Please if you run a dedicated server read this. A virus just killed my machine.

[mirq]

14 hours ago, mirq said:

Thats a good explanation. I will check this scenario. Hopefuly its like that

Scenario is confirmed. Each time players refresh Multiplayer Servers List (MP), a query is sent to all servers listed there.  On UDP. 

Edited January 1, 2023 by mirq

[BitMaster]

If there are any, the only thing you should NOT do, is post them online !!!!

Switch brains ON

 

Happy New Year 2023

[reece146]

Fwiw, in the past i have run DCS Server in a Windows VM on a non-Windows host in my DMZ with the VM only able to see the public internet via a PCIe passed through NIC for some added isolation. Worked fine.

I don't trust Windows or gaming platforms at all - this seemed like the best way to reduce the blast radius if Windows or DCS got compromised. Worst case, delete and restore the image and re-harden as necessary. And it can't get anywhere inside the local networks.

Someone really paranoid would have the VM provisioned via Ansible, wipe and replace after every mission cycle as a matter of course. Actually, might be a reasonable way to side-step the VM part. Make sure winrm is properly hardened of course!

Nowadays people play DCS client on Wine. There's probably no reason why that couldn't be done with DCS server. IIRC its the same set of binaries.

That way you eliminate Windows from the possible attack vectors. I couldn't be bothered to mess with Wine personally, and not sure if I trust Wine that well anyway. Nuke and restoring the image is quick and easy enough.

I only use Windows for DCS and Assetto Corsa. My daily driver computers are not Windows based so I may have a skewed perspective on things.

Another thing to consider... if it isn't being used then turn it off... can't attack something that is turned off. If its a 24/7 box then that is something different.

Random thoughts...

[Dangerzone]

On 1/1/2023 at 3:02 AM, mirq said:

I would like to hear about DCS server vulnerabilities and  exploits.

It'd be a niche thing if it did (DCS isn't really the most common application used), so would be unlikely to be exploited as such just by running DCS alone.

It's when you start doing stuff outside of the norm of DCS that you need to start having some knowledge. Going to open up ports - have an understanding of what you're doing, why, and what may happen. Going to desanitize DCS - again, have an understanding of why.  Running DCS by itself ain't a big risk, but making changes outside of DCS (or to dcs's configurations) changes things.

If you're required to desanitize your scripting in order to run a mission - be vary wary of why. Sometimes it's normal for this (things such as saving game state for persistency, communicating with external software such as overlordbot, etc). For standard single player missions I don't see any reason though why these would need to be desanitized. 

DCS by default sanitizes scripts, denying access to the local file system (lfs), operating system (os) and reading/writing (io), so it's only when removing these that you need to start considering a bit further. 

The good news is DCS is a small community when it comes to scripting and mods, and most mods here that do require it are usually only for servers, and the content that server owners would normally be looking at come from creators that mostly have a good history here. However if in doubt, or if unfamiliar, etc - isolate the PC running DCS from anything else in the network, and be prepared to restore from backups, etc. 

The risk is probably far higher that you're going to be crypto-jacked by other means outside of DCS. (Like the OP). It's something you want to hope to never have, but prepare for that it will happen. Have decent backups, because if the hackers don't get you... then peripheral failures probably will.