Server Help

General Questions - WARNING: Packet flood
Maverick - Thu Apr 21, 2005 3:37 pm
Post subject: WARNING: Packet flood
(I tried searching for this already but it returned all of the newest posts instead of search results - sorry if this is a stupid question :/ )

From time to time as sysop I get red error messages of connection or packet floods.
Quote:
WARNING: Connection flood from 199.xxx.xxx.10

Quote:
WARNING: Packet flood from 69.xxx.xxx.123


Most of the time the packet floods are after a series of other error messages, thus the problem is easily identifiable. But sometimes they just come out of nowhere.

What do those warnings mean? I can imagine that connection flood is a warning that someone tried connecting to the zone with a wrong password to often?
Packet floods, obvious what happens, but I doubt the zone is getting DOS'ed ?
Solo Ace - Thu Apr 21, 2005 3:44 pm
Post subject:
I doubt the zone is getting Disk Operating System'd too.
Kidding. sa_tongue.gif
Maybe the zone is running on a service port (1 - 1023) and the clients are [spiders, bots, worms, whatever] which connect to the server assuming another protocol?
Just guessing; Looks strange, maybe running a packetlogger on the clients to see what's going on might resolve the cause?
Mr Ekted - Thu Apr 21, 2005 4:13 pm
Post subject:
Solo Ace wrote:
I doubt the zone is getting Disk Operating System'd too.
Kidding. sa_tongue.gif
Maybe the zone is running on a service port (1 - 1023) and the clients are [spiders, bots, worms, whatever] which connect to the server assuming another protocol?
Just guessing; Looks strange, maybe running a packetlogger on the clients to see what's going on might resolve the cause?


SS is UDP. Most standard protocols run on TCP exclusively. They are not the same port. It's most likely an issue with the way Cont encrypts packets. 1 out of every 65536 packets, the encrypted packet gets the form 00 01 which looks like a connection request. If the packet is reliable, the client will retry until acknowledged or a timeout occurs. This triggers connection flood.
Solo Ace - Thu Apr 21, 2005 4:25 pm
Post subject:
I thought of that while writing it, I meant a protocol mismatch at a higher layer, though.

Anyway, your explaination seems to fit the problem better. sa_tongue.gif
Maverick - Thu Apr 21, 2005 4:34 pm
Post subject:
Ekted, same can happen with the packet flood warning?
Mr Ekted - Fri Apr 22, 2005 2:10 am
Post subject:
Maverick wrote:
Ekted, same can happen with the packet flood warning?


Not sure about specifics, but I think so.
Maverick - Fri Apr 22, 2005 4:52 am
Post subject:
ok, thanks ekted & Solo icon_smile.gif
Mine GO BOOM - Fri Apr 22, 2005 11:16 am
Post subject:
Mr Ekted wrote:
They are not the same port. It's most likely an issue with the way Cont encrypts packets. 1 out of every 65536 packets, the encrypted packet gets the form 00 01 which looks like a connection request. If the packet is reliable, the client will retry until acknowledged or a timeout occurs. This triggers connection flood.

Actually, this is not true. There is a special feature when an encrypted packet starts with 0x00 0x01, 0x00 0x10, or 0x00 0x11. It was a problem in an earlier Continuum encryption, but the one being used now has no such problem.
Mr Ekted - Fri Apr 22, 2005 4:09 pm
Post subject:
I guess I haven't seen it happen myself in a while. I was never informed of a change to the encryption. Shrug.
All times are -5 GMT
View topic
Powered by phpBB 2.0 .0.11 © 2001 phpBB Group