Teeworlds - bridge

[quakenet] <Dune> breton: I doubt your server was banned

00:24

[quakenet] <Dune> but maybe it's some new mechanic I'm not awared of

00:24

[quakenet] <Dune> you should probably talk to heinrich and m!nus

00:25

[quakenet] <Dune> 0.7 is more resilient against this type of attack :/

00:28

[quakenet] <breton> Dune: i am concerned that it could be blocked not by teeworlds, but by hoster

00:29

[quakenet] <Dune> yeah that would be my thought too

00:29

[quakenet] <Dune> maybe you cannot receive traffic from the masterservers

00:29

[quakenet] <breton> Dune: because the attack on my side was ~1 gbps

00:29

[quakenet] <Dune> :/

00:30

[quakenet] <breton> Dune: that was my thought too, but my hoster says that nothing is blocked right now

00:30

[quakenet] <Dune> I read yeah

00:30

[quakenet] <Dune> tried pinging the masterservers?

00:31

[quakenet] <breton> all except master3 are pingable, master3 not pingable from any machine

00:31

[quakenet] <Dune> okay then :/

00:31

[quakenet] <Dune> It's not impossible they implemented some sort of autoban on the master servers

00:32

[quakenet] <Dune> I'm not up to date with that

00:32

[quakenet] <Dune> sorry

00:33

[quakenet] <breton> i tried debugging and it seems that server count is not returned for the servers. All servers get marked as invalid and no announcement is made.

00:33

[quakenet] <breton> i wonder if i can try force-feeding my server to all 4 servers...

00:34

[quakenet] <Dune> huh

00:36

[quakenet] <breton> ok, no, i can't. Maybe because incoming traffic from my ip is blocked on master servers

00:36

[quakenet] <Dune> sounds like that, yeah

00:36

[quakenet] <Dune> it's late in europe though

00:36

[quakenet] <Dune> you might have to try tomorrow :|

00:37

[quakenet] <heinrich5991> if it is, it's probably done by some attack prevention by the hosting providers of the masterservers

00:37

[quakenet] <heinrich5991> I'm not aware of any sort of intelligent blacklisting done by the actual masterservers

00:37

[quakenet] <heinrich5991> yes, it's broken. 0.7 is less broken

00:42

[quakenet] <breton> could you please give me some pointers to how it was fixed in 0.7?

00:44

[quakenet] <Dune> change in protocol

00:44

[quakenet] <heinrich5991> connectionless packets need a challenge-response before anything else than the response of the challenge-response is sent back

00:44

[quakenet] <Dune> makes reflection attack less effective

00:45

[quakenet] <Dune> "In addition to that fix, the 0.7 connection protocol partially fixes the server browser reflection attack, albeit 1:1 reflection is still possible in 0.7.0 with token request packets." from the blog

00:45

[quakenet] <heinrich5991> that means you cannot make the master server send a server list (pretty large) to a spoofed IP address anymore

00:50

[quakenet] <breton> commit id please

00:50

[quakenet] <Dune> this cannot be fixed without upgrading to 0.7 though

00:50

[quakenet] <Dune> since it's a change in protocol

00:53

[quakenet] <Dune> 0.6.5 fixes what can be without a protocol change

00:55

[quakenet] <heinrich5991> pff.. hold my beer

00:55

[quakenet] <heinrich5991> 0.6.6 can have a http master server, too

00:56

[quakenet] <heinrich5991> breton: most of the stuff was done in https://github.com/teeworlds/teeworlds/pull/986

Added tokens to the network and refactored master server code (ple...

Summary Prevents ip spoofing of (hopefully) any kind: master server attack (see mailinglist) server flood attack session hijacking faking server info Protocol change The new network protocol head...

00:56

[quakenet] <heinrich5991> but there were a lot of subsequent fixes

00:57

[quakenet] <Dune> looks like a crapton of work; thanks, heinrich5991

00:58

[quakenet] <heinrich5991> oh god, that was 6 years ago

00:58

[quakenet] <heinrich5991> I better not look at my younger self's code

00:58

[quakenet] <Dune> haha I know the feeling

00:58

[quakenet] <Dune> let's not even talk about old forum posts

00:59

[quakenet] <heinrich5991> hmmm

00:59

[quakenet] <breton> +2,711 в�’995

00:59

[quakenet] <heinrich5991> 20 bit token

00:59

[quakenet] <breton> nice change though :)

01:00

[quakenet] <heinrich5991> maybe I should have picked a higher bit count back then

01:00

[quakenet] <heinrich5991> 0.6.5 has 32 bit tokens

01:02

[quakenet] <heinrich5991> hmm. if you know someone's IP address, you can force them out of the game :(

01:02

[quakenet] <heinrich5991> you need to send 1MB/byte of the packet you want to spoof

01:02

[quakenet] <heinrich5991> so around 50MB or so for a connection close packet

01:03

[quakenet] <heinrich5991> 200GB in teeworlds 0.6.5

01:03

[quakenet] <heinrich5991> halve that for the expected value

[quakenet] <heinrich5991> Dune: transifex's strings are up-to-date now

01:19

[quakenet] <heinrich5991> Dune: if you want to have access to anything there, give me a ping on the forums

01:19

[quakenet] <Dune> okay

01:20

[quakenet] <Dune> done

01:21

[quakenet] <heinrich5991> hmmm. definitely social-engineerable.. good enough I guess

01:21

[quakenet] <heinrich5991> what's your account on transifex?

01:23

[quakenet] <heinrich5991> Dune: ^

01:23

[quakenet] <Dune> haha, you're right

01:23

[quakenet] <Dune> hold on

01:23

[quakenet] <Dune> Dunedune heinrich5991

01:24

[quakenet] <heinrich5991> We were unable to find this user. You can enter their email and invite them to create a Transifex account.

01:24

[quakenet] <heinrich5991> nevermind, seems to have worked

01:25

[quakenet] <heinrich5991> you should have access to everything now

01:25

[quakenet] <heinrich5991> btw, for mi*nus to add you to this channel, you need to have a Q account and be logged in

01:25

[quakenet] <heinrich5991> I thought I saw you logged in before, but maybe I misremember

[quakenet] <Dune> thanks heinrich5991, it works

01:40

[quakenet] <Dune> huh, I'm not logged in? I think I am

01:40

[quakenet] <Dune> yeah, I am now

01:44

[quakenet] <Dune> ./msg Q AUTH Dune ****

[quakenet] <breton> eh nothing got fixed through the night

09:24

[quakenet] <heinrich5991> hm?

[quakenet] <breton> my issue with master servers not responding to SERVERBROWSE_GETCOUNT

09:39

[quakenet] <heinrich5991> oh

[quakenet] <breton> or to any other packet

[quakenet] <breton> no really though, this sucks. I could ask for a new ip from my hoster, but this is not sustainable, because i cannot ask for new ips after every attack

[quakenet] <Dune> sorry breton :/ do you think the masterservers host banned your host IP?

[quakenet] <koomi> you can check if you're listed in https://www.teeworlds.com/master-bans.cfg

[quakenet] <breton> nope, not listed in master-bans.cfg

16:29

[quakenet] <Dune> but it could be that the host of the masterservers banned yours, ofc :|

16:29

[quakenet] <breton> Dune: yes, but master2 and master3 have different hosts, right?

16:31

[quakenet] <breton> or should i expect an answer only from one of them?

[quakenet] <Dune> huh?

16:40

[quakenet] <Dune> well like you said master3 is not pingable

16:44

[quakenet] <breton> but it seems to be up according to https://status.tw/?p=status . It is not pingable from any machine. I think they just disable ICMP responses :)

16:47

[quakenet] <Dune> I think masters3 is down or something, I suggest to ignor

16:47

[quakenet] <Dune> e

16:51

[quakenet] <Learath2> breton: here?

16:58

[quakenet] <Learath2> Dune: master3 is alive btw

16:58

[quakenet] <Learath2> I'm guessing they just block icmp

17:01

[quakenet] <breton> Learath2: yes

17:02

[quakenet] <Learath2> breton: is your server on linux?

17:02

[quakenet] <breton> Learath2: yes, debian 9

17:02

[quakenet] <Learath2> Can you try echo -en "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xffreq2" | nc -u master4.teeworlds.com 8300 | hexdump?

17:02

[quakenet] <Learath2> I'll watch from this side

17:03

[quakenet] <breton> ran it

17:03

[quakenet] <Learath2> got anything back?

