Forum

Results 1 to 13 of 13
  1. #1
    Join Date
    December 2013
    Location
    UA
    Posts
    13

    Question Teamspeak resource overflow

    Hello.
    I have 1024 MB RAM and 2.6 GHz single-core resourced machine and I am sometimes experiencing spoofed UDP-flood on my Teamspeak port. I decided to filter packets using iptables firewall regarding to high resource requirement by Teamspeak server doing it itself. So I added a rule to throw away packets that have size less than 41 and more than 528 bytes (I checked normal traffic exchange and found that legal packets' size are in these bounds). So where I test this protection and try to flood Teamspeak with packets sized out of these bounds all is OK. But when I set for example 75 bytes and flood with 75-byted packets, Teamspeak begins to eat all my CPU time (~120 %). My TS server version is 3.0.10.2, Linux platform.

  2. #2
    Join Date
    June 2008
    Posts
    18,405
    Can you see and add something from your server logs?
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  3. #3
    Join Date
    December 2013
    Location
    UA
    Posts
    13
    Quote Originally Posted by dante696 View Post
    Can you see and add something from your server logs?
    Nope. There is nothing to look at.

  4. #4
    Join Date
    June 2008
    Posts
    18,405
    Please show us the server log (or logs)
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  5. #5
    Join Date
    December 2013
    Location
    UA
    Posts
    13
    Here it is.

    2013-12-20 15:52:49.432902|INFO |ServerLibPriv | | TeamSpeak 3 Server 3.0.10.2 (2013-12-02 08:19:01)
    2013-12-20 15:52:49.433223|INFO |ServerLibPriv | | SystemInformation: Linux 2.6.32-431.1.2.0.1.el6.i686 #1 SMP Fri Dec 13 11:45:23 UTC 2013 i686 Binary: 32bit
    2013-12-20 15:52:49.436503|INFO |DatabaseQuery | | dbPlugin name: MySQL plugin, (c)TeamSpeak Systems GmbH
    2013-12-20 15:52:49.436556|INFO |DatabaseQuery | | dbPlugin version: 1
    2013-12-20 15:52:49.448382|WARNING |Accounting | | Unable to find valid license key, falling back to limited functionality
    2013-12-20 15:53:02.061458|INFO | | | Puzzle precompute time: 12102
    2013-12-20 15:53:02.061849|INFO |FileManager | | listening on 0.0.0.0:30033
    2013-12-20 15:53:02.176073|INFO |CIDRManager | | updated query_ip_whitelist ips: 127.0.0.1, **some more IPs**,
    2013-12-20 15:53:02.177217|INFO |Query | | listening on 0.0.0.0:10011

    2013-12-20 15:53:02.175762|INFO |VirtualServer | 1| listening on 0.0.0.0:9987

    Also ksoftirqd/1 and migration/1 processes are requesting too much CPU resources during the attack too.

  6. #6
    Join Date
    December 2013
    Location
    UA
    Posts
    13
    I am now thinking how to protect TS3 traffic as effective as it could be done. I don't mind computing packet's HEX before giving it to Teamspeak. I decided to setup size-based protection but now I have new problem, which is described upper.

  7. #7
    Join Date
    June 2011
    Location
    Germany
    Posts
    4,371
    Can you provide a log related to your problem not just a random log for a normal server start?

  8. #8
    Join Date
    December 2013
    Location
    UA
    Posts
    13
    It is a log related to my problem. This log was created when flooding Teamspeak and also when Teamspeak server started when flooding. I noticed that there are no differences between "normal log" and "log related to my problem".

  9. #9
    Join Date
    April 2011
    Location
    Germany
    Posts
    1,266
    The "Puzzle precompute time" is amazingly high, are you sure that your computer has enough CPU ressources to actually run teamspeak?!

  10. #10
    Join Date
    December 2013
    Location
    UA
    Posts
    13
    I am. I noticed that I started teamspeak at the same time when flooding on its port.

  11. #11
    Join Date
    December 2013
    Posts
    1
    Same problem right here.

    Name:  5UZej.png
Views: 725
Size:  2.0 KB

    The beta version might have causes this.


    --edit--

    So I changed beta=true to false in update.ini, started the update.exe.

    Everything is fine for me again.
    Last edited by diesulke; December 22nd, 2013 at 05:24 PM. Reason: Fixed.

  12. #12
    Join Date
    December 2013
    Location
    UA
    Posts
    13
    I mean server, not client.

  13. #13
    Join Date
    December 2013
    Location
    UA
    Posts
    13
    Solved.
    I now filter packets by u32 module from iptables. I read normal traffic excange packets and will receive only them:
    -A INPUT -p udp -m udp --dport 9987 -m u32 --u32 0x6&0xffff=0x7711 -j ACCEPT
    This is in case to drop anything that is not accepted.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Possible new Teamspeak 3 overflow or hack or something?
    By GSGDani in forum General Questions
    Replies: 1
    Last Post: August 29th, 2011, 11:31 PM
  2. Resource Record Abfrage mit TeamSpeak 3
    By Elradon in forum Suggestions and Feedback
    Replies: 15
    Last Post: December 31st, 2008, 08:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •