Posted: Fri Feb 28, 2014 9:15 pm Post subject:
cncnet under attack
While waiting for someone to join my hosted DTA game, a guy called Smith joined.
A few seconds later dozens of auto-generated players joined and bombed the hosted game.
Using the log file i confirmed that all these came from the same IP address
187.56.89.17
The only way for me to stop this was killing the DTAlauncher task.
I tried it once again a few minutes later. Same attack.
Once again 10 minutes later, the DTA launcher and the cncnet5.exe both say, "connection limit reached" and the cncnet.org chat isn't available anymore.
I'm not sure if this happened in the past already but i think this is the first DOS attack on cncnet. Though a rather stupid one, as the IP address doesn't looks like a proxy, but the real one.
\Edit
oh, looks like this attack is done from a public internet cafe or restaurant from Sorocaba near Sao Paulo. _________________ SHP Artist of Twisted Insurrection: Nod buildings
is it possible to check the hardware id? ban an IP is fine, but I can turn my router off and get a new IP. _________________ I am authorized to send out the TMP Studio, PM ME IF YOU WANT IT And check this out, these were sent to me for help with terrain and zdata help along with TMP Studio/Builder
So that's why the matches didn't go well at all...
Goddamn children, CnCNet should really make a system that auto-bans people in case of a flood/DDOS... _________________
Since this guy wasn't listed in the Lobby, he might also somehow passed by cncnet and attacked me directly.
It isn't hard to check cncnet for the hosted games, get the IP address of the hosting person and then attack the hoster directly.
Right now it also seems to work fine again as i can log in again. _________________ SHP Artist of Twisted Insurrection: Nod buildings
The Launcher only receives traffic from the CnCNet IRC server, so he couldn't have attacked you directly. I'll look into preventing some of such attacks in upcoming versions of the Launcher, although being a client the options are a bit limited. _________________ CnCNet Client | CnCNet TS patches | More Quality-of-Life Improvements for RA Remastered
According to that page, it comes from a residential building in Campinas, SP, Brazil. The service provider is the Vivo, the most popular one in the state of São Paulo (Vivo belongs to Telefonica). I don't think this IP is static, due to the nature of the ISP.
This IP was never used in Revora and I don't have tools to find its usage in PPM. I've looked into posts from DTA forums and IPs from guests, but I couldn't find anything there. QUICK_EDIT
Connections from single ip address have been limited to 6. No one should be able to do this kind of "attack" without creating a small botnet first. QUICK_EDIT
You cannot post new topics in this forum You can reply to topics in this forum You can edit your posts in this forum You can delete your posts in this forum You can vote in polls in this forum You can attach files in this forum You can download files in this forum