Server "crash" joining error

mipastu · Feb 8, 2022

Hello!

I am having problem with hosted nitrado server.

Error "WRN NET: LiteNetLib: IP requested for unknown client Entity" comes when players try to join at somepoint, we have frequent restarts but this still occurs. when this starts to happen no one can join server until restart.

Blue mame · Mar 13, 2022

This is a gateway attack, the TFP team has not solved this problem so far, once someone attacks your server gateway port, you will have to restart your server process

meganoth · Mar 14, 2022

Did someone create a bug report for this issue?

Blue mame · Mar 14, 2022

meganoth said:
Did someone create a bug report for this issue?

no

meganoth · Mar 14, 2022

Then it is all too possible that they don't even know about that issue.

Can you explain what you mean with server gateway port?

Blue mame · Mar 14, 2022

meganoth said:
Then it is all too possible that they don't even know about that issue.

Can you explain what you mean with server gateway port?

There are many gateway attacks. Now most of them keep entering your server, filling up the network thread, and other players' information cannot be sent.

Requesting unlimited player demand from the server, the server has been starting abnormal player data. We all know that the data that needs to be started when a player joins is very large, which will cause the server to crash. Including but not limited to hijacking data to perform a large number of entity refreshes resulting in server delay or downtime

meganoth · Mar 15, 2022

Blue mame said:
There are many gateway attacks. Now most of them keep entering your server, filling up the network thread, and other players' information cannot be sent.

Requesting unlimited player demand from the server, the server has been starting abnormal player data. We all know that the data that needs to be started when a player joins is very large, which will cause the server to crash. Including but not limited to hijacking data to perform a large number of entity refreshes resulting in server delay or downtime

Ah okay, I know that as "denial-of-service" attack.

A possible counter would be to limit sending of data to say 3 clients at the same time and put all other join requests on a waiting loop.

Blue mame · Mar 15, 2022

meganoth said:
Ah okay, I know that as "denial-of-service" attack.

A possible counter would be to limit sending of data to say 3 clients at the same time and put all other join requests on a waiting loop.

In my personal opinion, this attack has low or no cost. They are urgent problems to be solved. Seriously affects the multiplayer experience. Once attacked, the server must be restarted, otherwise the normal game cannot be played.

meganoth · Mar 15, 2022

Do you know if the attacker uses one steam/EOS id and enters the game multiple times in fast succession? Or does he have multiple steam accounts (which at least is some cost to set up and get a game for each account). A log of such an attack would be really helpful.

SylenThunder · Mar 15, 2022

meganoth said:
Do you know if the attacker uses one steam/EOS id and enters the game multiple times in fast succession? Or does he have multiple steam accounts (which at least is some cost to set up and get a game for each account). A log of such an attack would be really helpful.

I'm pretty sure it's just done as an API call to the server. Similar to how the information for the server is gathered for the Steam server listing. Since it's a valid request, the server spends the resources to collect and send the information. If you have a small amount of bandwidth it would fill the network tunnel like a DDoS attack. It's more closely like a SYN flood attack than a DDoS in that it mostly relies on crippling the server's ability to process data rather than just filling the pipe.

I do happen to have a few samples of what one of these attacks looks like in the server log.

2022-02-27T00:13:42 5043.245 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 0 (Hostname api.epicgames.dev was found in DNS cache)
2022-02-27T00:13:42 5043.245 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 1 ( Trying 35.170.121.150...)
2022-02-27T00:13:42 5043.245 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 2 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.245 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 3 (connect to 35.170.121.150 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 4 ( Trying 52.3.215.227...)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 5 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 6 (connect to 52.3.215.227 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 7 ( Trying 174.129.73.34...)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 8 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 9 (connect to 174.129.73.34 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 10 ( Trying 18.214.115.143...)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 11 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 12 (connect to 18.214.115.143 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 13 ( Trying 52.21.23.28...)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 14 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 15 (connect to 52.21.23.28 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 16 ( Trying 52.55.66.31...)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 17 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 18 (connect to 52.55.66.31 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 19 ( Trying 34.196.177.18...)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 20 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.248 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 21 (connect to 34.196.177.18 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.248 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 22 ( Trying 18.233.137.75...)
2022-02-27T00:13:42 5043.248 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 23 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.248 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 24 (connect to 18.233.137.75 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.248 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 25 (Failed to connect to api.epicgames.dev port 443: Bad access)
2022-02-27T00:13:42 5043.248 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 26 (Closing connection 35)
2022-02-27T00:13:42 5043.345 WRN [EOS] [LogHttp - Warning] Retry exhausted on https://api.epicgames.dev/telemetry/data/datarouter/api/v1/public/data?SessionID={4D6D63FB-4C61-28A4-7934-08A2B4FCD6AF}&AppID=EOSSDK.PhaseRelease.ReleaseBuild&AppVersion=1.14.1-18059966 - %2B%2BEOSSDK%2BRelease-1.14.1-CL-18059966&UserID=&AppEnvironment=Production&UploadType=sdkevents
2022-02-27T00:13:44 5045.245 WRN [EOS] [LogHttp - Warning] Retry 1 on https://api.epicgames.dev/datarouter/api/v1/public/data/clients?AppID=85fffb61212b491999cd7fc03eb09bf6&AppVersion=1.14.1-18059966&AppEnvironment=8a44365d5ccb43328b4df2f8ca199e43&UploadType=eteventstream&SessionID=799CC8A5474456D793336983DF559987
2022-02-27T00:13:44 5045.345 WRN [EOS] [LogHttp - Warning] 000001D363C75AB0: invalid HTTP response code received. URL: https://api.epicgames.dev/datarouter/api/v1/public/data/clients?AppID=85fffb61212b491999cd7fc03eb09bf6&AppVersion=1.14.1-18059966&AppEnvironment=8a44365d5ccb43328b4df2f8ca199e43&UploadType=eteventstream&SessionID=799CC8A5474456D793336983DF559987, HTTP code: 0, content length: 0, actual payload size: 0
2022-02-27T00:13:44 5045.345 WRN [EOS] [LogHttp - Warning] 000001D363C75AB0: request failed, libcurl error: 7 (Couldn't connect to server)

That's just one section of a series. Prior to that occurring you would not really see anything much outside of players dropping connection regularly.

