search

Augiro / a2s-cache

Cache of A2S queries used in Source Engine games.
2 stars 0 forks source link

need documentation #1

Open rabi07 opened 1 week ago

rabi07 commented 1 week ago

Bro im haveing cs2 server, its going through daily DDoS attack please provide some doc to setup it im new to this

thanks much

rabi07 commented 1 week ago

Update :

somehow i managed to install

modified this

    debug := flag.Bool("debug", true, "enable debug logs")
    gIP := flag.String("gameIP", "my Server public IP", "IP of the game server")
    gPort := flag.Int("gamePort", 27015, "port for the game server")
    host := flag.String("ip", "127.0.0.1", "IP that UDP server should listen on")
    port := flag.Int("port", 9000, "port UDP server should listen on")

when ddos happening getting error like this

024-06-26T21:59:51.242+0530    DEBUG   poller/poller.go:138    successfully polled A2S_PLAYER
2024-06-26T22:00:01.240+0530    DEBUG   poller/poller.go:71     polling A2S_INFO from server...
2024-06-26T22:00:01.241+0530    DEBUG   poller/poller.go:138    successfully polled A2S_INFO
2024-06-26T22:00:01.241+0530    DEBUG   poller/poller.go:71     polling A2S_PLAYER from server...
2024-06-26T22:00:01.242+0530    DEBUG   poller/poller.go:138    successfully polled A2S_PLAYER
2024-06-26T22:00:11.240+0530    DEBUG   poller/poller.go:71     polling A2S_INFO from server...
2024-06-26T22:00:14.242+0530    ERROR   poller/poller.go:101    A2S_INFO poll timed out
github.com/Augiro/a2s-cache/poller.(*Poller).execQuery.func2
        /home/ubuntu/a2s-cache/poller/poller.go:101
2024-06-26T22:00:14.242+0530    ERROR   poller/poller.go:50     poll failed: A2S_INFO poll failed: unable to read server over UDP: read udp4 172.31.34.141:40862->22.24.244.244:27015: use of closed network connection
github.com/Augiro/a2s-cache/poller.(*Poller).Start
        /home/ubuntu/a2s-cache/poller/poller.go:50
main.main.func1
        /home/ubuntu/a2s-cache/main.go:44
golang.org/x/sync/errgroup.(*Group).Go.func1
        /root/go/pkg/mod/golang.org/x/sync@v0.5.0/errgroup/errgroup.go:75
2024-06-26T22:00:21.241+0530    DEBUG   poller/poller.go:71     polling A2S_INFO from server...
2024-06-26T22:00:24.242+0530    ERROR   poller/poller.go:101    A2S_INFO poll timed out
github.com/Augiro/a2s-cache/poller.(*Poller).execQuery.func2
        /home/ubuntu/a2s-cache/poller/poller.go:101
2024-06-26T22:00:24.242+0530    ERROR   poller/poller.go:50     poll failed: A2S_INFO poll failed: unable to read server over UDP: read udp4 172.31.34.141:52815->22.24.244.244:27015: use of closed network connection
github.com/Augiro/a2s-cache/poller.(*Poller).Start
        /home/ubuntu/a2s-cache/poller/poller.go:50
main.main.func1
        /home/ubuntu/a2s-cache/main.go:44
golang.org/x/sync/errgroup.(*Group).Go.func1
        /root/go/pkg/mod/golang.org/x/sync@v0.5.0/errgroup/errgroup.go:75
2024-06-26T22:00:31.240+0530    DEBUG   poller/poller.go:71     polling A2S_INFO from server...
2024-06-26T22:00:34.242+0530    ERROR   poller/poller.go:101    A2S_INFO poll timed out
github.com/Augiro/a2s-cache/poller.(*Poller).execQuery.func2
        /home/ubuntu/a2s-cache/poller/poller.go:101
2024-06-26T22:00:34.242+0530    ERROR   poller/poller.go:50     poll failed: A2S_INFO poll failed: unable to read server over UDP: read udp4 172.31.34.141:39026->22.24.244.244:27015: use of closed network connection
github.com/Augiro/a2s-cache/poller.(*Poller).Start
        /home/ubuntu/a2s-cache/poller/poller.go:50
main.main.func1
        /home/ubuntu/a2s-cache/main.go:44
golang.org/x/sync/errgroup.(*Group).Go.func1
        /root/go/pkg/mod/golang.org/x/sync@v0.5.0/errgroup/errgroup.go:75
2024-06-26T22:00:41.241+0530    DEBUG   poller/poller.go:71     polling A2S_INFO from server...
2024-06-26T22:00:44.242+0530    ERROR   poller/poller.go:101    A2S_INFO poll timed out
github.com/Augiro/a2s-cache/poller.(*Poller).execQuery.func2
        /home/ubuntu/a2s-cache/poller/poller.go:101
2024-06-26T22:00:44.242+0530    ERROR   poller/poller.go:50     poll failed: A2S_INFO poll failed: unable to read server over UDP: read udp4 172.31.34.141:42112->22.24.244.244:27015: use of closed network connection
github.com/Augiro/a2s-cache/poller.(*Poller).Start
        /home/ubuntu/a2s-cache/poller/poller.go:50
main.main.func1
        /home/ubuntu/a2s-cache/main.go:44
rabi07 commented 1 week ago

im using one vm for eveyting do i need two? one for the script and one for game server?

