Okay, I know there is a Perl script for this, but it is not only tough to install, but can be insecure if you do not have your ini file configured properly. So I am designing a MUCH more user-friendly version, with a GUI for simple management.

What is TS Anti-Flood Tool?
There is a vulnerability with the TeamSpeak software which allows attackers to flood, on a massive scale, fake players. This can cause server lag, and the player joined notifications to indirectly Denial of Service attack a TS server. This tool will identify attacks, and stop them within seconds of them starting, making the attack laughable at most.

Recently, new hacks have allowed these fake players to be "un-bannable" - that is, you cannot click them and ban them, for you get an error. This tool is invulnerable to this new exploit. Furthermore, don't you hate it when you have no SA on your server and it gets flooded? This tool will guard against that.

Attached are screenshots of it in action!

The only thing missing from the pictures is when the ban is actually made, it will annouce to the server the IP of the attacker, so that they can perm-ban the person at a later time should they need to.

Features
- The engine does all the work. The GUI is merely there for ease of configuration and use. Once running, if there is a flood attack on ANY of your hosted servers, it will automatically detect, and ban based on your preset configurations.
- Advanced configurations allowing you to specify the automatic ban time length
- Ability to permanently ban all flooding IP's.

Let me know if you have any feature requests, questions, or other comments!
-Jdawgg

P.S. ETA is 1 week.

I'm sorry..

but you are crazy!

Every Server Admin they can install and setup Java can run a simple perl script.

Is there a no-gui version for servers without X11?

@DarkCyrus:
That's a good question...

;)

Yes, a non-GUI version will be released concurrently with the GUI version :).

@ bibabu

??? What do you mean "Install and setup Java"? Java can be automatically installed and packaged with my release... To install Java, you merely visit their website, download the binaries, or extract their zip archives... The idea behind Java is it is cross-platform, and very easy to use and setup. I mean, there is no "setup" involved other than installing the thing. Unless of course you're a developer, in which there is still hardly any additional setup required.

this seems to be the third anti-flood extension for teamspeak... anything new?

umm it's at least the 4th :D

Surely. One of the worst parts about the other anti-flood tools is the lack of implementation. Very few hosts I've seen can manage to actually employ the other tools to their clients. Why is this? Perhaps because of the complexity or difficulty of installation or operation of the others.

My tool will be easily configured to run as a startup operation under Windows, and one can imagine, Linux as well. It will be cross-platform to any OS thanks to the technology behind Java, and will be customizable.

Through a GUI or series of ascii-art-like command-line interfaces, you will be able to set the ban duration, sensativity level, as well as save logs of all detected attacks. You will also have the ability to manualy add or delete ban entires from the list, although I can't imagine this feature actually being used. Generaly speaking if somebody floods, you want it to stop. Further, if you want to ban someone manually, you can do that through the client. This feature will more or less be used to view the bans issued by the tool, so you can separate them from the client bans.

I initially wrote the UML for this project with the mindset to keep it one executable, and to not install or save settings. However, the new ideas and goals are going to require some configuration files, and thus, some level of insallation. So here is a rough idea of how the program works:

- When you first start the program, whether it be GUI or command-line, you'll have to configure it. You'll set a path to install it to, and enter your username and password, and path to log file.
- You will have the option to save the password, and for security reasons you may not want to (as the only way to do this is to save in plain text).
- Security features will include jarbled text files, randomly generated with each time its run, working under a proprietary algorithm, to store passwords in the event that is desired. The program will know how many bytes in a text file to look for the actual password. So stored passwords will be extremely hard to find, that is to say, even if a hacker can get at this file in the first place (they'd have total control over the box in order to do this).
- Finally, you merely put the executable in the directory you specified to install (it moves itself) and run it from that directory each time. It will detect the installation files are present, and start the program automatically. This makes configuring services very simple and hassel free.

So you ask if mine is different. I contend that it is. It is far more powerful than previous versions, and all this power with no effort from the end-user.