17:03

[quakenet] <breton> no

17:03

[quakenet] <Learath2> I didn't get your packet either :/

17:04

[quakenet] <Dune> Learath2: oh, didn't know

17:05

[quakenet] <breton> Learath2: lol

17:05

[quakenet] <breton> Learath2: 31.186.251.128 is in frankfurt?

17:05

[quakenet] <Learath2> breton: yep

17:05

[quakenet] <Learath2> breton: What is your server ip?

17:06

[quakenet] <breton> Learath2: i think we are in the same datacenter, 95.172.92.194

17:06

[quakenet] <breton> Learath2: (i actually chose them because ddnet is there)

17:07

[quakenet] <Learath2> master4.teeworlds.com is ddnet.tw :)

17:08

[quakenet] <Learath2> breton: can you send another one?

17:08

[quakenet] <breton> Learath2: done, got a huge reply

17:08

[quakenet] <Learath2> okay I see the packet arriving and the master replying

17:09

[quakenet] <Learath2> try registering with master4

17:11

[quakenet] <breton> yey!

17:11

[quakenet] <breton> [5bddd6a8][register]: chose 'master4.teeworlds.com' as master, sending heartbeats

17:11

[quakenet] <breton> server registered

17:12

[quakenet] <Learath2> seems to be replying properly, beware though master4 does sometimes decide to block master server packets if the flood does get too intense

17:12

[quakenet] <breton> Learath2: thank you!

[quakenet] <SilverMage-HUN> hey :D

17:38

[quakenet] <Learath2> Hi

17:39

[quakenet] <SilverMage-HUN> I'm actually new to this channel

17:39

[quakenet] <breton> SilverMage-HUN: hi

17:39

[quakenet] <SilverMage-HUN> what's usually going on here?

17:39

[quakenet] <SilverMage-HUN> breton: pfff

17:39

[quakenet] <Learath2> some development talk, some troubleshooting, some brainstorming

17:40

[quakenet] <SilverMage-HUN> I see

17:40

[quakenet] <Learath2> most of the time silence (albeit it's been more active last couple weeks)

17:41

[quakenet] <rand> we are playing idle game

17:41

[quakenet] <SilverMage-HUN> actually I know about this channel from discord :D

17:41

[quakenet] <SilverMage-HUN> the messages here are automatically displayed on the general tw discord server

17:44

[quakenet] <rand> so our privacy is again threaten, it's fine

17:44

[quakenet] <SilverMage-HUN> :D

17:44

[quakenet] <SilverMage-HUN> kinda

17:44

[quakenet] <SilverMage-HUN> but I think no one else reads them rly

17:45

[quakenet] <SilverMage-HUN> maybe noby

17:45

17:46

[quakenet] <Learath2> discord is logging our super secret conversations for nsa agents to analyze later

17:46

[quakenet] <rand> where is matrix.org when we need it ? :3

17:47

[quakenet] <SilverMage-HUN> I haven't heard of this matrix.org before lol

17:47

[quakenet] <SilverMage-HUN> but I searched it and it sounds great

17:48

[quakenet] <rand> IRC will survive them all

17:48

[quakenet] <SilverMage-HUN> ok

17:49

[quakenet] <rand> but it's nice to try, as long as it's open source

17:51

[quakenet] <Learath2> irc definitely needs some upgrades :P

SilverMage-HUN: i am watching you guys o.O not just noby. And probably some others do it aswell

[quakenet] <SilverMage-HUN> ChillerDragon: why can't I write in that dc channel lol

18:00

[quakenet] <SilverMage-HUN> ah you have this two-way rank

18:00

[quakenet] <SilverMage-HUN> how can I get that :D

18:02

[quakenet] <SilverMage-HUN> I can probably ask heinrich

18:04

[quakenet] <SilverMage-HUN> and vali is reading too btw

yep ask heinrich. Wow this matrix.org look hughe. But i don't get it xd But i am somehow interested in it. Probably worth doing some research on it

[quakenet] <SilverMage-HUN> kk

18:11

[quakenet] <breton> wow, new interesting attack on 0.6.4

18:11

[quakenet] <breton> let me verify first though

18:12

[quakenet] <SilverMage-HUN> is there a new attack?

18:12

[quakenet] <SilverMage-HUN> or is it the one w the code-named bots

18:14

[quakenet] <breton> ok, no, nevermind

18:14

[quakenet] <SilverMage-HUN> :D