View previous topic :: View next topic |
Author |
Message |
Baaleos
Joined: 02 Sep 2007 Posts: 830
|
Posted: Sat Jan 09, 2010 22:55 Post subject: nwnx_anti crash plugin? |
|
|
Hi Zebby, or Virusman -
I was chatting to Funky on nwn forums, and they mentioned a plugin that they have which protects against a vulnerability in nwn server, which allows douchbags (Funkys own words. Lol) to crash servers through use of Corrupted Characters.
http://nwn.bioware.com/forums/viewtopic.html?topic=715224&forum=56&sp=15
Apparently the only person who has the source code for the plugin is Acaos - But I was wondering if any of you nwnx guru's would be willing to port Acaos's plugin to Windows - if he was willing to share his code with you.
I kinda got onto the subject of this crashing exploit, when over the holidays, I had a hacker on my server, who was able to bring it down, 5 times in the space of 20 minutes.
Banning is not effective, as also discussed on the forums, as CDKEY's are able to be grinded to find one which works, Account Names can be made indefinitly, and ip addresses are crap - cause they change.
Ideally, I'd like to protect against the crash exploit.
Im sure everyone would like to be protected too.
I'd imagine that a condition of Acaos sharing the source code(if he agree's), is that it doesnt get added to any svn etc, as it would probably increase vulnerability of other servers etc, if anyone could view the protection mechanism. |
|
Back to top |
|
|
Zebranky
Joined: 04 Jun 2006 Posts: 415
|
Posted: Sun Jan 10, 2010 22:40 Post subject: |
|
|
I'll PM acaos about it. _________________ Win32 SVN builds: http://www.mercuric.net/nwn/nwnx/
<Fluffy-Kooshy> NWNx plugin is to this as nuclear warheads are to getting rid of fire ants.
<ThriWork> whenever I hear nwn extender, I think what does NWN need a penis extender for? |
|
Back to top |
|
|
Baaleos
Joined: 02 Sep 2007 Posts: 830
|
Posted: Sun Jan 10, 2010 22:48 Post subject: Thx |
|
|
Thx Zeb,
Your a star. Would nominate you for a community award or something, if one existed. Lol
(Hopes that they dont exist.. else I might look silly) |
|
Back to top |
|
|
dacarlo
Joined: 22 Jul 2010 Posts: 6
|
Posted: Thu Jul 22, 2010 23:49 Post subject: |
|
|
I propose setting up a beer fund for this guys. |
|
Back to top |
|
|
Vladiat0r
Joined: 17 Jun 2005 Posts: 25
|
Posted: Mon Sep 06, 2010 12:20 Post subject: |
|
|
I believe our antiworld.biz server is having a very similar problem where a malicious player is crashing the server constantly, but I can't figure out how. Please PM me if you can help. Thanks. |
|
Back to top |
|
|
addicted2rpg
Joined: 01 Aug 2008 Posts: 106
|
Posted: Tue Oct 12, 2010 16:27 Post subject: |
|
|
Any more news on this issue? The last comment in the bioware thread states that Zeb was given the code.
I think there are a lot of community developers and general interest in this topic (self included) to enlist many willing collaborators, but it also sounds like something in the fix implies further instability & exploitability as to warrant suppression of the code. If that is so, thank you for your discretion in this matter. |
|
Back to top |
|
|
Fireboar
Joined: 17 Feb 2008 Posts: 323
|
Posted: Wed Oct 13, 2010 9:45 Post subject: |
|
|
It's more that this is an extremely rarely known exploit, and since there isn't a fix yet for Windows servers, releasing the Linux fix would be counterproductive because the source code would enlighten the reader as to the precise nature of the exploit and how to carry it out, making Windows servers much more vulnerable. |
|
Back to top |
|
|
|