Any other questions or comments are welcomed :)

I can't understand you.
But do what you want to do.

Looks at the bulldog deamon.
There is allready a working cross-platform AntiFlood tool with many extras.

This tool comes with a Webinterface..you dont need any graphical interface.

Sorry, but a thread that goes on for pages with errors and complaints, and troubleshooting, is not my idea of a sound piece of software. I intend to make a tool that is easy-to-use, reliable, and will not act differently for different computer configurations. It all works on a very top-level basis where it interfaces with the top-level of TeamsSpeak, which should not be different for any installation of the TS2 server.

I mean even with the chat log, other tools I've seen require you to setup your log a certain way, including disabling the chat portion of it. Now I know why they ask you to disable the chat logging - so people can't send a chat with a bunch of IP's in a row and trick the daemon into thinking it is a flood attempt. But would it really be that much harder to write a good regular expression to weed out those lines that are part of the ChatLog and those that are part of the AccessLog?

So it is not a matter of, are there already tools out there that accomplish the same result. It is a matter of, you could be using a much easier tool, more reliable, and one that doesn't restrict your configuration of TeamSpeak by any means at all, other than requiring at the very least to enable access_r and access_u logging.

-JD

The new server version that is finally availabe for Linux AND Windows fixes the logging bug, so it should now be safe to have this log option enabled.

there are also programs like the one that was mentioned that just do not care about logging things :D but everything that is free and for the community is good ;) so waiting for your release

Well I was considering coding a tool in C++ that would be an in-between on the server-side. A simple daemon that intercepts the datagram packets BEFORE they reach the server, and decompile them and then store them in some data structure, and if there are too many of them within a certain time frame, ban the user.

The cool thing would be, they would be banned in my daemon, so then when they try to reconnect, they dont get through to the TS server (like a firewall). Then I realize, this is SWEET because then it lifts the 20 ban limit per server...

THEN I realized, I was basically coding a software firewall, and noticed how daunting of a task it actually was.

But if somebody actually has the time to do that, it would be extremely useful because it would also stop brute-force hacking as well. The only problem is, do code a project like that would be so hard I almost guarantee the coders would charge for it.

hmm I guess it becomes easier to write a new TeamSpeak than to do that.
If we include the part for reverse engineering the TS-Protocol this will take a long time.

When can we see a stable release of this tool?

Not sure. I want to release a new version of my TS Telnet tool before I get back to work on this. This tool more or less works, just occasionally it will ban a word rather than an IP :p. There is something not being cleaned up properly, and I really can't seem to find a pattern in when it fails, but occasionally it will detect a word as necessary to ban... Which doesn't make sense because my Regular Expression only allows for a [digit].[digit].[digit].[digit] so it is just a weird error that I have to work through.

Also I had someone ask me about security, and "what if somebody just types an IP over and over, will it get banned?" - the answer is no, I check to see if it is part of the ChatLog and if it is, I just skip over those lines of text.

A rough ETA, that is, ESTIMATED time of arrival, would be this Sunday probably.

-JD

Well my Telnet tool is almost done, just finished a new release of it, you can check it out below:

http://www.jtozone.com/TS%20Telnet%20Too%20v0.9.exe

So now that I did more work on that, I have focused some time on the Anti-Flood tool. I have a working BETA running and protecting my servers. Feel free to connect to, and attempt to flood, one of my servers:

IP: 129.21.61.65:8768

Note that it will ban you for 5 minutes upon flood initiation, and you will be stored in a log file. Not to worry, I am not going to do much to people who hit my server. I am just letting it run for a week to see if it is stable. I've tested it, and I know it works, so we'll see.

What I want to do in the mean time is add in a few more features:

- Notify the server that was just flooded the IP of the user it just banned, so they can chose to perm-ban them if they want.
- Setup occasional global messages to be sent, notifying servers they are being protected by the tool.
- Clean up the display, add the ability to Save Log, Clear Log, etc.

