I used to run an online IOQ3 server but after being DDoS’ed I stopped, I recently read in the wiki that by using the newer IOQ3 network protocol (71) and disallowing legacy protocols, that it can stop such events:
In order to harden the network protocol against UDP spoofing attacks a new network protocol was introduced that defends against such attacks.
I’m wanting to start up an IOQ3 server again, but I am concerned about the attacks causing high bandwidth consumptions again
Does anyone know if it’s ‘safer’ to use 71? instead of 68.
Yes and even I have once replied to that. It does not answer weather or not changing/using the newer network protocol (71) fixes or not the DDoS/UDP packet spoofing in Quake 3’s engine.
This is what the new ioq3 protocol does…
- Send/receive challenge with challenge/connect packets to avoid connection hijacking.
- Write/read a challenge value in in-game network packets to prevent UDP spoofing of server / clients.
- Disable the in-game network packet scrambler that isn’t really useful now that the engine source code is publicly available.
- VoIP is only allowed for new protocol.
It doesn’t do anything to cope with DDoS attacks or prevent replying to spoofed IP addresses for info or status packets etc.
In order to have a fighting chance against DDoS attacks the server needs to be protected at the firewall. Although the Q3/IOQ3 engine does a good job of rate limiting some of the types of packets that offer the largest amplification during an attack, it’s beyond the scope of the engine to protect against all of the types of attacks that the server will see.
Do you mean a hardware or software firewall?.
Mine was blocked at a software firewall level and it seemed to break through that (few years ago).
Would having a program like Net Limiter be another layer of defense?.
ie, limiting the overall bandwidth a the q3 service is allowed to use.
Here’s a list of preventative measures I can put in place, however these are just a guide.
1.) Always use most up-to-date test-builds (including using new network protocol)
2.) Host only one instance of Q3/related protocol service
3.) Host game on port other than the default Q3 range
4.) Use only trusted Master Servers for reporting (Maverick, IOQ3 and maybe QTracker)
5.) Don’t advertise server on forums/websites (ie, GameTracker/Game Monitor and Community Forums)
6.) Use bandwidth limiting tools to limit throughput Q3 is allowed to send/received
7.) Use quota notification software to email you once you go over a certain daily allowance
8.) Find/use a third party Firewall (Server 2012 R2 Firewall wasn’t efficient enough on last attack)
9.) Use a hosting provider that has DDoS protection/mitigation in place
10.) On that host, have enough quota so that you can step in should anything go wrong
11.) If you’re a Linux user, use IPTables to code in a script to drop malformed packets