A Project for Chronicle 4 based on L2JServer.


    Pack Vulnerable to Attack.

    Share
    avatar
    Mordor

    Posts : 5
    Join date : 2015-12-21
    Age : 25
    Location : Argentina

    Pack Vulnerable to Attack.

    Post  Mordor on 12th January 2018, 17:07

    I testing the serverpack again and....guys can fix this? Neutral

    https://ibb.co/mDx3mm

    avatar
    jmd

    Posts : 26
    Join date : 2013-03-07
    Age : 26
    Location : Greece

    Re: Pack Vulnerable to Attack.

    Post  jmd on 13th January 2018, 11:00

    What exactly are you doing? Packet flood?

    UPDATE:
    If you are hosted on a proper server this cant do shit.
    avatar
    Mordor

    Posts : 5
    Join date : 2015-12-21
    Age : 25
    Location : Argentina

    Re: Pack Vulnerable to Attack.

    Post  Mordor on 13th January 2018, 23:48

    jmd wrote:What exactly are you doing? Packet flood?

    UPDATE:
    If you are hosted on a proper server this cant do shit.

    Im testing in my computer but happen in private host inclusive.
    avatar
    jmd

    Posts : 26
    Join date : 2013-03-07
    Age : 26
    Location : Greece

    Re: Pack Vulnerable to Attack.

    Post  jmd on 14th January 2018, 03:30

    Mordor wrote:
    jmd wrote:What exactly are you doing? Packet flood?

    UPDATE:
    If you are hosted on a proper server this cant do shit.

    Im testing in my computer but happen in private host inclusive.

    Regardless there isnt anything we can do about that on the server files, its up to the hosting company to protect their servers against these things.
    avatar
    Mordor

    Posts : 5
    Join date : 2015-12-21
    Age : 25
    Location : Argentina

    Re: Pack Vulnerable to Attack.

    Post  Mordor on 14th January 2018, 16:03

    Maybe you can... im testing in another server pack c4 (l2jadmins) and this packethack don't work, look it:

    avatar
    DnR
    Admin
    Admin

    Posts : 1053
    Join date : 2012-12-03

    Re: Pack Vulnerable to Attack.

    Post  DnR on 14th January 2018, 16:40

    I can't figure out much since your report lacks details.
    What is your server revision?
    Also, does it really crash or cause lag to server?
    Logs are just for logging. This doesn't mean anything to me.
    Please do some tests while logged in as a player to both packs.

    PS: I would also like to get Server Attacker v3 if possible. I see it's too old to find it in the web.
    avatar
    Mordor

    Posts : 5
    Join date : 2015-12-21
    Age : 25
    Location : Argentina

    Re: Pack Vulnerable to Attack.

    Post  Mordor on 14th January 2018, 18:27

    DnR wrote:I can't figure out much since your report lacks details.
    What is your server revision?
    Also, does it really crash or cause lag to server?
    Logs are just for logging. This doesn't mean anything to me.
    Please do some tests while logged in as a player to both packs.

    PS: I would also like to get Server Attacker v3 if possible. I see it's too old to find it in the web.


    Im using the last revision. Yes this "cheat" cause lag probably but send packs constantly and never stop, and may be colapse at some point
    , and is too old, only work in olders serverpack (L2jTeon, L2Equal, and so one) i cant check if this cause lag because im only in the server. I send this cheat in MP.

    PD: Sorry for my english.
    avatar
    DnR
    Admin
    Admin

    Posts : 1053
    Join date : 2012-12-03

    Re: Pack Vulnerable to Attack.

    Post  DnR on 5th February 2018, 02:59

    My apologies for the late response to this topic.
    I have studied this issue thoroughly and ended up getting some useful results.

    Server attacker can take down an l2jadmins server, too. Since our mmocore is identical in revision 577, i did my own tests.
    As i mentioned in my previous post, logs could mean no threat but actually provide some guidance. In old SelectorThread, there is a check
    that prevents code from reaching unknown packets debugging state.

    You can test it by adding a log info in SelectorThread class -> readData method. You should add the log before the code written below.
    Code:

    _log.info("Unknown packet received.");
             
    b.flip();
    boolean parsed = false;
    while (b.remaining() >= 2)
    {
       int size = b.getShort() & 0xFFFF;
       if (size <= (b.remaining() + 2))
       {
          // parse reading data
          parsed = true;
          parseData(con, size, b);
       }
       else
       {
          break;
       }
    }

    It seems that both projects miss an essential security fix.
    I'm going to apply this fix soon.
    Thanks a lot for your precious report.
    avatar
    Reynald0

    Posts : 30
    Join date : 2015-05-02
    Location : México

    Re: Pack Vulnerable to Attack.

    Post  Reynald0 on 6th February 2018, 21:20

    You can change gameserver port (default 7777) for another like 9000 or 9123 from server side.

    Sponsored content

    Re: Pack Vulnerable to Attack.

    Post  Sponsored content


      Current date/time is 21st September 2018, 14:24