Closed
Description
Describe the bug
About 2024.03, we found our server has some abnormal upload traffic on port 19132 with udp protocol.
with only one player or even no player in game, geyser create an upload traffic up to 50Mbps(My server only has 50Mbps upload bandwidth)
we capture packets(lan1, 19132 port only) by ikuai and found geyser send an 148-length packet after an connection with a cracy speed.
The version of geyser is 2.2.0-SNAPSHOT (git-master-acf24d4) / Build 268
Then we update to 2.2.2-SNAPSHOT (git-master-c9ca4c8)
it seems temporary fix this issue, at least we didnt found geyser create so many upload traffic .
But we receive a report from data center hosting provider, they tell us my server still has outgoing attack on port 19132
we check our router and found geyser will still create connection with other server after an connection(52-length per packet)
about 26 minecraft servers(java) running on this vps, only geyser has this problem
geyser.jar was verified same as we download from geysermc
we turn off the port 19132‘s forwarding on router, and problem disappear temporary
maybe geyser can be used in UDP reflect attack?
To Reproduce
its hard to reproduce, because i cant get what attacker send to my geyser server
but this problem really appear on my server
Expected behaviour
try to verify IP of source UDP connection?
idn
Screenshots / Videos
Packet capture result.zip
this is packet capture result
Server Version and Plugins
in description
Geyser Dump
No response
Geyser Version
2.2.2-SNAPSHOT (git-master-c9ca4c8)
Minecraft: Bedrock Edition Device/Version
No response
Additional Context
No response
Metadata
Metadata
Assignees
Labels
No labels
Activity