Reborn RC3 Really Fix Get Status and Flooding?

**own3mall** · March 26th, 2012, 11:43 PM

Hey Guys,

I'm sure Reborn RC3 fixed the flooding and get status packet injections, correct? I still keep seeing a lot of this in my logs:

Code:

Going from CS_CONNECTED to CS_PRIMED for .|Bw.Traviieso.420
SV packet 189.197.166.206:-15081 : getstatus
SV packet 189.239.254.87:15740 : getstatus
SV packet 108.70.145.92:-14614 : getstatus
SV packet 189.178.246.223:-13600 : getstatus
SV packet 108.231.14.108:1241 : getstatus
SV packet 72.177.211.6:-5023 : getstatus
SV packet 75.70.226.243:1101 : getstatus
SV packet 24.109.215.146:-2829 : getstatus
SV packet 204.111.220.169:-6775 : getstatus
SV packet 99.113.14.61:-1211 : getstatus
SV packet 189.173.113.167:1068 : getstatus
SV packet 108.85.1.53:-7286 : getstatus
SV packet 187.151.97.9:-5897 : getstatus
SV packet 89.231.239.68:-11209 : getstatus
SV packet 96.20.181.135:6295 : getstatus
SV packet 70.80.233.23:-4496 : getstatus
Going from CS_PRIMED to CS_ACTIVE for .|Bw.Traviieso.420
.|Bw.Traviieso.420 has entered the battle
Taking item Colt 45 away from player
client text ignored for .|Bw.Traviieso.420
SV packet 190.87.148.37:-7719 : getstatus
SV packet 201.215.29.128:-6313 : getstatus
SV packet 108.61.78.149:-20043 : getstatus
SV packet 189.197.166.206:-15081 : getstatus
SV packet 189.197.166.206:12203 : getchallenge
SV packet 41.100.81.25:-15481 : getstatus
SV packet 190.87.148.37:-8131 : getchallenge
SV packet 189.197.166.206:12203 : connect
SVC_DirectConnect ()

Should I be concerned with these get status requests, or are they fine? Individuals querying the server from xfire, perhaps?

I didn't quite understand the exploit Reborn RC3 was supposed to fix, so I don't really know what I'm talking about.

**JoTo** · March 27th, 2012, 07:11 AM

looks normal to me, if a server is popular it will get many legit getstatus request.

**Razo[R]apiD** · March 27th, 2012, 08:39 AM

And even if it's an attack, you won't get your server lagged or players disconnected.

**JoTo** · March 27th, 2012, 09:37 AM

hmmm I not totally agree. Every packet that is being send to the server causes the server to handle it in a way or other. It is just a matter of the capacity of the server and how many packets being send to the server to make the server lag.
100 getstatus packets per second (not blocked) allready add a noticeable cpu overhead to the server, 1000 packets (not blocked) will allready lag the server hard.
Ofc if they are blocked its reduced, but still not completely eliminated.

**Razo[R]apiD** · March 27th, 2012, 10:37 AM

Even if you block them using firewall, your internet connection can get overloaded or your Ethernet card.. administrators use advanced switch'es and routing to re-route the load to other servers and so on which is impossible and way too expensive for simple game server.

Server will read the packet, yes, but it's the server's response that causes the most lag. Reading the packet and ignoring/dropping it won't keep server busy with building the response packet.

**Murdock** · April 6th, 2012, 04:56 AM

just found out why there are so many attacks lately. This mohaa exploit has been added to the metasploit framework under armitage......grrr

Attachment 477

**val** · April 6th, 2012, 05:38 AM

maybe not a good idea to put this link here, it can give some ideas to some malicious kids...

**JoTo** · April 6th, 2012, 06:46 AM

I think many of the attacs have to do with this here: http://cert.lexsi.com/weblog/index.p...gaming-servers
and are just "exported" to mohaa

**James** · April 6th, 2012, 06:51 AM

@Murdock, looks like link is not valid on my end, but can you please pm me the info with the valid link. I'm curious to see how it works.

**Murdock** · April 6th, 2012, 08:57 AM

I just posted a screenshot but I think its removed by someone. I will pm you the exploit in the framework

Thread: Reborn RC3 Really Fix Get Status and Flooding?

Thread Tools

Display

Reborn RC3 Really Fix Get Status and Flooding?

Posting Permissions