[cod] COD5 WAW Error

Roberto Omezzolli hw-team at g-portal.de
Sat Jan 21 06:46:34 EST 2012 

Hello,

 

does anybody recognize this error and has a solution for?

 

Setting map: mp_airfield.

------ Server Initialization ------

Server: mp_airfield

resetting state..

bdLog[28114]: ../DemonWare/bdNet/bdUPnP/bdUPnP.cpp(334):

WARNING: Cannot shutdown class as it is already uninitialised!

Alias: localhost

Alias: ip6-loopback

Alias: ip6-localhost

PC IP: XXX.XXX.XXX.XXX

*** glibc detected *** ./codwaw_lnxded-bin: malloc(): memory corruption:
0x190cc0e0 ***

======= Backtrace: =========

/lib32/libc.so.6(+0x6bf31)[0xf74cef31]

/lib32/libc.so.6(+0x6ed55)[0xf74d1d55]

/lib32/libc.so.6(__libc_malloc+0x5c)[0xf74d395c]

/lib32/libresolv.so.2(+0x9058)[0xe670c058]

/lib32/libresolv.so.2(__libc_res_nquery+0x153)[0xe6709a53]

/lib32/libresolv.so.2(+0x704b)[0xe670a04b]

/lib32/libresolv.so.2(__libc_res_nsearch+0x335)[0xe670a475]

/lib32/libnss_dns.so.2(_nss_dns_gethostbyname3_r+0x126)[0xe6719bc6]

/lib32/libnss_dns.so.2(_nss_dns_gethostbyname_r+0x6b)[0xe6719e6b]

/lib32/libc.so.6(gethostbyname_r+0x1ae)[0xf754820e]

/lib32/libc.so.6(gethostbyname+0xe6)[0xf7547a66]

./codwaw_lnxded-bin[0x83e6ec1]

./codwaw_lnxded-bin[0x83980ad]

./codwaw_lnxded-bin[0x8356853]

/lib32/libpthread.so.0(+0x5955)[0xf76e9955]

/lib32/libc.so.6(clone+0x5e)[0xf7530f1e]

======= Memory map: ========

08048000-084ec000 r-xp 00000000 08:01 24766176
/home/gameserver/master/cod5/codwaw_lnxded-bin

084ec000-084f9000 rw-p 004a4000 08:01 24766176
/home/gameserver/master/cod5/codwaw_lnxded-bin

084f9000-183ab000 rw-p 00000000 00:00 0

18fa4000-190ec000 rw-p 00000000 00:00 0
[heap]

