Forum

> > CS2D > General > Last server to appear in the serverlist
Forums overviewCS2D overviewGeneral overviewLog in to reply

English Last server to appear in the serverlist

20 replies
Page
To the start Previous 1 2 Next To the start

old Last server to appear in the serverlist

mrc
User Playing CS2D

Quote
Idk why this is happening but my server takes too long to appear in the serverlist. Usually it appears only after all the servers are loaded plus more few seconds, and it's annoying because nobody will wait that long to find my server. There is no firewall set, just the native antiddos from my VPS, Ive tryied running with and without nohup, with realport command and nothing. Anybody know what I can try to fix it? If you wait it appear and then refresh the list the server show instantly. Weird. I need help!

old Re: Last server to appear in the serverlist

cs2d_is_a_Gem
User Off Offline

Quote
@user mrc: it is due to firewall security groups configured in your virtual machine or in your administration panel.(security group
).
Pd. You must configure the IP range allowed for your servers to appear quickly and if you have an antidic configuration, it should also be checked. √


Pd. Remember that when you add an antiddos configuration, what you add is actually another ip that receives the traffic and sends it to your server and that generates additional latency.

in a few words so that your server appears quickly you must open the correct port ranges, eliminate the ip antiddos, and configure the ports within your operating system that you want.
edited 2×, last 13.04.18 10:30:07 pm

old Re: Last server to appear in the serverlist

mrc
User Playing CS2D

Quote
I used:

systemctl stop firewalld
systemctl disable firewalld

then it solved my problem, BUT I think my server isnt secure for DDoS. I'll take a look on it. Do you have any suggestion so I can configure here?
edited 1×, last 13.04.18 10:35:25 pm

old Re: Last server to appear in the serverlist

DC
Admin Off Offline

Quote
You shouldn't let a firewall check game traffic. That's a bad idea in general. It may lead to bad pings.
It should be sufficient to add a firewall exception for the UDP port of your CS2D server. This way all other traffic will still be checked by the firewall.

I assume what's going on if you have the firewall enabled is this:
• people send an info request via the server list (this happens automatically when opening the server list)
• your server's firewall rejects the request because it's from an unknown address
• after a while U.S.G.N.'s NAT hole punching algorithm kicks in. This means the client (who opened the server list) will send a request to a U.S.G.N. master server which will then tell your server to send a message to the client. The master server can only reach your server because your server already sent data to the master server beforehand. After your server sent a message to the client, subsequent info request can pass the firewall.

NAT hole punching takes some time. And depending on circumstances it may only work on the second server list load / on re-load. This would explain why your server appears but with a huge delay.

old Re: Last server to appear in the serverlist

cs2d_is_a_Gem
User Off Offline

Quote
there is no configuration in the firewall that can stop the attacks, if the attack exceeds your download speed, your server and your connection will fall in all modes. the firewall configuration blocks the scripts / ddos not the packets themselves.

The only solution is to have a super fast download speed so that the attack does not flood your network card with incoming requests.
IMG:https://oi63.tinypic.com/2gul6s2.jpg


my connection is 967.18, if the attack is 967.19, my server will fall with or firewall configuration.




2x edit: Antiddos solutions are not designed for online games at the moment.

Quote
I assume what's going on if you have the firewall enabled is this:
• people send an info request via the server list (this happens automatically when opening the server list)
• your server's firewall rejects the request because it's from an unknown address
• after a while U.S.G.N.'s NAT hole punching algorithm kicks in. This means the client (who opened the server list) will send a request to a U.S.G.N. master server which will then tell your server to send a message to the client. The master server can only reach your server because your server already sent data to the master server beforehand. After your server sent a message to the client, subsequent info request can pass the firewall.


that does not matter on a website since websites are generally used as an antiddos system and take a while to load.

• ip Antiddos system:

IMG:https://nexnetsolutions.com/wp-content/uploads/2013/04/DDoS-1024x637.png


there are also pages that do not take long to load as youtube, but those pages have a connection of approximately 100 terabytes and support almost any attack.

On the other hand, it is easier to make an attack instead of stopping it


• pro ddos atack:
IMG:https://mundo-hackers.weebly.com/uploads/9/8/5/0/98506118/ddos-ataque-grafica-610x413_orig.png



there are many threads about these cases so I gave a little clearer explanation.
edited 2×, last 14.04.18 01:30:26 am

old Re: Last server to appear in the serverlist

DC
Admin Off Offline

Quote
@user cs2d_is_a_Gem: DDoS is just one of many possible attacks. There are many other attacks which can be stopped with the right firewall rules. Even DDoS can be weakened with the right rules. Depending on the strength of the attack of course. If the attack takes all the bandwidth a firewall won't help for obvious reasons.

Also there is no relation between what you quoted from me and what you wrote. N.A.T. hole punching is neither an attempt to protect something nor related to DDoS in any way. It's just a way to make servers behind routers/firewalls accessible.

old Re: Last server to appear in the serverlist

mrc
User Playing CS2D

Quote
My VPS can handle the ddos attacks but the cs2d_dedicated don't, it crashes or freezes until the attack end, but the VPS keep normal. With the firewall enabled nothing happens with the cs2d_dedicated when attacked but the server doesnt appear fast in the list as I already said. So whats the best choice?

old Re: Last server to appear in the serverlist

cs2d_is_a_Gem
User Off Offline

Quote
@user DC: it is not the only attack that locks cs2d servers, but it is the most common.
the only isolated case that I know is that of one of rodion, which disabled the linux servers without protection.
with a little program that that kind development.
Anyway, I do not think this is the case.

edit: @user DC: I am clear that NAT has nothing to do with the firewall or with ddos, only that he points out that he previously used an IP address antidoos and showed him how that IP worked, since that generated an additional delay and his servers were slow to appear .
anyway, in your comment you're right, My ability to express myself in this language is bad and I do not understand myself well.


@user mrc: look for a vps with a good cpu since incoming requests usually saturate the cpu before your bandwidth and that causes your dedicated to freeze during the attack lasts.

that was the solution that worked best for me, you can also use a small firewall configuration that weakens the attack a bit.
edited 2×, last 14.04.18 04:49:12 am

old Re: Last server to appear in the serverlist

DC
Admin Off Offline

Quote
Yup, that's right. CS2D will cause a very high CPU load when trying to handle all UDP packets from a DDoS attack.

I assume that the firewall simply discards unknown incoming UDP traffic like described before. This way malicious UDP packets don't arrive at CS2D and do not cause CPU load there.

The firewall can most likely handle more packets with less CPU load. That's why it works.

Maybe there is a way to adjust the firewall rules? e.g.: first X UDP packet(s) from an unknown source IP are always allowed to pass and if CS2D replies within a few seconds the address gets white listed otherwise black listed. Not sure if the firewall you're using allows such complex rules.

old Re: Last server to appear in the serverlist

cs2d_is_a_Gem
User Off Offline

Quote
@user mrc: Centos 7 ;o
Perhaps something like this helps in reducing the number of connection attempts:

1
2
iptables -I INPUT -p udp --dport 27015 -m string --to 55 --algo kmp --hex-string '|fe ff ff ff 31 32 33 20|' -j DROP
iptables -I INPUT -p udp --dport 27015 -m string --to 55 --algo kmp --hex-string '|ff ff ff ff 55 00 00 00 00|' -j DROP

in reality this should not cause delay and eliminates a percentage of unwanted packages.


To the start Previous 1 2 Next To the start
Log in to replyGeneral overviewCS2D overviewForums overview