[mohaa] Latest mohaa_lnxded binaries - bufferoverflow not fixed?
Richard Harrison
richardnharrison at btinternet.com
Tue Aug 10 04:19:40 EDT 2004
I think ryan mentioned this before and said that it would be very difficult to do due to the way that cd-key authentication works.
i.e. a person has to connect to validate a key.
I could be way off but i seem to recall that.
Richard.
The Guvnor <guvnor at evildictators.com> wrote:
Ive found out how people do this, and so far, there is nothing that can
stop this.
Ryan, I will email you the dos program they used to do this so you can look
at how to patch the current binaries against this.
ps. please make it 64bit compatible.
Kim
++++++++++++++++++++++++++++++++++++++++++
Hi ryan et all,
im a little confused as to how the latest mohaa binaries fix the buffer
overflow problem. Players are still able to occupy the server slots with
fake names using the same ip all in the same minute. Look at the below:
8th aug 04
21:18:14 Iamafake/81.156.111.91 has logged on to play
21:18:14 fakeplayer/81.156.111.91 has logged on to play
21:20:40 Iamafake/81.156.111.91 has logged on to play
21:20:40 fakeplayer/81.156.111.91 has logged on to play
21:20:41 cantseeme/81.156.111.91 has logged on to play
9th aug 04
16:01:47 Iamafake/81.156.165.154 has logged on to play
16:01:48 fakeplayer/81.156.165.154 has logged on to play
16:01:48 cantseeme/81.156.165.154 has logged on to play
16:01:49 dontkickme/81.156.165.154 has logged on to play
16:01:49 Iamhere/81.156.165.154 has logged on to play
16:01:49 wearealot/81.156.165.154 has logged on to play
16:01:50 kickme/81.156.165.154 has logged on to play
16:01:57 fake/81.156.165.154 has logged on to play
16:01:57 whoamI/81.156.165.154 has logged on to play
16:01:58 whatamI/81.156.165.154 has logged on to play
16:01:59 whatImustdo/81.156.165.154 has logged on to play
16:02:00 Ihate/81.156.165.154 has logged on to play
16:02:00 whoIhate/81.156.165.154 has logged on to play
16:02:01 whatIhate/81.156.165.154 has logged on to play
16:02:01 whyIhate/81.156.165.154 has logged on to play
16:03:54 isthisaPoC/81.156.165.154 has logged on to play
Is the latest binaries supposed to be able to 'stop' the problem or just
'limit it' somehow? Whatever it is, the latest binaries dont seem to be
stopping the problem, some servers have only have 12 players maximum and it
takes just one goofball to take it out. The posted CI logs above are for a
server that has the latest mohaa linux binaries.
Kim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/mohaa/attachments/20040810/5df8af32/attachment.htm>
More information about the Mohaa
mailing list