Page MenuHomeFeedback Tracker
Create Task
Maniphest T83469

Layer 7 DDOS + amplification attacks, patch the game plz
Closed, ResolvedPublic
Actions

Description

Anyone sending udp paquets with spoofed ip addresses to arma3 server port or steam query port will make the CPU go 100% and completly freeze the server (RDP impossible, hard reboot needed).

After some research this is an old issue:
https://forums.bistudio.com/topic/127167-patch-the-game-to-prevent-ddos-exploit-please/

You want a repro, give me an IP and a time.

I joined a perl script that reproduce it (you need a machine that allow ip spoofing).
usage: perl a2s_info.pl <ip>

Plus you can make amplification attacks using A2S_info on steam query port (what is in the perl script)
https://developer.valvesoftware.com/wiki/Server_queries#A2S_INFO

This script can take down server with very low bandwidth (a 4mbps attack was sucessfull on an OVH ddos protected server)

We are getting attacked every day and the attackers even made a facebook page where they post every french altis life they take down using this method.

This is serious.

Details

Legacy ID
477095565
Severity
None
Resolution
Duplicate
Reproducibility
Always
Category
Server

Event Timeline

Manzarek set Category to Server.Aug 9 2015, 11:42 PM
Manzarek set Reproducibility to Always.
Manzarek set Severity to None.
Manzarek set Resolution to Duplicate.
Manzarek set Legacy ID to 477095565.May 8 2016, 12:30 PM
© Bohemia Interactive a.s. Bohemia Interactive® is a registered trademark of Bohemia Interactive a.s. All rights reserved. · Privacy Policy · Terms and Conditions