e6600000-e6621000 rw-p 00000000 00:00 0

e6621000-e6700000 ---p 00000000 00:00 0

e6703000-e6713000 r-xp 00000000 08:01 23830531
/lib32/libresolv-2.11.2.so

e6713000-e6714000 r--p 00010000 08:01 23830531
/lib32/libresolv-2.11.2.so

e6714000-e6715000 rw-p 00011000 08:01 23830531
/lib32/libresolv-2.11.2.so

e6715000-e6717000 rw-p 00000000 00:00 0

e6717000-e671b000 r-xp 00000000 08:01 23830552
/lib32/libnss_dns-2.11.2.so

e671b000-e671c000 r--p 00004000 08:01 23830552
/lib32/libnss_dns-2.11.2.so

e671c000-e671d000 rw-p 00005000 08:01 23830552
/lib32/libnss_dns-2.11.2.so

e6724000-e6725000 ---p 00000000 00:00 0

e6725000-e771a000 rw-p 00000000 00:00 0

e771a000-e7724000 r-xp 00000000 08:01 23830535
/lib32/libnss_files-2.11.2.so

e7724000-e7725000 r--p 00009000 08:01 23830535
/lib32/libnss_files-2.11.2.so

e7725000-e7726000 rw-p 0000a000 08:01 23830535
/lib32/libnss_files-2.11.2.so

e7726000-e7739000 r-xp 00000000 08:01 23830548
/lib32/libnsl-2.11.2.so

e7739000-e773a000 r--p 00012000 08:01 23830548
/lib32/libnsl-2.11.2.so

e773a000-e773b000 rw-p 00013000 08:01 23830548
/lib32/libnsl-2.11.2.so

e773b000-ea23d000 rw-p 00000000 00:00 0

ea246000-ea24e000 r-xp 00000000 08:01 23830532
/lib32/libnss_nis-2.11.2.so

ea24e000-ea24f000 r--p 00008000 08:01 23830532
/lib32/libnss_nis-2.11.2.so

ea24f000-ea250000 rw-p 00009000 08:01 23830532
/lib32/libnss_nis-2.11.2.so

ea250000-ea256000 r-xp 00000000 08:01 23830545
/lib32/libnss_compat-2.11.2.so

ea256000-ea257000 r--p 00006000 08:01 23830545
/lib32/libnss_compat-2.11.2.so

ea257000-ea258000 rw-p 00007000 08:01 23830545
/lib32/libnss_compat-2.11.2.so

ea25f000-f7463000 rw-p 00000000 00:00 0

f7463000-f75a3000 r-xp 00000000 08:01 23830538
/lib32/libc-2.11.2.so

f75a3000-f75a4000 ---p 00140000 08:01 23830538
/lib32/libc-2.11.2.so

f75a4000-f75a6000 r--p 00140000 08:01 23830538
/lib32/libc-2.11.2.so

f75a6000-f75a7000 rw-p 00142000 08:01 23830538
/lib32/libc-2.11.2.so

f75a7000-f75aa000 rw-p 00000000 00:00 0

f75aa000-f75c7000 r-xp 00000000 08:01 24701061
/usr/lib32/libgcc_s.so.1

f75c7000-f75c8000 rw-p 0001c000 08:01 24701061
/usr/lib32/libgcc_s.so.1

f75c8000-f75ec000 r-xp 00000000 08:01 23830547
/lib32/libm-2.11.2.so

f75ec000-f75ed000 r--p 00023000 08:01 23830547
/lib32/libm-2.11.2.so

f75ed000-f75ee000 rw-p 00024000 08:01 23830547
/lib32/libm-2.11.2.so

f75ee000-f76d7000 r-xp 00000000 08:01 24701068
/usr/lib32/libstdc++.so.6.0.13

f76d7000-f76db000 r--p 000e9000 08:01 24701068
/usr/lib32/libstdc++.so.6.0.13

f76db000-f76dc000 rw-p 000ed000 08:01 24701068
/usr/lib32/libstdc++.so.6.0.13

f76dc000-f76e4000 rw-p 00000000 00:00 0

f76e4000-f76f9000 r-xp 00000000 08:01 23830539
/lib32/libpthread-2.11.2.so

f76f9000-f76fa000 r--p 00014000 08:01 23830539
/lib32/libpthread-2.11.2.so

f76fa000-f76fb000 rw-p 00015000 08:01 23830539
/lib32/libpthread-2.11.2.so

f76fb000-f76fd000 rw-p 00000000 00:00 0

f76fd000-f76ff000 r-xp 00000000 08:01 23830537
/lib32/libdl-2.11.2.so

f76ff000-f7700000 r--p 00001000 08:01 23830537
/lib32/libdl-2.11.2.so

f7700000-f7701000 rw-p 00002000 08:01 23830537
/lib32/libdl-2.11.2.so

f7707000-f770a000 rw-p 00000000 00:00 0

f770a000-f770b000 r-xp 00000000 00:00 0
[vdso]

f770b000-f7727000 r-xp 00000000 08:01 23830550
/lib32/ld-2.11.2.so

f7727000-f7728000 r--p 0001b000 08:01 23830550
/lib32/ld-2.11.2.so

f7728000-f7729000 rw-p 0001c000 08:01 23830550
/lib32/ld-2.11.2.so

ffec3000-ffee3000 rw-p 00000000 00:00 0
[stack]

Aborted

 

Roberto Omezzolli

Geschäftsführer

________________________________________


OCIRIS GmbH

Willy-Buchauer-Ring 25

82256 Fürstenfeldbruck

Tel.:  +49 (0) 89 461 3518-00

Fax:  +49 (0) 89 461 3508 04
________________________________________

Geschäftsführer: Sebastian Reckzeh, Roberto Omezzolli  
Handelsregister: Amtsgericht München, HRB 146467
Sitz der Gesellschaft: München

