Q3FillEliminator - The shield around your JKA server -1 reply

Please wait...

DniFan

Slightly cooler than a n00b

50 XP

27th September 2005

0 Uploads

32 Posts

0 Threads

#1 10 years ago

I have written a counter measurement against the well-known Q3Fill.

It's called Q3FillEliminator, and is able to dodge all DoS attacks caused by that exploit. I am not yet releasing it, but the release date is within this week. At the moment it's FULLY functional, it does what it should do. Only thing that rests now is to polish it up for a release. Background info:

- Works on every mod, it's a engine hack. - Windows only atm, might make a linux binary. - Click-and-go, after some configuration. - Executes script when there is an attack.

I hope this will help some server admins out.

Screenshot - server output:

[ATTACH]66911[/ATTACH]

Log output:

Q3FillEliminator guarding your server... Session started on 25/9/2008 at 16:41:33 Q3Fill attack dodged on 25/9/2008 at 16:41:40. Q3Fill attack dodged on 25/9/2008 at 16:41:40.




SiLink

(JAWA) Leader

50 XP

13th February 2005

0 Uploads

1,663 Posts

0 Threads

#2 10 years ago

You may want to make a Linux version a priority as you won't be hitting the majority since Linux seems to be more popular over Windows when it comes to hosting on servers... in my experience that's what I've seen any way.

Nice work, good to see people actually trying to prevent Q3Fill. 2.4 beta 3 of JA+ seems to have some sort of anti botting system in place too but nothing that informs you of when attacks take place, we usually have to look in other logs for that.




DniFan

Slightly cooler than a n00b

50 XP

27th September 2005

0 Uploads

32 Posts

0 Threads

#3 10 years ago

Well I gotta find out how to inject libraries in processes and hook stuff in Linux, never done that :P




NAB622

EAT ME!

50 XP

8th October 2005

0 Uploads

6,921 Posts

0 Threads

#4 10 years ago

Would you like a public test? You may use my server if you like. It's a windows machine.

NAB622's Website

I'd so totally use that, as long as it doesn't lag out the server. :D




DniFan

Slightly cooler than a n00b

50 XP

27th September 2005

0 Uploads

32 Posts

0 Threads

#5 10 years ago

Yeah cool. I tested, no memleaks, no lag, not even at a attack. :) I'd like to make use of your server.




Admiral Donutz VIP Member

Wanna go Double Dutch?

735,271 XP

9th December 2003

0 Uploads

71,460 Posts

0 Threads

#6 10 years ago

:moved: from the JK2 to the JK3 section.




DniFan

Slightly cooler than a n00b

50 XP

27th September 2005

0 Uploads

32 Posts

0 Threads

#7 10 years ago

Hehe, yeah thanks.. *shame*




SiLink

(JAWA) Leader

50 XP

13th February 2005

0 Uploads

1,663 Posts

0 Threads

#8 10 years ago

*Shames you some more* XD

I'm just curious, how exactly does this prevent botting?

I knew one person who made his own version of Q3Fill which automatically changed his IP every time one of his bots connected, he used some sort of instant proxy. He was obviously not a good guy and went out of his way to annoy people on purpose for attention.. which I found a bit pathetic.

If you could get this working for Linux and it works on all mods then we (The game server hosting company I work for) would probably be very interested.




DniFan

Slightly cooler than a n00b

50 XP

27th September 2005

0 Uploads

32 Posts

0 Threads

#9 10 years ago

It injects a DLL in the Dedicated Server.. This DLL analyses the data traffic; checks for flooding of the 'connectResponse' packet sent by the server, it will then make the Q3Fill program abort sending fake clients. Then it uses rcon to execute the script "OnQ3Fill.cfg". It contains "seta sv_timeout 1", and the Eliminator has a timer which will automatically reset it to 200. That's it in a nutshell. Sounds simple, but took me 4 hours to write lol.




Erstok

Anonymous

50 XP

18th September 2008

0 Uploads

255 Posts

0 Threads

#10 10 years ago

I can understand stuff like Q3Fill honestly. Trying to weed out the bugs in the hopes that someone out there finds a way to secure themselves against it. No different with any other major game and such. Just the little boys n' girls out there who want to feel like big kids and cause problems that are the bigger concern.

Good job though on finding ways to protect against Q3Fill. =p

Q3Fill is more or less a script really but it is partially built off the Quake 3 Source itself. Since Quake 3 engine is open source anyone could really find and exploit it's bugs as well as develop and create ways to defend against them.

No I don't use Q3Fill but you can see for yourself.

Spoiler: Show

Quake 3 engine Huffman algorithm 0.3

ALL the code from the public GPL source code of the Quake 3 engine 1.32

some modifications by Luigi Auriemma e-mail: [EMAIL="aluigi@autistici.org"]aluigi@autistici.org[/EMAIL] web: aluigi.org

*/ /* =========================================================================== Copyright (C) 1999-2005 Id Software, Inc.

This file is part of Quake III Arena source code.

Quake III Arena source code is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

Quake III Arena source code is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with Foobar; if not, write to the Free Software Foundation, Inc., 51