[mohaa] More MOHAA fixes...

[Fredrick Ludden]

How does this "fake player slot crap" work?  We had a bunch of hooligans try
to enter the server apparently all using the same IP.  They were
unsuccessful since we banned the IP.  Anyone care to explain what they were
trying to do and what vulnerability this exploits?

Thanks,
Fred

-----Original Message-----
From: Brian Holt [mailto:rouier at verizon.net]
Sent: Monday, July 26, 2004 1:21 PM
To: mohaa at icculus.org
Subject: Re: [mohaa] More MOHAA fixes...


We really need a patch for the fake player slot crap. Anyone got one?

Brian Holt

----- Original Message -----
From: "Anthony Quon" <anthonyquon at hotmail.com>
To: <mohaa at icculus.org>
Sent: Monday, July 26, 2004 12:33 PM
Subject: RE: [mohaa] More MOHAA fixes...


> Ryan,
> Does this also fix the problem where a hacker can connect to every open
slot
> in a server and crash the server?
>
>
> >From: "Ryan C. Gordon" <icculus at clutteredmind.org>
> >Reply-To: mohaa at icculus.org
> >To: mohaa at icculus.org
> >Subject: [mohaa] More MOHAA fixes...
> >Date: Sun, 25 Jul 2004 14:15:15 -0400
> >
> >
> >Another MOHAA build...
> >
> >   http://icculus.org/betas/mohaa/mohaa-lnxded-07252004.tar.bz2
> >
> >This one has:
> >- The buffer overflow fix Luigi pointed out.
> >- The grenade animation crash fix.
> >- The UBoat spawn fix.
> >
> >The first one still needs fixing in Spearhead, the other two are fixes
> >backported from Spearhead, as thus only the original MOHAA was
> >vulnerable.
> >
> >Luigi and I are still deciding if the buffer overflow fix covers all
> >possible exploits, so there might be one more build. And, of course, a
> >Spearhead update is still forthcoming.
> >
> >--ryan.
> >
> >
> >
>
>