Some members of the WT-F community are targeting our servers. A few attacks were directly linked to them.
One of the attackers, [WTF] backwards [DEV], made no effort to hide the source of the attack nor his involvement. He sent unspoofed attack traffic from his test server, 199.116.118.27 [IMG], and did so immediately after connecting in-game.
Here is part of a TCPDump showing the attack traffic in question:
19:21:56.397878 IP (tos 0x28, ttl 117, id 23619, offset 0, flags [DF], proto UDP (17), length 38)
199.116.118.27.59718 > 74.91.113.123.27015: [udp sum ok] UDP, length 10
0x0000: 4528 0026 5c43 4000 7511 aff5 c774 761b E(.&\[email protected].
0x0010: 4a5b 717b e946 6987 0012 92e5 fdff ffff J[q{.Fi.........
0x0020: 4c5a 5353 8302 LZSS..
19:21:56.397881 IP (tos 0x28, ttl 117, id 23620, offset 0, flags [DF], proto UDP (17), length 34)
199.116.118.27.59718 > 74.91.113.123.27015: [udp sum ok] UDP, length 6
0x0000: 4528 0022 5c44 4000 7511 aff8 c774 761b E(."\[email protected].
0x0010: 4a5b 717b e946 6987 000e 4888 ffff ffff J[q{.Fi...H.....
0x0020: 6b15 k.
19:21:56.397883 IP (tos 0x28, ttl 117, id 23621, offset 0, flags [DF], proto UDP (17), length 34)
199.116.118.27.59718 > 74.91.113.123.27015: [udp sum ok] UDP, length 6
0x0000: 4528 0022 5c45 4000 7511 aff7 c774 761b E(."\[email protected].
0x0010: 4a5b 717b e946 6987 000e 4888 ffff ffff J[q{.Fi...H.....
0x0020: 6b15 k.
Accounts:
STEAM_0:0:16583896 [main acc]
STEAM_0:0:16229287 [vac'd]
STEAM_0:0:17462301 [offering DOS services]
more proof:
One of the attackers, [WTF] backwards [DEV], made no effort to hide the source of the attack nor his involvement. He sent unspoofed attack traffic from his test server, 199.116.118.27 [IMG], and did so immediately after connecting in-game.
Here is part of a TCPDump showing the attack traffic in question:
19:21:56.397878 IP (tos 0x28, ttl 117, id 23619, offset 0, flags [DF], proto UDP (17), length 38)
199.116.118.27.59718 > 74.91.113.123.27015: [udp sum ok] UDP, length 10
0x0000: 4528 0026 5c43 4000 7511 aff5 c774 761b E(.&\[email protected].
0x0010: 4a5b 717b e946 6987 0012 92e5 fdff ffff J[q{.Fi.........
0x0020: 4c5a 5353 8302 LZSS..
19:21:56.397881 IP (tos 0x28, ttl 117, id 23620, offset 0, flags [DF], proto UDP (17), length 34)
199.116.118.27.59718 > 74.91.113.123.27015: [udp sum ok] UDP, length 6
0x0000: 4528 0022 5c44 4000 7511 aff8 c774 761b E(."\[email protected].
0x0010: 4a5b 717b e946 6987 000e 4888 ffff ffff J[q{.Fi...H.....
0x0020: 6b15 k.
19:21:56.397883 IP (tos 0x28, ttl 117, id 23621, offset 0, flags [DF], proto UDP (17), length 34)
199.116.118.27.59718 > 74.91.113.123.27015: [udp sum ok] UDP, length 6
0x0000: 4528 0022 5c45 4000 7511 aff7 c774 761b E(."\[email protected].
0x0010: 4a5b 717b e946 6987 000e 4888 ffff ffff J[q{.Fi...H.....
0x0020: 6b15 k.
Accounts:
STEAM_0:0:16583896 [main acc]
STEAM_0:0:16229287 [vac'd]
STEAM_0:0:17462301 [offering DOS services]
more proof:
![[-]](https://war-lords.net/forum/images/collapse.png)
Steam Wrote: 4:02 PM - George, of the jungle: was out
4:02 PM - George, of the jungle: bison, dude
4:02 PM - Brawl Bashin’ Bison: ???
4:02 PM - George, of the jungle: you're very rude towards alina
4:02 PM - George, of the jungle: how about unbanning her friend?
4:02 PM - George, of the jungle: I mean
4:02 PM - George, of the jungle: it's only gamebanana skins
4:02 PM - Brawl Bashin’ Bison: LOL
4:02 PM - George, of the jungle: ^^
4:02 PM - Brawl Bashin’ Bison: LOLOL
4:02 PM - George, of the jungle: lol