[crossfire] The real cause of the metaserver DOS attack

Andreas Kirschbaum kirschbaum at myrealbox.com
Wed Jun 22 17:34:02 CDT 2005


I'm fairly sure that the real cause of the metaserver DOS is not some
random attacker but the crossfire server itself: you just need to set up
a (new) crossfire server and change the "metaserver_notification off"
config option to "on" to make your server flood the metaserver.


The patch

    cvs diff -r 1.9 -r 1.10 lib/settings

changed the default value for the "fastclock" config option from 0 to 1.
That probably means that many new servers will run in fastclock mode.


Furthermore, socket/loop.c contains a logic error if fastclock is
enabled:

(excerpt from socket/loop.c; I stripped code not related to the problem)
|
     
      /** Waits for new connection */
     
     |
     
      static void block_until_new_connection() {
     
     |
     
          do {
     
     |
     
              /* Every minutes is a bit often for updates - especially if
     
     |
     
               * nothing is going on. This slows it down to every 6 minutes.
     
     |
     
               */
     
     |
     
              cycles++;
     
     |
     
              if (cycles == 7) {
     
     |
     
                  metaserver_update();
     
     |
     
                  cycles=1;
     
     |
     
              }
     
     |
     
              if (settings.fastclock > 0) {
     
     |
     
                  Timeout.tv_sec=0;
     
     |
     
                  Timeout.tv_usec=50;
     
     |
     
              } else {
     
     |
     
                  Timeout.tv_sec=60;
     
     |
     
                  Timeout.tv_usec=0;
     
     |
     
              }
     
     |
     
          }
     
     |
     
          while (select([...], &Timeout)==0);
     
     [...]

This function is called whenever a server has no active connections.
Basically, with fastclock=0, the metaserver update will be sent once per
6 minutes but with fastclock=1 it will be sent once per 6*50 usec (which
could be more than 3000 packets per second on a fast machine).

    
    


More information about the crossfire mailing list