Urban Terror Forums: [WARNING] Malicious ghost clients - Urban Terror Forums

Jump to content

 Login | Register 
Advertisement
  • (3 Pages)
  • +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

[WARNING] Malicious ghost clients Rate Topic: -----

#21 User is offline   egia Icon

  • Account: egia
  • Country:
  • Joined: 23-February 14
  • Posts: 13

Posted 30 November 2017 - 02:03 AM

View Postwarsheep, on 29 November 2017 - 05:44 AM, said:

rly intressting,
1 time i used this to troll a serveradmin who thinks he can used adminabuse anytime, i just written me a littl batch file who start and connect 20 times with a rdm name to the server with delet the qkey after any startto creat a new id
so the serveradmin just saw 20 users with 20 id came with 1 ip on the server and idl ther. and when he tryed to ban me with b3 its only banned 1 of them .
possible thats helped u out to fix this.

ps: i never used this again or puplished it.


This is what the attacker do, but at this time, only a page delivers C code with Huffman enconde published on ioq3 engine release.
So there was a little steps to do to compile and modify the source code to make a massive attack.
Now some guy release q3huff for py3 and make easier for all noob coders make some like that.

#22 User is offline   egia Icon

  • Account: egia
  • Country:
  • Joined: 23-February 14
  • Posts: 13

Posted 30 November 2017 - 06:56 AM

My point is: The same situation applies to Resurgence, so why not test the basic exploits on FZ proyect? B3 or Spunky aren't prepared to handle UE's exploits published on the web, I count at least 4 gaps available.

#23 User is offline   Fenix Icon

  •   former FS member   
  • Account: fenix
  • Country:
  • Joined: 06-December 10
  • Posts: 425

Posted 30 November 2017 - 02:45 PM

View Postegia, on 30 November 2017 - 01:52 AM, said:

B3 works with iptables, or only ban by iq3 engine?, if B3 not work with iptables, the attacker still get server bandwith, BTW running B3 as root is not a good advise.


B3 bans using ioq3 engine obviously.
What are you stating here makes no sense. The only real problem is a server getting filled with ghost connections occupying slots. There is no real connection between a client and the server since as many others videogame engine, the ioq3 engine uses UDP; there is no end to end connection between the hosts so the only way to consume server bandwidth is to flood the server with data over the open UDP port, but the ioq3 engine has a patch to prevent this from happening.

What Barbatos mentioned in the first post is more than enough to stop this from happening.

As a side note: B3, or any other bot, are only interfaces to stuff provided by the game so in ANY way B3 cannot fix engine's exploits. Although, it can help dealing with them by performing automated tasks.

Also you are worrying about a problem that maybe will happen with UE when there is no playable game yet, and as far as I know there is no remote RCON interface bundled with UE, so unless FS decides to include it by rewriting it from scratch, there will be no B3 for Resurgence (there may not be even if it UE will support RCON though).

This post has been edited by Fenix: 30 November 2017 - 02:50 PM


#24 User is offline   egia Icon

  • Account: egia
  • Country:
  • Joined: 23-February 14
  • Posts: 13

Posted 30 November 2017 - 08:14 PM

View PostFenix, on 30 November 2017 - 02:45 PM, said:

B3 bans using ioq3 engine obviously.
What are you stating here makes no sense. The only real problem is a server getting filled with ghost connections occupying slots. There is no real connection between a client and the server since as many others videogame engine, the ioq3 engine uses UDP; there is no end to end connection between the hosts so the only way to consume server bandwidth is to flood the server with data over the open UDP port, but the ioq3 engine has a patch to prevent this from happening.

What Barbatos mentioned in the first post is more than enough to stop this from happening.

As a side note: B3, or any other bot, are only interfaces to stuff provided by the game so in ANY way B3 cannot fix engine's exploits. Although, it can help dealing with them by performing automated tasks.

Also you are worrying about a problem that maybe will happen with UE when there is no playable game yet, and as far as I know there is no remote RCON interface bundled with UE, so unless FS decides to include it by rewriting it from scratch, there will be no B3 for Resurgence (there may not be even if it UE will support RCON though).


