METIN-2 / METIN2 and other illegal software- don't ask for assistance on these forums.

Status
Not open for further replies.
"I don't know metin2 server file is illegal" .. "Now it is not about metin2" ... sure. Goodbye!
 
[METIN 2 SUBJECT: CLOSED] Syn Flood

hi
i'm new user of FreeBSD and i learn to use Paquet filter and configure it
but now , i'm victim of syn flood attack every day

i'm configure Paquet filter on my server but my serveur is
still attack and sometimes , i haven't acces to my serveur ....

Code:
# macro 
tcp_services = "{domain, auth, 3389, 71}"
udp_services = "{domain, 123}"
metin2auth = "{13099, 13004, 13003, 13002, 13001, 13000, 11002}"

set skip on lo0

block in all
block out all 

#on autorise le ping
pass in quick on em0 proto { icmp icmp6 }

block in quick on em0 from any to 37.59.49.28

#pass out proto tcp to any port $tcp_services
pass in proto tcp to any port $tcp_services
pass proto udp to any port $udp_services


#pass out proto tcp to any port $metin2auth

pass in proto tcp to any port $metin2auth
pass proto udp to any port $metin2auth


#IP BANNI
table <blackhole> persist file "/etc/pf.blackhole"
block quick from <blackhole>
block quick to   <blackhole>

pass inet proto tcp from any to any port ssh flags S/SA keep state (max-src-conn 5, max-src-conn-rate 5/30, overload <blackhole> flush global)

I am looking for protect this attack


an exemple
Code:
# netstat -an | grep SYN_RECV
tcp 0 0 10.xxx.xxx.xxx 237.177.154.8:25882 SYN_RECV -
tcp 0 0 10.xxx.xxx.xxx 236.15.133.204:2577 SYN_RECV -
tcp 0 0 10.xxx.xxx.xxx 127.160.6.129:51748 SYN_RECV -
tcp 0 0 10.xxx.xxx.xxx 230.220.13.25:47393 SYN_RECV -

i use FreeBSD 9.1
 
[METIN 2 SUBJECT: CLOSED] IPFW Problem to many dynamic rules help

I'm get SYN attacks and use ipfw on FreeBSD 9.1 64 bit. I have a problem:
Code:
ipfw install_state too many dynamic rules

My ipfw.conf

Code:
IPF="ipfw -q add"
ipfw -q -f flush

################################################# 
# Giris Ä°zini 127.0.0.1 
################################################# 
$IPF 10 allow all from any to any via lo0 
$IPF 11 deny all from any to 127.0.0.0/8 
$IPF 12 deny all from 127.0.0.0/8 to any 
$IPF 13 deny tcp from any to any frag 

################################################# 
# Åžartlar Kodlama 
################################################# 
$IPF 14 check-state 
$IPF 15 allow tcp from any to any established 
$IPF 16 allow all from any to any out keep-state 
$IPF 17 allow icmp from any to any 

