| Author |
Message |
Maverick
Age:41
Gender:
Joined: Feb 26 2005
Posts: 1521
Location: The Netherlands
Offline
|
 Posted: Thu Apr 21, 2005 3:37 pm Post subject: WARNING: Packet flood |
 |
 |
|
|
(I tried searching for this already but it returned all of the newest posts instead of search results - sorry if this is a stupid question :/ )
From time to time as sysop I get red error messages of connection or packet floods.
| Quote: | | WARNING: Connection flood from 199.xxx.xxx.10 |
| Quote: | | WARNING: Packet flood from 69.xxx.xxx.123 |
Most of the time the packet floods are after a series of other error messages, thus the problem is easily identifiable. But sometimes they just come out of nowhere.
What do those warnings mean? I can imagine that connection flood is a warning that someone tried connecting to the zone with a wrong password to often?
Packet floods, obvious what happens, but I doubt the zone is getting DOS'ed ?
_________________
|
|
| Back to top |
|
 |
Solo Ace
Yeah, I'm in touch with reality...we correspond from time to time.
Age:38
Gender:
Joined: Feb 06 2004
Posts: 2583
Location: The Netherlands
Offline
|
| Posted: Thu Apr 21, 2005 3:44 pm Post subject: |
|
|
|
|
I doubt the zone is getting Disk Operating System'd too.
Kidding. 
Maybe the zone is running on a service port (1 - 1023) and the clients are [spiders, bots, worms, whatever] which connect to the server assuming another protocol?
Just guessing; Looks strange, maybe running a packetlogger on the clients to see what's going on might resolve the cause? |
|
| Back to top |
|
|
Mr Ekted
Movie Geek
Gender:
Joined: Feb 09 2004
Posts: 1379
Offline
|
| Posted: Thu Apr 21, 2005 4:13 pm Post subject: |
|
|
|
|
| Solo Ace wrote: | I doubt the zone is getting Disk Operating System'd too.
Kidding.
Maybe the zone is running on a service port (1 - 1023) and the clients are [spiders, bots, worms, whatever] which connect to the server assuming another protocol?
Just guessing; Looks strange, maybe running a packetlogger on the clients to see what's going on might resolve the cause? |
SS is UDP. Most standard protocols run on TCP exclusively. They are not the same port. It's most likely an issue with the way Cont encrypts packets. 1 out of every 65536 packets, the encrypted packet gets the form 00 01 which looks like a connection request. If the packet is reliable, the client will retry until acknowledged or a timeout occurs. This triggers connection flood.
_________________
4,691 irradiated haggis! |
|
| Back to top |
|
|
Solo Ace
Yeah, I'm in touch with reality...we correspond from time to time.
Age:38
Gender:
Joined: Feb 06 2004
Posts: 2583
Location: The Netherlands
Offline
|
| Posted: Thu Apr 21, 2005 4:25 pm Post subject: |
|
|
|
|
I thought of that while writing it, I meant a protocol mismatch at a higher layer, though.
Anyway, your explaination seems to fit the problem better. |
|
| Back to top |
|
|
Maverick
Age:41
Gender:
Joined: Feb 26 2005
Posts: 1521
Location: The Netherlands
Offline
|
| Posted: Thu Apr 21, 2005 4:34 pm Post subject: |
|
|
|
|
| Ekted, same can happen with the packet flood warning? |
|
| Back to top |
|
|
Mr Ekted
Movie Geek
Gender:
Joined: Feb 09 2004
Posts: 1379
Offline
|
| Posted: Fri Apr 22, 2005 2:10 am Post subject: |
|
|
|
|
| Maverick wrote: | | Ekted, same can happen with the packet flood warning? |
Not sure about specifics, but I think so. |
|
| Back to top |
|
|
Maverick
Age:41
Gender:
Joined: Feb 26 2005
Posts: 1521
Location: The Netherlands
Offline
|
| Posted: Fri Apr 22, 2005 4:52 am Post subject: |
|
|
|
|
ok, thanks ekted & Solo  |
|
| Back to top |
|
|
Mine GO BOOM
Hunch Hunch
What What
Age:42
Gender:
Joined: Aug 01 2002
Posts: 3616
Location: Las Vegas
Offline
|
| Posted: Fri Apr 22, 2005 11:16 am Post subject: |
|
|
|
|
| Mr Ekted wrote: | | They are not the same port. It's most likely an issue with the way Cont encrypts packets. 1 out of every 65536 packets, the encrypted packet gets the form 00 01 which looks like a connection request. If the packet is reliable, the client will retry until acknowledged or a timeout occurs. This triggers connection flood. |
Actually, this is not true. There is a special feature when an encrypted packet starts with 0x00 0x01, 0x00 0x10, or 0x00 0x11. It was a problem in an earlier Continuum encryption, but the one being used now has no such problem. |
|
| Back to top |
|
|
Mr Ekted
Movie Geek
Gender:
Joined: Feb 09 2004
Posts: 1379
Offline
|
| Posted: Fri Apr 22, 2005 4:09 pm Post subject: |
|
|
|
|
| I guess I haven't seen it happen myself in a while. I was never informed of a change to the encryption. Shrug. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Statistics
Register
Profile
Login to check your private messages
Login
need help getting zone to connect 
