Forum

Results 1 to 12 of 12
  1. #1
    Join Date
    June 2011
    Location
    Baghdad, Iraq
    Posts
    367

    Solved TeamSpeak can be used for outgoing DDoS attacks??? (is it true?)

    Hello,

    Our server got UDP ddos attack 2 days ago we talked to our VPS host (which hosts the server since over a year)

    when we told them we only host TeamSpeak 3 server on that VPS thy said:

    Teamspeak can be used for outgoing DDoS attacks - This was likely an revenge attack.
    Can you remove the TS3 server? As per our ToS we'd like to ask for it as it *will* cause issues again - It's simply a coding problem on their side.
    its the first time i hear about something like this so is it true by any chance??
    we never attacked anyone and never got any abuse complains with our IP/TeamSpeak involved

    Thanks

  2. #2
    Join Date
    June 2012
    Location
    Portugal
    Posts
    317
    No teamspeak server can't. An hosting saying that really shows what type of knowledge it has, very trusting.
    However teamspeak servers are often target of ddos attacks. Get a VPS or Kimsufi 2G with OVH and you have a good ddos protection.

  3. #3
    Join Date
    June 2011
    Location
    Baghdad, Iraq
    Posts
    367
    When i asked them about it thy said
    By UDP Reflection, a query is sent with a spoofed IP (the target) and has for example 2 packets size - Your TS server sends 1000 packets back, if you do this with enough requests it ends in a DDoS attack.

  4. #4
    Join Date
    October 2010
    Location
    Warsaw / Poland
    Posts
    296
    They obviously have NO IDEA how teamspeak in fact works, it's even impossible to get 1000 packets back by a few packets being sent. It's not a freaking dns server to get such results.

  5. #5
    Join Date
    September 2013
    Posts
    2
    Same thing in my server, my host turned off the machine and showed me a log where it seemed like i was attacking an IP from the udp ports of my teamspeak servers. Is there any way to fix?

  6. #6
    Join Date
    June 2012
    Location
    Portugal
    Posts
    317
    It might happen but I can't believe TS3 server has a huge amplification.
    Maybe the devs can confirm this?

  7. #7
    Join Date
    June 2011
    Location
    Baghdad, Iraq
    Posts
    367
    Quote Originally Posted by barricas View Post
    It might happen but I can't believe TS3 server has a huge amplification.
    Maybe the devs can confirm this?
    thats why am asking

  8. #8
    Join Date
    September 2013
    Posts
    2
    any iptables rule?

  9. #9
    Join Date
    October 2010
    Location
    Warsaw / Poland
    Posts
    296
    Quote Originally Posted by Stagno View Post
    any iptables rule?
    Should work by limit outgoing UDP traffic per user to ~8-10 KiB/s.

  10. #10
    Join Date
    June 2011
    Location
    Baghdad, Iraq
    Posts
    367
    well.. still waiting reply from the devs is this possible? is it effected by permissions ? anything ?

  11. #11
    Join Date
    June 2002
    Location
    Netherlands
    Posts
    1,049
    A little more nuance:

    The hoster was right in that 3.0.7.1 or older server could be used for udp reflection and amplification, which can cause an effective dos attack.

    The latest ts3 servers (3.0.8 and above) can not be used in amplification attacks. That is to say a unconnected ip can send a small packet to a ts3 server and the ts3 server will reply with a packet that is the same size or smaller, and only for these small packets. This is comparable to tcp syn and syn-ack packets.

    The latest ts3 servers can still be used for reflection in the same way any tcp server can be used for reflection. We could rate limit how much packets/s a ts3 server sends back to an unconnected ip. But this enables a dos attack on a ts3 server. (An attacker could send init packets with an spoofed ip, of the person he wants not to join the ts3 server).

    So my conclusion would be that the 3.0.8 and higher ts3 server can only be used in dos attacks, like any other tcp server can be used.

    Small edit:
    I want to make clear the new ts3 servers are even less harmful with reflection attacks that all normal tcp servers (like web or mail servers) because ts3 servers only send 1 reply to an incoming packet, while a tcp server sends several replies to an tcp-syn packet.
    Last edited by nwerensteijn; September 9th, 2013 at 04:33 PM. Reason: small edit to make clear ts3 is less harmfull than tcp

  12. #12
    Join Date
    June 2011
    Location
    Baghdad, Iraq
    Posts
    367
    ok thanks for clearing this

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 1
    Last Post: February 2nd, 2015, 09:11 AM
  2. Question about DDos attacks...
    By Barrybe in forum Permission System
    Replies: 3
    Last Post: December 5th, 2013, 05:00 PM
  3. Replies: 9
    Last Post: October 28th, 2010, 08:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •