[eider]

Quote:

at the end of 0.3z and Gamer_Z has claimed that the exploit was not fixed.

The fix implemented by Kalcor is working in this example. It succesfully prevented arbitary connection from holding RakNet's resources. What happens now is because every time someone requests handshake from your server, it prints that information to log, and printing that to log is what takes fair amount of CPU time, not responding to handshake. The information in log was probably left as a simplistic solution to a bigger problem where someone could use your server as proxy to flood random targets with random data (although there is no case of amplified attack it is still neat way to hide your real source of attak). The easiest way to fix it for now would be creating plugin with a hook connected directly to function in server that handles cookie exchange and end it before it goes to file operation - you'll lose ability to tell if someone is flooding your server but at the same time attacker will need a way more resources to waste the same amount of CPU time as it would be the case with logging that data, and amount of resources required to do that would propably be too large to actually care about implementing such attack (this needs checking - i'm not sure how efficient is current implementation). Bear in mind that this will propably get fixed in 0.3.7 R2 which is just around the corner. If you, however need immediate fix, please contact me on PM and i'll try to arrange something.