"Diese E-Mail sowie jeglicher Anhang sind vertraulich und ausschließlich für
den/die bezeichneten Adressaten bestimmt. Diese Mitteilung kann rechtlich
geschützte, firmeninterne oder anderweitig vertrauliche Informationen
enthalten, deren Weitergabe ohne unsere Zustimmung strengstens untersagt
ist. Sofern Sie nicht der beabsichtigte Adressat sind oder diese E-Mail
irrtümlich erhalten haben, sind Sie nicht autorisiert, diese Mitteilung
bekannt zu machen, zu kopieren, weiterzugeben oder aufzubewahren. Bitte
informieren Sie uns in diesem Fall unverzüglich und vernichten diese
E-Mail."

"The information in this e-mail and in any attachments is confidential and
intended solely for the attention and use of the named addresse(s). This
information may be subject to legal, professional or other privilege and
further distribution of it is strictly prohibited without our authority. If
you are not the intended recipient, you are not authorised to and must not
disclose, copy, distribute, or retain this message or any part of it, and
should notify us immediately." 

 

Von: John [mailto:lists.cod at nuclearfallout.net] 
Gesendet: Samstag, 21. Januar 2012 01:52
An: cod at icculus.org
Betreff: Re: [cod] CoD2 UDP flood

 

On 1/20/2012 3:27 PM, Marco Padovan wrote: 

I was referring to dynamic filtering using -m recent

[not] to manually adding IPs O.o


Marco's right about this. The most effective way to prevent effects from
these attacks on Linux is to use a combination of the "string", "hashlimit",
and "recent" modules. Done right, the solution is mostly automatic, so you
shouldn't need to manually add IPs.

These commands, for instance, would block external IPs that send queries at
a rate of 2/second or higher:

# add a host to the banlist and then drop the packet.
iptables -N QUERY-BLOCK
iptables -A QUERY-BLOCK -m recent --set --name blocked-hosts -j DROP

# is this a query packet? if so, block commonly attacked ports outright, 
# then see if it's a known attacking IP, then see if it is sending at a high
# rate and should be added to the list of known attacking IPs.
iptables -N QUERY-CHECK
iptables -A QUERY-CHECK -p udp -m string ! --string "getstatus" --algo bm
--from 32 --to 41 -j RETURN
iptables -A QUERY-CHECK -p udp --sport 0:1025 -j DROP
iptables -A QUERY-CHECK -p udp --sport 3074 -j DROP
iptables -A QUERY-CHECK -p udp --sport 7777 -j DROP
iptables -A QUERY-CHECK -p udp --sport 27015:27100 -j DROP
iptables -A QUERY-CHECK -p udp --sport 25200 -j DROP
iptables -A QUERY-CHECK -p udp --sport 25565 -j DROP
# is it already blocked? continue blocking it and update the counter so it
# gets blocked for at least another 30 seconds.
iptables -A QUERY-CHECK -m recent --update --name blocked-hosts --seconds 30
--hitcount 1 -j DROP
# check to see if it exceeds our rate threshold,
# and add it to the list if it does.
iptables -A QUERY-CHECK -m hashlimit --hashlimit-mode srcip --hashlimit-name
getstatus --hashlimit-above 2/second -j QUERY-BLOCK

# look at all the packets going to q3/cod*/et/etc servers
iptables -A INPUT -p udp --dport 27960:29000 -j QUERY-CHECK

The "recent" module makes it possible to block up to 100 IPs at once with
this method (any attackers beyond this would only be rate-limited). That
number can be raised when the module is loaded, but I haven't seen 100
attacks happening at once yet (typically it's maybe 5-20 at once). You can
see blocked hosts later by looking at /proc/net/xt_recent/blocked-hosts.

(If you don't have "recent", you could get away without it -- just be aware
that some of the packets will get through, increasing load on the game
server. Without "hashlimit", you'd still see an advantage from the port
checks, but you'd need to manually block IPs that are being hit on other
ports. Without "string", you'd similarly be down to just port checks, and
need to take out the other rules.)

-John

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20120121/847b6c25/attachment-0001.htm>

More information about the cod mailing list