################################################# 
# Çıkış İzini   Alan Portlar  
################################################# 
$IPF 18 allow tcp from any to any 22 setup keep-state
$IPF 19 allow tcp from any to any 13000 setup keep-state
$IPF 20 allow tcp from any to any 13001 setup keep-state
$IPF 21 allow tcp from any to any 16000 setup keep-state
$IPF 22 allow tcp from any to any 18000 setup keep-state
$IPF 23 allow tcp from any to any 21000 setup keep-state
$IPF 24 allow tcp from any to any 3306 setup keep-state
$IPF 25 allow tcp from any to any 11005 setup keep-state
$IPF 26 allow udp from any to any 22 keep-state
$IPF 27 allow udp from any to any 13000 keep-state
$IPF 28 allow udp from any to any 13001 keep-state
$IPF 29 allow udp from any to any 16000 keep-state
$IPF 30 allow udp from any to any 18000 keep-state
$IPF 31 allow udp from any to any 21000 keep-state
$IPF 32 allow udp from any to any 3306 keep-state
$IPF 33 allow udp from any to any 11005 keep-state
####################################################
#Saldırı Paket Veri Kısıtlama
####################################################
ipfw add 409 allow tcp from any to me 22 in via em0 setup limit src-addr 20
ipfw add 410 allow tcp from any to me 13000 in via em0 setup limit src-addr 10
ipfw add 411 allow tcp from any to me 13001 in via em0 setup limit src-addr 10
ipfw add 412 allow tcp from any to me 16000 in via em0 setup limit src-addr 10
ipfw add 413 allow tcp from any to me 21000 in via em0 setup limit src-addr 10
ipfw add 414 allow tcp from any to me 18000 in via em0 setup limit src-addr 10
ipfw add 415 allow tcp from any to me 11005 in via em0 setup limit src-addr 5
ipfw add 416 allow tcp from any to me 3306 in via em0 setup limit src-addr 10
ipfw add 419 allow udp from any to me 22 in via em0 setup limit src-addr 80
ipfw add 420 allow udp from any to me 13000 in via em0 setup limit src-addr 80
ipfw add 421 allow udp from any to me 13001 in via em0 setup limit src-addr 80
ipfw add 422 allow udp from any to me 16000 in via em0 setup limit src-addr 80
ipfw add 423 allow udp from any to me 21000 in via em0 setup limit src-addr 80
ipfw add 424 allow udp from any to me 18000 in via em0 setup limit src-addr 80
ipfw add 425 allow udp from any to me 11005 in via em0 setup limit src-addr 50
ipfw add 426 allow udp from any to me 3306 in via em0 setup limit src-addr 50
$IPF 34 allow all from mywebserverip to me
$IPF 36 allow all from myip to any 14000
$IPF 37 allow all from myip to any 14000
$IPF 38 deny all from any to me 14000
$IPF 39 allow all from myip to any 17000
$IPF 40 allow all from myip to any 17000
$IPF 41 deny all from any to me 17000
$IPF 42 allow all from myip to any 20000
$IPF 43 allow all from myip to any 20000
$IPF 44 deny all from any to me 20000
$IPF 45 allow all from myip to any 22000
$IPF 46 allow all from myip to any 22000
$IPF 47 deny all from any to me 22000
$IPF 48 allow all from myip to any 12000
$IPF 49 allow all from myip to any 12000
$IPF 50 deny all from any to me 12000
$IPF 51 allow all from myip to any 14001
$IPF 52 allow all from myip to any 14001
$IPF 53 deny all from any to me 14001
$IPF deny log all from any to any


My sysctl.conf:
Code:
net.inet.ip.fw.dyn_max=65536
net.inet.ip.fw.dyn_buckets=1024
net.inet.ip.fw.dyn_ack_lifetime=60
 
There's usually little need for keep-state on incoming traffic to services as you already know you want to allow traffic for them. Please re-evaluate why you need keep-state.

If you still want to use keep-state, you'll have to play around with limiting the number of states allowed per source IP, state timeout (net.inet.ip.fw.dyn_*_lifetime), or increasing net.inet.ip.fw.dyn_max (and net.inet.ip.fw.dyn_buckets?) to higher values. AFAIK, it's not capped to 65k.

I also have a few other comments on your ruleset.
1) Generally, don't use "from any to any" in allow rules.
2) Don't add an allow rule unless you know you want it. For example: Why do you allow udp to port 22?
3) Make a distinction between incoming and outgoing traffic.
4) For readability, you might want to re-arrange your configuration file so that the rules are sorted in ascending order within each 'group' of rules. Currently, "Saldırı Paket Veri Kısıtlama" ("Attack Packet Data Restriction"?) adds a block of rules which will be used *after* the next block of rules.
 
can you write sample ipfw.rules ? ı dont understand your think
Savagedlight said:
There's usually little need for keep-state on incoming traffic to services as you already know you want to allow traffic for them. Please re-evaluate why you need keep-state.

If you still want to use keep-state, you'll have to play around with limiting the number of states allowed per source IP, state timeout (net.inet.ip.fw.dyn_*_lifetime), or increasing net.inet.ip.fw.dyn_max (and net.inet.ip.fw.dyn_buckets?) to higher values. AFAIK, it's not capped to 65k.

I also have a few other comments on your ruleset.
1) Generally, don't use "from any to any" in allow rules.
2) Don't add an allow rule unless you know you want it. For example: Why do you allow udp to port 22?
3) Make a distinction between incoming and outgoing traffic.
4) For readability, you might want to re-arrange your configuration file so that the rules are sorted in ascending order within each 'group' of rules. Currently, "Saldırı Paket Veri Kısıtlama" ("Attack Packet Data Restriction"?) adds a block of rules which will be used *after* the next block of rules.
 
What application is listening on these ports 13000, 13001, 16000, 18000, 21000?
 
My website get blocked by the server

Hi guys, I have two servers and I'm running FreeBSD 8.3 and MySQL 5.5.30(server1). At the second one I've my website and it uses PHP to connect to my database (I don't know if this would help but the site gets a "lot" of traffic like 1000-1500 users/day).