This has been in my list of things to collect and report in detail internally for almost a month, but sometimes life just throws you a bunch of lemons.

Blue mame · Mar 15, 2022

meganoth said:
Do you know if the attacker uses one steam/EOS id and enters the game multiple times in fast succession? Or does he have multiple steam accounts (which at least is some cost to set up and get a game for each account). A log of such an attack would be really helpful.

As described by Moderators, they use the API to complete these series of operations, and you can't even see any valid data until the server goes down.

meganoth · Mar 16, 2022

SylenThunder said:
I'm pretty sure it's just done as an API call to the server. Similar to how the information for the server is gathered for the Steam server listing. Since it's a valid request, the server spends the resources to collect and send the information. If you have a small amount of bandwidth it would fill the network tunnel like a DDoS attack. It's more closely like a SYN flood attack than a DDoS in that it mostly relies on crippling the server's ability to process data rather than just filling the pipe.

I do happen to have a few samples of what one of these attacks looks like in the server log.

2022-02-27T00:13:42 5043.245 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 0 (Hostname api.epicgames.dev was found in DNS cache)
2022-02-27T00:13:42 5043.245 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 1 ( Trying 35.170.121.150...)
2022-02-27T00:13:42 5043.245 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 2 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.245 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 3 (connect to 35.170.121.150 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 4 ( Trying 52.3.215.227...)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 5 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 6 (connect to 52.3.215.227 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 7 ( Trying 174.129.73.34...)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 8 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 9 (connect to 174.129.73.34 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 10 ( Trying 18.214.115.143...)
2022-02-27T00:13:42 5043.246 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 11 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 12 (connect to 18.214.115.143 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 13 ( Trying 52.21.23.28...)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 14 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 15 (connect to 52.21.23.28 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 16 ( Trying 52.55.66.31...)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 17 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 18 (connect to 52.55.66.31 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 19 ( Trying 34.196.177.18...)
2022-02-27T00:13:42 5043.247 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 20 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.248 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 21 (connect to 34.196.177.18 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.248 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 22 ( Trying 18.233.137.75...)
2022-02-27T00:13:42 5043.248 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 23 (TCP_NODELAY set)
2022-02-27T00:13:42 5043.248 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 24 (connect to 18.233.137.75 port 443 failed: Bad access)
2022-02-27T00:13:42 5043.248 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 25 (Failed to connect to api.epicgames.dev port 443: Bad access)
2022-02-27T00:13:42 5043.248 WRN [EOS] [LogHttp - Warning] 000001D407518890: libcurl info message cache 26 (Closing connection 35)
2022-02-27T00:13:42 5043.345 WRN [EOS] [LogHttp - Warning] Retry exhausted on https://api.epicgames.dev/telemetry/data/datarouter/api/v1/public/data?SessionID={4D6D63FB-4C61-28A4-7934-08A2B4FCD6AF}&AppID=EOSSDK.PhaseRelease.ReleaseBuild&AppVersion=1.14.1-18059966 - %2B%2BEOSSDK%2BRelease-1.14.1-CL-18059966&UserID=&AppEnvironment=Production&UploadType=sdkevents
2022-02-27T00:13:44 5045.245 WRN [EOS] [LogHttp - Warning] Retry 1 on https://api.epicgames.dev/datarouter/api/v1/public/data/clients?AppID=85fffb61212b491999cd7fc03eb09bf6&AppVersion=1.14.1-18059966&AppEnvironment=8a44365d5ccb43328b4df2f8ca199e43&UploadType=eteventstream&SessionID=799CC8A5474456D793336983DF559987
2022-02-27T00:13:44 5045.345 WRN [EOS] [LogHttp - Warning] 000001D363C75AB0: invalid HTTP response code received. URL: https://api.epicgames.dev/datarouter/api/v1/public/data/clients?AppID=85fffb61212b491999cd7fc03eb09bf6&AppVersion=1.14.1-18059966&AppEnvironment=8a44365d5ccb43328b4df2f8ca199e43&UploadType=eteventstream&SessionID=799CC8A5474456D793336983DF559987, HTTP code: 0, content length: 0, actual payload size: 0
2022-02-27T00:13:44 5045.345 WRN [EOS] [LogHttp - Warning] 000001D363C75AB0: request failed, libcurl error: 7 (Couldn't connect to server)

That's just one section of a series. Prior to that occurring you would not really see anything much outside of players dropping connection regularly.

This has been in my list of things to collect and report in detail internally for almost a month, but sometimes life just throws you a bunch of lemons.

I'm glad we were able to remind you

Server "crash" joining error

mipastu

New member

Blue mame

New member

meganoth

Community Moderator

Blue mame

New member

meganoth

Community Moderator

Blue mame

New member

meganoth

Community Moderator

Blue mame

New member

meganoth

Community Moderator

SylenThunder

Community Moderator / IT Guru

Blue mame

New member

meganoth

Community Moderator