[Freeciv-Dev] Re: DoS attack server with allowconnect (PR#1139)
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Addendum:
> > I have already reported bug#1103 (maxplayers abuse).
> > But civserver.freeciv.org port 5551 is still not reachable.
> > Server messages:
> > ...Sorry, no new players allowed in this game
> > or if you join with name "joker" (there is only 1 AI player)
> > ...Sorry, no observation of AI players in this game
[...]
> > After a while i found the setting: allowconnect
> > You can DoS server with "set allowconnect" (without any value) - this will
> > disable access for everyone.
This is what happened (with a different name and hostname):
<QUOTE>
2: Connection request from Anonymized from anonymized.host.name
2: Anonymized has client version 1.12.0
2: Anonymized has joined as player Anonymized.
>
Anonymized: '/create joker'
2: joker has been added as an AI-controlled player.
>
Anonymized: '/set allowconnect as joker'
>
2: Lost connection: Anonymized from anonymized.host.name (player Anonymized).
2: Removing player Anonymized.
>
2: Connection request from Anonymized from anonymized.host.name
2: Anonymized has client version 1.12.0
2: Anonymized was rejected: No connections as new player.
>
2: Connection request from Anonymized from anonymized.host.name
2: Anonymized has client version 1.12.0
2: Anonymized was rejected: No connections as new player.
</QUOTE>
It only occurred to *others* to connect as 'joker'. Not that it helped ...
Clearly, not a case of abuse, but a broken 'set allowconnect' interface.
Suggestions to improve it are welcome. The first thing that should happen is
that invalid command lines are rejected! If decent parsing code
for the command line ever makes it into CVS this will be easier.
--
Reiner
|
|
