Quakeworld banned ip list

[ratbert]

Don't know exactly what forum section to place this question under.

Question I got is there a given file name you can setup to hold a list of permanent banned ip address list so when you start a server it reads that in?

I am running FTE server just anyone that anwsers my question.

Keep getting some annoying irc bot that joins called SERVEME[NY] keeps broad casting other qw servers.

Never invited them to do that on my server or anyone asking permission about doing it.

[Spike]

to your server.cfg file, add:
exec "listip.cfg"
then use these commands at your console:
addip 1.2.3.4
writeip

the addip line is really all it takes to ban some ip address, the other two lines just make it persistant.
supposedly you can omit parts of it to ban a class C, or add /16 to ban a class B address (with explicit precision), you get the idea.

[Cobalt]

Regretably someone with extensive knowledge of the nat traversal protocal can spoof their IP address pretty easilly, so banning IP's will take out the simple minded offenders, but if they are employing bots to connect, they could have a higher "knowledge" level and do the spoofing.

Why not password protect the server? Im not an expert with QW, dunno if it has that feature, but the Q3 engine definately has it as an option when you set up a server.

[Spike]

in order to establish a connection with a quakeworld server, the server must be able to reply to the sender. even if they spoof their source address, they must still be able to receive packets sent to that address.

an ip-address-based ban is fine for everything other than a DDoS attack (where it doesn't really matter if you reply or not) or a local attacker (ie: lan-based where they are your default gateway).

this is not true of NQ, however, where a spoofed IP address can be trivially used to use all slots on the server, with a single packet per slot. a truely trivial denial of service attack that cannot be IP-banned (incidentilly, if you're using FTE as an NQ server, make sure sv_listen_nq is set to 2 instead of 1 as this will pervert the NQ network protocol to block this attack).
this attack has never been possible with any version of the QW protocol that I am aware of, and DP should be immune too, so long as its not in NQ-compatible mode.
this NQ bug can be quite 'useful' as an amplification attack as part of a DDoS of a real target.
note that most quake-based games can easily be used as part of an amplification attack as they are reply with a large packet to a small packet, for serverinfo. They do at least need a constant stream of requests though, while NQ will happily spam for a few minutes from a single received packet.
If someone does try spamming serverinfo querys to attack a third party, you can always just ban the third party and hope that they stop spamming you.

either way, this isn't someone exploiting the network protocol, this is just someone connecting with a specific unwanted proxy of sorts.

[ratbert]

Nah it one of things that I could not remember on how to ban ip address in quakeworld.

I've had good luck with running some other quakeworld mods in the pass and never had to have ban ip list setup.

As for some spamming or attacking a quakeworld server in some fashion is pretty lame considering how old the game is.