[Freeciv-Dev] Re: DoS attack server with allowconnect (PR#1139)
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Fri, Dec 14, 2001 at 05:02:03AM -0800, schnetter@xxxxxxx wrote:
> Full_Name:
> Version:
> Distribution: Don't know
> Client: Both (or N/A)
> OS:
> Submission from: (NULL) (217.224.164.57)
>
>
> I have already reported bug#1103 (maxplayers abuse).
> But civserver.freeciv.org port 5551 is still not reachable.
> Server messages:
> ...Sorry, no new players allowed in this game
> or if you join with name "joker" (there is only 1 AI player)
> ...Sorry, no observation of AI players in this game
Correct, I haven't reset any existing servers, I'll look at it in the evening
if I have time.
> After a while i found the setting: allowconnect
> You can DoS server with "set allowconnect" (without any value) - this will
> disable access for everyone.
Ironic, considering that the allowconnect option was added precisely to
keep abusers out - and it has never been used up to now.
I don't much feel like kludging up the code with patches just to prevent
abuse - it seldom happens, so it's better to identify abusers and shut them out.
The validmaxplayers patch is nice. We can make another one to put
'allowconnect'
at HACK level, but this is alrready a kludge. An alternative is to switch
the public servers to 'cmdlevel first' mode of operation,
where only one player has ctrl access at any time.
--
Reinier
|
|
