Announcement

**Star Fox** · 04-04-2014, 11:54 AM

update the NTP server

https://www.us-cert.gov/ncas/alerts/TA14-013A

**bkgmjo** · 04-04-2014, 12:09 PM

Just in case SSC actually has this "feature" I doubt it would spam itself with it. The amp described in the link works by querying another server and faking SSCs or TWs IP as sender so the server answers with a bunch of crap to SSC/TW server instead of the real sender. Also, since monlist is a generally unnecessary tool it should be illegal to use in public networks.

**Slum** · 04-04-2014, 12:55 PM

someone host a .?go javs zone already? / can't be that hard

**Star Fox** · 04-04-2014, 01:04 PM

Originally posted by bkgmjo View Post

Just in case SSC actually has this "feature" I doubt it would spam itself with it. The amp described in the link works by querying another server and faking SSCs or TWs IP as sender so the server answers with a bunch of crap to SSC/TW server instead of the real sender. Also, since monlist is a generally unnecessary tool it should be illegal to use in public networks.

Are you saying monlist queries will be rejected by most ISPs? I doubt this. Yes, it works by spoofing the IP so the source appears as the server itself. Sadly I would think this makes firewall-level denies difficult if not impossible. Also, any server with ntpd older than 4.2.7 that isn't specifically configured otherwise is vulnerable. It's a current and potent vulnerability that can be exploited by a single person magnifying a 1Gbps conn. 200x+.

https://www.us-cert.gov/ncas/alerts/TA14-013A
As all versions of ntpd prior to 4.2.7 are vulnerable by default, the simplest recommended course of action is to upgrade all versions of ntpd that are publically accessible to at least 4.2.7. However, in cases where it is not possible to upgrade the version of the service, it is possible to disable the monitor functionality in earlier versions of the software.

To disable “monlist” functionality on a public-facing NTP server that cannot be updated to 4.2.7, add the “noquery” directive to the “restrict default” line in the system’s ntp.conf, as shown below:

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

**roxxkatt** · 04-04-2014, 01:20 PM

why do you keep guessing when you havnt looked at any of the network traffic?

**Star Fox** · 04-04-2014, 01:24 PM

Originally posted by roxxkatt View Post

why do you keep guessing when you havnt looked at any of the network traffic?

Just in case it is helpful to whoever sees it. Why, do you have access to any packet captures? I would love to take a look at them if so.

Why be a second-guessing twat to people who are offering free help? If you can verify that what I'm saying is not on the right track at all, please do so and I will shut up. I'm concerned about the game so I'm trying to help, it's simple. I wish I had more information than rumors to go on, but it seems like rumors are all anyone has including upper staff. Maybe if we were a little more open about the nature of what is going on, we can put our resources together to solve the problem faster instead of keeping everyone in the dark and repeating that "everything is under control and we are doing our best".

**McVicar** · 04-04-2014, 02:04 PM

What is the status on this? is the culprit still attacking the servers? I can only guess but it seems to me we are not seeing a lot of urgency from Priitk, why do we have to constantly rely on someone who doesn't even check up on the game.

**Shaddowknight** · 04-04-2014, 02:15 PM

Originally posted by McVicar View Post

What is the status on this? is the culprit still attacking the servers? I can only guess but it seems to me we are not seeing a lot of urgency from Priitk, why do we have to constantly rely on someone who doesn't even check up on the game.

Because its his game. Ive said the same thing a few times. We need a new client and biller if we want to move away from Priit.

**Ephemeral** · 04-04-2014, 02:24 PM

Chances are good that this is going to have to be dealt with at the ISP/router/firewall level; he may or may not have control of these.
eph

**Star Fox** · 04-04-2014, 02:26 PM

Originally posted by Ephemeral View Post

Chances are good that this is going to have to be dealt with at the ISP/router/firewall level; he may or may not have control of these.
eph

Nobody seems to know who has control of what at the top level. This has ever been a problem, I think.

**Slum** · 04-04-2014, 02:41 PM

Someone host a TW SERVER JEEZ

**Ephemeral** · 04-04-2014, 03:51 PM

Originally posted by Star Fox View Post

Nobody seems to know who has control of what at the top level. This has ever been a problem, I think.

Star Fox,
Understood. If the person responsible was not already banned there is a good chance that he is one of the people hanging around in the zones that are up. People like this would want to bask in the glory of their 'work' (if you can call Googling and spending 30 minutes learning how to do this could be called 'work'). It never fails to amaze me how moronic people can be.
eph

Edit: I would add that if the ISPs that are being impacted, along with those who control the spoofed servers, were to cooperate, they may be able to track the person down. Especially since he has repeated the attack, time stamps and other clues exist to be able to start to put this puzzle together. But all those affected would need to communicate with each other and do some detective work.

**Goddess** · 04-04-2014, 05:30 PM

Originally posted by Exalt View Post

Looks like NOW is the right time to switch TW over to ASSS permanently!

What up Goddess

Heya Exalt... nothing much hun. You doing good?

<3

M M You were once a fan of mine and i adored you then. Since you came back i'm inclined to think you are not you but someone who took over your name. You continue to attack me repeatedly and i refuse to attack you. I loved you then not because you worshiped me but because you were a nice person then. I hope you go back to that nice person again some day.

Until then ... <3

(notice how i dont defend your attack of me... attack away. You somehow forget who i am)

Off to the beach ... because i'm a whale and its a beautiful day where else would i be

**Ephemeral** · 04-04-2014, 05:53 PM

Goddess,
Sorry, you are wrong. I have no idea what (or if anything) happened between you and M_M but I can tell you for sure that he is the same guy he has always been. I've known, and been on squads with, M_M since Cripples days and the guy has always been a solid, decent person.
eph

Beach must not have been too good, its almost 30 minutes later and you are still here!

**Wormhole Surfer** · 04-04-2014, 06:25 PM

Originally posted by Ephemeral View Post

But all those affected would need to communicate with each other and do some detective work.

Ah, so we'll never know the truth.

Announcement

rip trench wars?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Channels