First, if you ran the erased script, you can see a full client-server conn (the main func of this script is understand how the engine works without huffman encyption) so no matter if the way is UDP or TCP, the servers feels the script as a normal player because you sent the correct packages, i don-t publish anything after the initial handshake, but...
Then the low-cost bad handled servers provided by community are sensible to higer number of conn, a relgular server ~ US$ 15 can handle 16 conn on full rate in best scenario, and if the engine filters an attacker, well, you can see CI or TimeOut reported in the same thread, for more information qconsole on developer mode give the related information.

Second, Resurgence full developement is no needed to test network architecture gaps, it-s basic stuff my friend.

Regards.

This post has been edited by egia: 30 November 2017 - 09:05 PM


#25 User is offline   Fenix Icon

  •   former FS member   
  • Account: fenix
  • Country:
  • Joined: 06-December 10
  • Posts: 425

Posted 01 December 2017 - 08:16 AM

To be honest I don't know what to reply here. I'd just leave you with your beliefs Posted Image

bullet_loaderAdvertisement

#26 User is offline   egia Icon

  • Account: egia
  • Country:
  • Joined: 23-February 14
  • Posts: 13

Posted 03 December 2017 - 02:19 AM

View PostFenix, on 01 December 2017 - 08:16 AM, said:

To be honest I don't know what to reply here. I'd just leave you with your beliefs Posted Image


It has been done before, and these facts are not related to beliefs, i don't go to mess comunity servers; but it's funny to see this kind of answers. Regards.

#27 User is offline   Makeurtgreatagain Icon

Posted 03 December 2017 - 05:04 PM

the nativity presented here is astounding
b3 is worthless

UE4 is going to be a hackers paradise because its p2p you can already manipulate other clients in UE4 you can do all manner of evil things like inject a wallhack into somebody elses client, crash there client, lock them in invisible boxes

#28 User is offline   egia Icon

  • Account: egia
  • Country:
  • Joined: 23-February 14
  • Posts: 13

Posted 03 December 2017 - 08:12 PM

View PostMakeurtgreatagain, on 03 December 2017 - 05:04 PM, said:

the nativity presented here is astounding
b3 is worthless

UE4 is going to be a hackers paradise because its p2p you can already manipulate other clients in UE4 you can do all manner of evil things like inject a wallhack into somebody elses client, crash there client, lock them in invisible boxes


I don't agree with this statement, in fact, Malicious... went developed when ioq3 was published, and only one guy wrote the code and publish it for C.
Many many years later UrT has the [Gz] bot 'attack' (or joke), actually there are really few people with dev habilities on players side, mostly so called sysadmins looking for info over wiki...
UE has gaps, it's a fact, this gaps are published in the same way of ioq3, for my friend this topics it's related to belief, but i don't think so. Then if we work on the published code we can reduce the impact of a courious troll.

Related to wallhacks, aimbots and misc, the truth is: a lot of old clan leaders bring this to his players and say: 'don't mess with it' When an engine game comes open, it so difficult to avoid this, and went worse when the players looking this dll more than looking for skill, this is why there are only one rapid` (it's just an example... I get tired of headshot him :P)

Heartbleed is another example, in my point of view, its just some guy running PoC already published and we can try to fix this issues to make a better experience.

I like to think about resurgence as a great improvement to UrT Universe, but it's only my hope.

This post has been edited by egia: 03 December 2017 - 08:24 PM



#30 User is online   Iye Icon

  •   head moderator   
    Co-Chief Community Moderator
  • Account: iye
  • Country:
  • Joined: 07-June 11
  • Posts: 1,054

Posted 08 December 2017 - 12:30 AM

Simple. Just make the obvious conclusion from the announced client side hit detection to peer to peer file transfer to the obvious holes in those protocols that clearly allow you to just put some random files on other clients machines.

Anyways. Could we stop the unrelated discussion in this thread now? If any demand for further clarification exists, open up a new topic.
Sorry for my bad spelling - I am still asleep. :)

|=| Iye's UrT Addon |=| Firefox Personas |=| Maps |=|
http://www.mediafire...vk3a602hcfg.jpg

  • (3 Pages)
  • +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Advertisement


Copyright © 1999-2024 Frozensand Games Limited  |  All rights reserved  |  Urban Terror™ and FrozenSand™ are trademarks of Frozensand Games Limited

Frozensand Games is a Limited company registered in England and Wales. Company Reg No: 10343942