS: I hate bothering people... but have to :(
Is there any word about MW3 linux binaries?
Is a public fundraising (to pay for your work in case activision don't
wont to spend money on the porting) out of reach? :(


More information about the cod mailing list