Server Full - Solution (beta)
#9

Quote:
Originally Posted by Kikito
Посмотреть сообщение
Could you explain why "UDP" sucks?
cuz you don't have handshake, so you don't have a way to know if the IP source is real or isn't.

And that is where the exploit is.

The attacker is on IP, for exemple, 123.123.123.123 and he send a packet pretending to be 144.144.144.144, and include on this packet the connection packet data (4 bytes, usually some kind of hash from server port).

So the server only see the source 144.144.144.144 asking for connection, and give it to him. He doesn't know the 144.144.144.144 is not really asking for connection, it is a fake.


and the IP 123.123.123.123 try it again with an other ip, for exemple, 84.84.84.84
and again with other IP


A single server with 100mbps bandwidth can send up to 133,333 packets per second, each one with a different IP address (it doesn't have to have this address, he only fake it)

and that is why UDP sucks, it has this exploit by default

the solution is use a handshake, how it works with TCP?

first packet to be accepted has to be a, for exemple "hello, what is my password?".
and the server return "hello, you password is xAEW54x, repet it to me",
and, finally the IP source has to say "my password is xAEW54x, can I connect now?"

this is the only way to check if the IP Source is real, and TCP has it by default, UDP doesn't. And what I did was to try to force an other type of handshake by a "maze" with packets, and that is why the query is a bit slow...


I'm getting it simplified, the attacker already know and is doing it harder to force this handshake, and we are also doing it better...
Reply


Messages In This Thread
Server Full - Solution (beta) - by dudaefj - 07.12.2014, 01:41
Re: Server Full - Solution (beta) - by BrasilPlayGames - 07.12.2014, 01:45
Re: Server Full - Solution (beta) - by Raphael_Santos - 07.12.2014, 01:54
Re: Server Full - Solution (beta) - by Unyx - 07.12.2014, 02:15
Re: Server Full - Solution (beta) - by Raphael_Santos - 07.12.2014, 02:31
Re: Server Full - Solution (beta) - by dudaefj - 07.12.2014, 02:34
Re: Server Full - Solution (beta) - by Unyx - 07.12.2014, 02:35
Re: Server Full - Solution (beta) - by GWMPT - 07.12.2014, 02:37
Re: Server Full - Solution (beta) - by dudaefj - 07.12.2014, 02:52
Re: Server Full - Solution (beta) - by dudaefj - 07.12.2014, 03:03

Forum Jump:


Users browsing this thread: 1 Guest(s)