I'll let you all know as soon as I release this tool!
-JD

Okay guys, I updated my original post, so go to the first page for the most recent update. It includes 3 screenshots, one of my pimped out TS (that just shows the server messages that cycle) as well as the interface for the tool itself.

IMPORTANT:
A Linux version of the tool will be available concurrently with the release of the Windows version. The Linux version will be slightly different, the package will contain a .ini file and the binary. The binary will read the configuration settings from the INI file, and start accordingly.

Configurations will include the SuperAdmin login name, password, TCP port, Ban length (in minutes). All of these configurations will be set via an Advance config menu on the GUI Windows version.

A stable release? Soon. I don't want to rush it, I have to make the Linux version (not that hard, just rip out the GUI stuff and replace it with INI configuration reading) and then quickly test it to make sure it works. In the mean time, I am also giving this tool a stress-test on my server. Want to make sure it runs for a week, without crashing, getting out of sync, etc. If that happens, then I can assume it is stable and release public.

I also want to benchmark it. Right now it takes about 2 seconds to identify a flood and ban it, it is because of my original algorithm for identifying the bugs was experimental and I never updated it. Now that the program itself works, I think I have thought up a way to get it to recognize in it 500 miliseconds. I think I can get it to be faster than the TS2 Perlmod script that is so popular :).

Why TS Anti-Flood Tool again?

Well not all servers have Perl installed. To install perl, you need to have a far more advanced knowledge of computing than you do to install Java. Furthermore, you may need additional perl modules that do not come standard with the package you happened to download. For server admins, especially those who are just running a clan TS, that can be an impossible task. Java is so simple to install, and it is ready-to-go out of the box, no modules needed. You just run my tool and it works. Even better, if mine is faster than the TS2 Perlmod, that is just another reason to use it.

Let me know what you think!
-JD

Okay guys, I updated my original post, so go to the first page for the most recent update. It includes 3 screenshots, one of my pimped out TS (that just shows the server messages that cycle) as well as the interface for the tool itself.

IMPORTANT:
A Linux version of the tool will be available concurrently with the release of the Windows version. The Linux version will be slightly different, the package will contain a .ini file and the binary. The binary will read the configuration settings from the INI file, and start accordingly.

Configurations will include the SuperAdmin login name, password, TCP port, Ban length (in minutes). All of these configurations will be set via an Advance config menu on the GUI Windows version.

A stable release? Soon. I don't want to rush it, I have to make the Linux version (not that hard, just rip out the GUI stuff and replace it with INI configuration reading) and then quickly test it to make sure it works. In the mean time, I am also giving this tool a stress-test on my server. Want to make sure it runs for a week, without crashing, getting out of sync, etc. If that happens, then I can assume it is stable and release public.

I also want to benchmark it. Right now it takes about 2 seconds to identify a flood and ban it, it is because of my original algorithm for identifying the bugs was experimental and I never updated it. Now that the program itself works, I think I have thought up a way to get it to recognize in it 500 miliseconds. I think I can get it to be faster than the TS2 Perlmod script that is so popular :).

Why TS Anti-Flood Tool again?

Well not all servers have Perl installed. To install perl, you need to have a far more advanced knowledge of computing than you do to install Java. Furthermore, you may need additional perl modules that do not come standard with the package you happened to download. For server admins, especially those who are just running a clan TS, that can be an impossible task. Java is so simple to install, and it is ready-to-go out of the box, no modules needed. You just run my tool and it works. Even better, if mine is faster than the TS2 Perlmod, that is just another reason to use it.

Let me know what you think!
-JD
i used pxperl for my perl install. it was great. but if you can get this to work with the newest beta version of the server while ScP works on a new version of the ts2perlmod that would be sweet.

i used pxperl for my perl install. it was great. but if you can get this to work with the newest beta version of the server while ScP works on a new version of the ts2perlmod that would be sweet.
Unless the new server has changed the TCP query commands and log file attributes, new binaries should have no effect on my program. Incidentally, I should probably get the new BETA binaries anyway just to be sure.

Thanks for bringing that to my attention.