1 
Offline
Forum
CS2D General Last server to appear in the serverlist
Last server to appear in the serverlist
20 replies
mrc: it is due to firewall security groups configured in your virtual machine or in your administration panel.(security group).
Pd. You must configure the IP range allowed for your servers to appear quickly and if you have an antidic configuration, it should also be checked.
Pd. Remember that when you add an antiddos configuration, what you add is actually another ip that receives the traffic and sends it to your server and that generates additional latency.
in a few words so that your server appears quickly you must open the correct port ranges, eliminate the ip antiddos, and configure the ports within your operating system that you want.
edited 2×, last 13.04.18 10:30:07 pm
systemctl stop firewalld
systemctl disable firewalld
then it solved my problem, BUT I think my server isnt secure for DDoS. I'll take a look on it. Do you have any suggestion so I can configure here?
edited 1×, last 13.04.18 10:35:25 pm
If you want you can contact me by discord, I am willing to help you with your problem.
mrc, cs2d_is_a_Gem knows all the settings so that the server appears from the second 1 when opening the list of servers, i think you should contact him It should be sufficient to add a firewall exception for the UDP port of your CS2D server. This way all other traffic will still be checked by the firewall.
I assume what's going on if you have the firewall enabled is this:
people send an info request via the server list (this happens automatically when opening the server list) your server's firewall rejects the request because it's from an unknown address after a while U.S.G.N.'s NAT hole punching algorithm kicks in. This means the client (who opened the server list) will send a request to a U.S.G.N. master server which will then tell your server to send a message to the client. The master server can only reach your server because your server already sent data to the master server beforehand. After your server sent a message to the client, subsequent info request can pass the firewall.NAT hole punching takes some time. And depending on circumstances it may only work on the second server list load / on re-load. This would explain why your server appears but with a huge delay.
DC: but adding an exception for my 36963 udp port (for example) wouldnt make my CS2D server vulnerable if the attacker uses the 36963 udp port to attack? 
The only solution is to have a super fast download speed so that the attack does not flood your network card with incoming requests.
my connection is 967.18, if the attack is 967.19, my server will fall with or firewall configuration.
2x edit: Antiddos solutions are not designed for online games at the moment.
Quote
I assume what's going on if you have the firewall enabled is this:
• people send an info request via the server list (this happens automatically when opening the server list)
• your server's firewall rejects the request because it's from an unknown address
• after a while U.S.G.N.'s NAT hole punching algorithm kicks in. This means the client (who opened the server list) will send a request to a U.S.G.N. master server which will then tell your server to send a message to the client. The master server can only reach your server because your server already sent data to the master server beforehand. After your server sent a message to the client, subsequent info request can pass the firewall.
• people send an info request via the server list (this happens automatically when opening the server list)
• your server's firewall rejects the request because it's from an unknown address
• after a while U.S.G.N.'s NAT hole punching algorithm kicks in. This means the client (who opened the server list) will send a request to a U.S.G.N. master server which will then tell your server to send a message to the client. The master server can only reach your server because your server already sent data to the master server beforehand. After your server sent a message to the client, subsequent info request can pass the firewall.
that does not matter on a website since websites are generally used as an antiddos system and take a while to load.
ip Antiddos system:
there are also pages that do not take long to load as youtube, but those pages have a connection of approximately 100 terabytes and support almost any attack.
On the other hand, it is easier to make an attack instead of stopping it
pro ddos atack:
there are many threads about these cases so I gave a little clearer explanation.
edited 2×, last 14.04.18 01:30:26 am
cs2d_is_a_Gem: DDoS is just one of many possible attacks. There are many other attacks which can be stopped with the right firewall rules. Even DDoS can be weakened with the right rules. Depending on the strength of the attack of course. If the attack takes all the bandwidth a firewall won't help for obvious reasons.Also there is no relation between what you quoted from me and what you wrote. N.A.T. hole punching is neither an attempt to protect something nor related to DDoS in any way. It's just a way to make servers behind routers/firewalls accessible.
DC: it is not the only attack that locks cs2d servers, but it is the most common.the only isolated case that I know is that of one of rodion, which disabled the linux servers without protection.
with a little program that that kind development.
Anyway, I do not think this is the case.
edit: @
DC: I am clear that NAT has nothing to do with the firewall or with ddos, only that he points out that he previously used an IP address antidoos and showed him how that IP worked, since that generated an additional delay and his servers were slow to appear .anyway, in your comment you're right, My ability to express myself in this language is bad and I do not understand myself well.
@
mrc: look for a vps with a good cpu since incoming requests usually saturate the cpu before your bandwidth and that causes your dedicated to freeze during the attack lasts.that was the solution that worked best for me, you can also use a small firewall configuration that weakens the attack a bit.
edited 2×, last 14.04.18 04:49:12 am
I assume that the firewall simply discards unknown incoming UDP traffic like described before. This way malicious UDP packets don't arrive at CS2D and do not cause CPU load there.
The firewall can most likely handle more packets with less CPU load. That's why it works.
Maybe there is a way to adjust the firewall rules? e.g.: first X UDP packet(s) from an unknown source IP are always allowed to pass and if CS2D replies within a few seconds the address gets white listed otherwise black listed. Not sure if the firewall you're using allows such complex rules.
mrc: Centos 7 ;oPerhaps something like this helps in reducing the number of connection attempts:
1
2
2
iptables -I INPUT -p udp --dport 27015 -m string --to 55 --algo kmp --hex-string '|fe ff ff ff 31 32 33 20|' -j DROP iptables -I INPUT -p udp --dport 27015 -m string --to 55 --algo kmp --hex-string '|ff ff ff ff 55 00 00 00 00|' -j DROP
in reality this should not cause delay and eliminates a percentage of unwanted packages.