My mysql config file is this:

Code:
[mysqld]
port = 3306
max_connections = 5500
myisam_sort_buffer_size = 64M
query_cache_size = 268435456
query_cache_type=1
query_cache_limit=26843545
join_buffer_size = 1M
read_buffer_size = 1M
sort_buffer_size = 2M
table_cache = 1024
thread_cache_size = 64
wait_timeout = 1800
connect_timeout = 10
max_allowed_packet = 16M
max_connect_errors = 10
query_cache_limit = 1M
query_cache_size = 32M
query_cache_type = 1
#log=/var/log/mysql.log

By the way , I am running IPFW to prevent my server to be damaged, and my config file is this:
Code:
$IPF 4 allow all from me to any 14000
$IPF 5 allow all from 127.0.0.0/8 to any 14000
$IPF 6 deny all from any to me 14000
$IPF 7 allow all from me to any 14001
$IPF 8 allow all from 127.0.0.0/8 to any 14001
$IPF 9 deny all from any to me 14001
$IPF 10 allow all from me to any 17000
$IPF 11 allow all from 127.0.0.0/8 to any 17000
$IPF 12 deny all from any to me 17000
$IPF 13 allow all from me to any 12000
$IPF 14 allow all from 127.0.0.0/8 to any 12000
$IPF 15 deny all from any to me 12000
$IPF 16 allow all from me to any 16001
$IPF 17 allow all from 127.0.0.0/8 to any 16001
$IPF 18 deny all from any to me 16001
$IPF 19 allow all from me to any 16002
$IPF 20 allow all from 127.0.0.0/8 to any 16002
$IPF 21 deny all from any to me 16002
$IPF 22 allow all from me to any 17001
$IPF 23 allow all from 127.0.0.0/8 to any 17001
$IPF 24 deny all from any to me 17001
$IPF 25 allow all from me to any 19000
$IPF 26 allow all from 127.0.0.0/8 to any 19000
$IPF 27 deny all from any to me 19000
$IPF 28 allow all from me to any 19001
$IPF 29 allow all from 127.0.0.0/8 to any 19001
$IPF 30 deny all from any to me 19001
$IPF 31 allow all form any to me 11002
$IPF 32 allow all from any to me 13000
$IPF 33 allow all from any to me 13001
$IPF 34 allow all from any to me 16000
$IPF 35 allow all from any to me 16001
$IPF 36 allow all from any to me 18000
$IPF 37 allow all from any to me 18001
$IPF 38 allow all from any to me 3306
$IPF 39 allow all from any to me 80
$IPF 40 allow all from any to me 21
$IPF 41 allow all from IF_of_my_host to me 3306
$IPF 10000 allow all from any to any via lo0
$IPF 20000 deny all from any to 127.0.0.0/8
$IPF 30000 deny all from 127.0.0.0/8 to any
$IPF 40000 allow all from any to any

Well, the main problem that I have is that my web-server get banned in like 12 hours and I got from it mysql_connect() [function.mysql-connect]: Can't connect to MySQL server which I think that mean that my web-hosting is blocked. I don't understand very well where is the problem, because if I reboot the server the website starts to works again :q

Any idea? Thanks you so much.
 
The firewall rules are... odd. What software are you running? Why would users want to attack your server? What are the firewall rules meant to stop?
 
wblock@ said:
The firewall rules are... odd. What software are you running? Why would users want to attack your server? What are the firewall rules meant to stop?
I am running a game server. My server never goes down but the web stops working with an unknown reason for me, it's seems like the firewall block it but I don't know why.
 
You're certainly not the first coming in here complaining about 'being attacked' while running an illegal METIN2 server. So it is related and we won't allow this topic any further. Find another venue for your problem.
 
Message after login

How i can change this message :

7r5g.png
 
a small question about FreeBSD 8.3

hello
how are you all ?
I'll buy a VPS server to make metin2 PServer on it
the question is
is the metin2 PServer run on 8.3 ?
and the FreeBSD 8.3 work with Arabic language ?
 
Fake ip address

I have installed freebsd FreeBSD 9.1 and I have installed a buggy application that is a server and sends to a client the PC IP, but the PC is behind a router and it sends the internal IP address (192.168.0.1). Is there any way to set up a fake IP address on the PC and when the app requests the PC IP address it will see the external IP (89.xx.xx.xx)?
 
it is a metin2 server but it couldn't be modified (only by asm and reverse enginering)
 
Libraries for 64 bit

I installed a gameserver on FreeBSD 9.0 and it says that I don't have some libraries. Can someone give me all libraries for FreeBSD 9.0 x64 bit?
 
Status
Not open for further replies.
Back
Top