NoQuery DDoS "Protection"
•
7 Oct 2010, 15:52
•
News
Description
This library embeds itself to linux servers by using the LD_PRELOAD environmental variable. It then checks all incoming packets, if the packet contains the q3 header followed by the query keywords getstatus or getinfo, then it simply drops the packet.This causes your server not to respond to any master server queries or services like splatter ladder. All queries from applications such as HLSW will also be ignored. The attacker will therefore not be able to find out through these various utilities if the server is up.
As the server will not appear in the lists, or respond to any queries, it will not even show up on favourites. The only way to connect will be with:
/connect ip:port
Installation
YCN Customers
All YCN customers can enable this feature by:- Go to Command Line (Edit) and tick the NoQuery Option
- Restart the server
- The attacker may already know your IP:PORT and can still disrupt your game, simply post a ticket in the cpanel asking for your server to be moved to a new IP and our staff should do this fairly quickly
Linux Servers (dedicated server owners)
You will need to download the library (libnoquery.so) which can be found here:http://www.ycn-hosting.com/downloads/noquery/
to your server.
Then in your server startup script you will need to either set the environmental variable with
export LD_PRELOAD="/path/to/libnoquery.so"
Or prefix your command with the setting
LD_PRELOAD="/path/to/libnoquery.so" etded +set .... +exe server.cfg ...
(in both examples remember to replace /path/to with the actual path pointing to the file)
Windows Servers
Sorry, windows does not support this type of code injection (function interposition).Other Game Hosts
Most game hosts will not support this, or rather you will probably need their assistance to implement this, most command line editors do not permit you to add a preload setting. I'm quite sure that gameservers.com won't let you do this, but worth a try to ask them.Source Code
The sourcecode for this is available, the app is very simple, you can find all the files here:http://www.ycn-hosting.com/downloads/noquery/
(includes an example compile script)
Make sure to keep your server IP's hidden in the future to prevent the attacker from knowing it and spamming you when he thinks that you have a match.
Let's donate!
oh wait this is CF
..I'd still like to see the peaceful ET-scenery getting involvoed in a dark and bloodyDDos-war by the SplatterLadder Confederation of Ignorant Pub-Noobs against the United Competitiveand Arrogant ET-Players. Would surely be epic :(
though i don't like not being able to join via hlsw / the server appearing as down in hlsw, i guess some ppl will be like "lol can't connect, server is down" :D
but i guess it's worth it!
just change path of the game to slac.exe
thanks for the help :)
So you could still just "force" the connection to the server?
That's what I can do with ASE when the Scanner is bugged and the server is displayed offline... :s
I might be wrong though...
and i guess some random irc opponents who don't know about it might not get it!
OW SNAP
But good to see someone is doing something.
really want to slam this link to those sl admins, i'm sure they will die a little inside.
If i had a paypal account i'd donate/buy YCN Servers.
not like anyone would DDoS low+ games XD
Let's roll them again. It's fun!
We need to own them hard!
gj kamz, oh wait :D!
thx
Although, security through obscurity isn't a very convincing catchphrase.
1) About the port changing, This was a bit of a rush job, I wrote the thing and built it into the system within an hour and a half, of which the half an hour was spent writing it up on CF. For the time being if you need your port changed, just ask the staff, in future, I may make an auto port switcher, or at the least will try to email/message every one about this.
2) As for the YCN Sucks / Lags comments, I like to think we provide a good service for the prices, but I do admit that there need to be improvements, We are constantly making changes and upgrades, and will be upgrading our DE provider in December, which should improve the service of our DE location. If any one does experience poor latency then they can always contact our support team and we'll try to solve it or let you know if its not going to be possible, in some cases we may offer refunds for serious latency problems.
the lag issue started a year or more ago and still isn't fixxed, thats what i call a good service