Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Results 1 to 7 of 7
  1. November 9th, 2015, 10:59 PM #1
    maxi1990
    maxi1990 is offline -= TeamSpeak Fanatic =-
    Join Date
    July 2006
    Posts
    1,600

    DDoS against virtualserver - server doesn't accept new connections

    I've just had the following issue (thrice during the last 4 days):

    DDoS against a specific virtualserver port on udp (about 10MBit/s) for about 100 secods (3 bursts), all connected clients dropped. After the attack, nobody was able to reconnect unless I restarted the specific virtualserver. All other running virtualservers were not affected and continued running smoothly.

    I can provide a tcpdump if neccessary. While I understand that there is nothing much I can do about DDoS, the virtualserver should continue running/accepting clients after the attack stopped which is the main reason for this bug report.

    Server data:
    GNU/Linux Debian Wheezy (kvm virtual machine)
    Current server version 3.0.11.4
    Database backend sqlite
    Server load was normal ~0.25 around the attack
    Network connection 1GBit/s shared
    Note: the linux server uses CET while the teamspeak server seems to use utc timestamps in logs.
    Reply With Quote Reply With Quote
  2. November 10th, 2015, 10:18 AM #2
    dante696
    dante696 is offline
    Join Date
    June 2008
    Posts
    18,513
    Please check your server logs (instance and vserver), when user has dropped.
    The server has a mechanism, that blocks connections for a while and prints a message then.

    the message looks like:
    Code:
    2015-10-18 18:27:52.445215|INFO    |              |   | Increased protection level to: 1
    I'm not sure if it was in instance or vserver log and i'm not 11% sure how this mechanism works.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?
    Reply With Quote Reply With Quote
  3. November 10th, 2015, 11:05 AM #3
    maxi1990
    maxi1990 is offline -= TeamSpeak Fanatic =-
    Join Date
    July 2006
    Posts
    1,600
    No such message is shown in any logs. I am logging all except serverquerycommands.
    Here is ts3server.ini: https://pbot.rmdir.de/RkS5T-s3eFbAZ6fZM2y94g

    One attack took place at 01:19 a.m. and no new clients were able connect until I restarted the server at 10:54 a.m. Again, no entry in any log is found about any kind of protection.

    I doubt that this is the desired behaviour. Please inform Ralf about the issue.

    Regards,

    Max
    Reply With Quote Reply With Quote
  4. November 10th, 2015, 11:25 AM #4
    dante696
    dante696 is offline
    Join Date
    June 2008
    Posts
    18,513
    I will talk to a server dev* about that issue.
    It's something we never experienced while our test server was attacked over months.


    *no it's not Ralf.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?
    Reply With Quote Reply With Quote
  5. November 10th, 2015, 11:35 AM #5
    maxi1990
    maxi1990 is offline -= TeamSpeak Fanatic =-
    Join Date
    July 2006
    Posts
    1,600
    Quote Originally Posted by dante696 View Post
    I will talk to a server dev* about that issue.
    It's something we never experienced while our test server was attacked over months.
    Thanks, I appreciate that.

    If you guys need the tcpdump, just let me know.
    Reply With Quote Reply With Quote
  6. November 10th, 2015, 12:34 PM #6
    dante696
    dante696 is offline
    Join Date
    June 2008
    Posts
    18,513
    Our dev has an idea about that. It's problem with a race condition in boost.
    We fixed this already in an upcomming* server release 3.0.12.

    No release date yet
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?
    Reply With Quote Reply With Quote
  7. November 10th, 2015, 12:45 PM #7
    maxi1990
    maxi1990 is offline -= TeamSpeak Fanatic =-
    Join Date
    July 2006
    Posts
    1,600
    Quote Originally Posted by dante696 View Post
    Our dev has an idea about that. It's problem with a race condition in boost.
    We fixed this already in an upcomming* server release 3.0.12.
    Thanks for the quick answer.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. VirtualServer Doesn't appear in the web list
    By kehnner in forum Server Support
    Replies: 6
    Last Post: October 14th, 2013, 09:04 AM
  2. How to solve: Server does not accept licensekey.dat
    By TheKilledDeath in forum Server Support
    Replies: 0
    Last Post: October 2nd, 2012, 09:54 AM
  3. Permissions from 1 virtualserver affect all virtualserver - no reset possible
    By foxxx in forum Permission System
    Replies: 6
    Last Post: May 13th, 2011, 03:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules