ok I was just reading

http://www.cyberiapc.com/forums/index.php?showtopic=5069

because I kicked someone off my UT2k4 server, and I don't know if it was random or not, but a minute or so after I kicked him my server crashed and I lost my internet connection for about a minute. Reading about the weakness, I don't know if he had the capability of making me lose my internet conection, did he? Do you guys think I was a victim of the /secure querey bug, because I haven't patched my UT, and I want to stop this bug without patching it. Also I downloaded that unsecure.zip from the above post, and tried to crash my own server with it to see if I was indeed valnurable, but it didn't work. If he did, how did the guy crash my server and kick me off the internet for about a minute? Any help would be appreciated. BTW sys specs are

3.2ghz p4 HT
winxp everything updated except service packets
geforce fx 5950
1gig DDR 3200 ram
alskdjfakldjflakjsdflkjabblah blah blah blah, HELP!!!!!

TIA!

Welcome to the forums clown_ie.

I'm not too familiar with Windows servers, but if you've got the server patched (with the 3236 patch) and it's still being compromised, the culprit could well be an OS vulnerability. Just to clarify, is the server running Windows or Linux?

Best advice would be to see if it happens again once you're sure UT2004 and the OS are patched. If it does, check the logs to see what code the attacker executed (most likely a reboot from your post) and then post back.

Hi, thanx for the response. In my first post I put it on my sys specs, it is running under winxp (all patches except service packets), but I really don't want to install service packets, and I don't want to install the unreal patch, because I have only 1 valid serial and I want to play with my friends and I found a way to do it with the unpatched version. Actually I had all the windows patches except for maybe 5 of the latests security patches which I downloaded from microsoft right after my server crashed. I'm not sure if it was an OS attack or not, but that might have been the reason. Also I don't use the windows xp firewall, because it gets annoying when I'm trying to send files through AIM, and just in general I feel restricted. I guess my question is, can the unreal leak allow someone to kick me offline? Also is there a way to patch it without updating unreal. Finally just throw suggestions at me, I'm a sponge:) What do you guys think about winxp firewall? How do these guys crash servers? What programs? I wana set up a good defense. Thanx guys appreciate your feedback

clown_ie

Based on the advisory, yes. The vulnerability would enable an attacker to do anything from killing your connection to rebooting your machine. I don't know of a way around it other than to download and run the 3236 patch.

If you want to secure your machine, you'll need to add security in layers. The firewall is one layer, and having an effective firewall that only keeps essential ports open while monitoring DoS attempts is important. If you're running the server on WinXP, check the thread in this forum on good free firewalls. With most of them, you'll be able to specify the port used by AIM and keep it open if you want.

Securing the OS is another layer and involves making sure the latest security updates and patches are applied. All an attacker needs to compromise your server is an unpatched security hole.

Hope that helps