Augiro commented 1 week ago

I will fix some documentation this weekend.

im using one vm for eveyting do i need two? one for the script and one for game server?

What kind of setup do you have? Is it hosted from home? If you have 2 VMs on a machine with the same internet connection, it probably won't help much.

I also recommend doing a tcpdump while an attack is happening, then you can open it in Wireshark and see what kind of traffic your server is getting. If it's not specifically flooding it with A2S requests you won't have much help from this type of cache.

Also, you have to setup your firewall so that A2S requests are redirected to this cache (so those packets get sent to i.e. port 9000 instead of 27015). If you haven't done this, the cache will also do nothing.

I personally host some servers with my home connection, then tunnel all traffic to a VPS on Linode (so it appears as though all servers have the IP of my Linode server), and host this cache on the VPS as well. Then any DDoS will just target the Linode server and not my actual home server. This has worked well for me, since Linode also has DDoS protection for free.

rabi07 commented 1 week ago

im using AWS EC2, i can have 2 VM with same VPC , its this will help ddos

i think i did not setup any firewall for 9000 from ip table but i open 9000 port for security group

rabi07 commented 1 week ago

i like to have simmler solultion like i will have 2 vm one for tunnel and one for game server will it work ?

rabi07 commented 1 week ago

message.txt Im getting this type of request

Augiro commented 1 week ago

If you tried SourceEngineQueryCacher before and got it to work, you probably did this

iptables -t nat -A PREROUTING -p udp --dport 27015 --match string --algo kmp --hex-string '|FFFFFFFF54|' -j REDIRECT --to-ports 9110
iptables -t nat -A PREROUTING -p udp --dport 27015 --match string --algo kmp --hex-string '|FFFFFFFF55|' -j REDIRECT --to-ports 9110
iptables -t nat -A PREROUTING -p udp --dport 27015 --match string --algo kmp --hex-string '|FFFFFFFF41|' -j REDIRECT --to-ports 9110

This is what redirects those packets from 27015 to port 9110 in that case. Simplest solution to test this would be to run this cache on the same port (9110) and it should work.

What happened in the log you sent from the 2nd post is that DDoS simply got through to your server and then the cache couldn't access it.

Augiro commented 1 week ago

i like to have simmler solultion like i will have 2 vm one for tunnel and one for game server will it work ?

Yes, but you can start with just 1 VM in your case, and see how well it works.

rabi07 commented 1 week ago

I'm getting this error

image

rabi07 commented 1 week ago 
        gIP := flag.String("gameIP", "13.234.5.11", "IP of the game server")
        gPort := flag.Int("gamePort", 27015, "port for the game server")
        host := flag.String("ip", "127.0.0.1", "IP that UDP server should listen on")
        port := flag.Int("port", 9110, "port UDP server should listen on")
        flag.Parse()

not sure gameIP" should i put public ip or private ip

Augiro commented 1 week ago 
        gIP := flag.String("gameIP", "13.234.5.11", "IP of the game server")
        gPort := flag.Int("gamePort", 27015, "port for the game server")
        host := flag.String("ip", "127.0.0.1", "IP that UDP server should listen on")
        port := flag.Int("port", 9110, "port UDP server should listen on")
        flag.Parse()

not sure gameIP" should i put public ip or private ip

Most likely your private IP.

rabi07 commented 1 week ago

running, lets wait for ddos

image

rabi07 commented 1 week ago

If you tried SourceEngineQueryCacher before and got it to work, you probably did this

iptables -t nat -A PREROUTING -p udp --dport 27015 --match string --algo kmp --hex-string '|FFFFFFFF54|' -j REDIRECT --to-ports 9110
iptables -t nat -A PREROUTING -p udp --dport 27015 --match string --algo kmp --hex-string '|FFFFFFFF55|' -j REDIRECT --to-ports 9110
iptables -t nat -A PREROUTING -p udp --dport 27015 --match string --algo kmp --hex-string '|FFFFFFFF41|' -j REDIRECT --to-ports 9110

This is what redirects those packets from 27015 to port 9110 in that case. Simplest solution to test this would be to run this cache on the same port (9110) and it should work.

What happened in the log you sent from the 2nd post is that DDoS simply got through to your server and then the cache couldn't access it.

If I add this ,I'm unable to see the server on Steam game server list