Dejavu exploiting

[Dae]

It will be a small patch on a tube with a big hole. So sooner or later the patch will burst open.

[Alex]

Can't someone just use it against him?

Sure we can. But it wont help would it? And we would lower ourselves to his level.

[[FGS]Majestic]

Yeah, hacking himself would be really sad. Lol, there are like 3 "fuck you deja" servers 0 aug now ..hopefully it can be fixed but it seems very effective, even after 5 seconds the server crashes

[synthetic]

im curious how konamis plan might work, mailing gamespy part that is. theoretically Anyone could host a 0aug server, wait it to get wiped and then report to gamespy. Obviously a patch would be priority #1 but 20 emails going gamespy way might be interesting. I also considered the possibility of notifying his university. He claims he has nothing to do with this, at least he did last night, and I was told he also gave the bot out to [3]. So dejavu wont end up as the only enemy and crasher probably.

I usually avoid this forum but for obvious reasons I made an exception, I wish daedalus and alex luck patching up the hole, until next time dejavu finds a new route.

REN is planning on buying a 0aug server shortly, possibly partly auged. So we hope to aquire a working patch.

[Krieg]

partly augged , their are enough good augged servers , [3] and stezorz one are enough

[synthetic]

I said "possibly" and "partly" shadow =), as far as we've discussed it it will be 0-auged.

[Spiderbot01]

I assume your Sig is an ironic joke...

[Krieg]

he loves ironie

[monkee]

o_O

[Spiderbot01]

It would be useful if we had a paying gamespy person, might pay a bit more attention to them..

[Imperial]

Tried to contact Gamespy, in the end, it lead me to support, but not for contacting them about masterserver issues, or anything to that extent. It says that the game supplier is responsible for their masterserver however, as they are the ones who provide the information. Unfortunately, it is very hard to contact Eidos Interactive, with no contact information left on thier site. I also doubht they would care.

However, if anyone knows the contact for gamespy it would be much apreciated.

Thanks.

[Dae]

Just a small hint: Ion Storm doesn't exist.

[Imperial]

Got confused, meant eidos.

[DarkKnight]

Well, my server appears to be running quite well... at least for the last 7 hours.

<3 iptables

[Imperial]

I take it that there is no more probs then. Or did you al just download Dae's Mutator?

[Dae]

I haven't made it yet. Stuck somewhere

[Imperial]

o.o

Well then he must have ended his atack on 0aug servers, won't be the last of it though I doubht.

[DarkKnight]

o.o

Well then he must have ended his atack on 0aug servers, won't be the last of it though I doubht.

Even if Deja does attack my server, it will get him nowhere.

[Spiderbot01]

o.o

Well then he must have ended his atack on 0aug servers, won't be the last of it though I doubht.

Even if Deja does attack my server, it will get him nowhere.

You can't outsmart an aussie...

[DarkKnight]

o.o

Well then he must have ended his atack on 0aug servers, won't be the last of it though I doubht.

Even if Deja does attack my server, it will get him nowhere.

You can't outsmart an aussie...

Or iptables, for that matter.
(His entire IP pool is blocked at the kernel level, the packet never reaches my server. )

[MainMan]

(His entire IP pool is blocked at the kernel level, the packet never reaches my server. )

That's phat. Is it possible to do that on a windows-hosted server?

[DarkKnight]

(His entire IP pool is blocked at the kernel level, the packet never reaches my server. )

That's phat. Is it possible to do that on a windows-hosted server?

Not without a 3rd party app, I belive.

Just checked, your best (and most effective) way for a Windows based server is a software firewall, Windows has no inbuilt functions that would suffice. =/

For Linux hosters;

Code: Select all

iptables -A INPUT -s 193.95.228.0/24 -j DROP

Run as root, or with sudo. It silently drops all packets from that IP.
(All distro's should have iptables, and you could add a port if you didn't want to ban him totally..)

[clyzm]

No wonder all the latest 24/7 game servers are run on Linux.

[MainMan]

(His entire IP pool is blocked at the kernel level, the packet never reaches my server. )

That's phat. Is it possible to do that on a windows-hosted server?

Not without a 3rd party app, I belive.

Just checked, your best (and most effective) way for a Windows based server is a software firewall, Windows has no inbuilt functions that would suffice. =/

For Linux hosters;

Code: Select all

iptables -A INPUT -s 193.95.228.0/24 -j DROP

Run as root, or with sudo. It silently drops all packets from that IP.
(All distro's should have iptables, and you could add a port if you didn't want to ban him totally..)

What about a hardware router firewall?

[kBo]

(His entire IP pool is blocked at the kernel level, the packet never reaches my server. )

That's phat. Is it possible to do that on a windows-hosted server?

Not without a 3rd party app, I belive.

Just checked, your best (and most effective) way for a Windows based server is a software firewall, Windows has no inbuilt functions that would suffice. =/

For Linux hosters;

Code: Select all

iptables -A INPUT -s 193.95.228.0/24 -j DROP

Run as root, or with sudo. It silently drops all packets from that IP.
(All distro's should have iptables, and you could add a port if you didn't want to ban him totally..)

WinPCap does the trick:
http://winpcap.mirror.ethereal.com/301a ... _tut5.html

If you want to patch the game, I recommend setting up a server on your PC, attaching to it with OllyDBG or IDA and setting breakpoints on malloc() calls. You might be able to learn something that way.

[DarkKnight]

What about a hardware router firewall?

Goes without saying, if you can block ip's with your router, do it.

WinPCap does the trick:
http://winpcap.mirror.ethereal.com/301a ... _tut5.html

If you want to patch the game, I recommend setting up a server on your PC, attaching to it with OllyDBG or IDA and setting breakpoints on malloc() calls. You might be able to learn something that way

The bug is quite well explained.

All it would need for a fix is a few extra tests/conversions before it actually calls malloc(), the trick being, how do you apply it?
(That question is more broad then the simple actions.)

[MainMan]

Goes without saying, if you can block ip's with your router, do it.

Yup I can

What's the IP I need to block?

[Allan]

193.95.228.0, me thinks, based on the command for the Linux way of protecting it.
*checks if my router can block IP's...*

[rob]

http://dejavu.youaremighty.com/

sound m8

m8

[DarkKnight]

193.95.228.0, me thinks, based on the command for the Linux way of protecting it.
*checks if my router can block IP's...*

The command blocks 193.95.228.0 - 193.95.228.255

Edit: Also, make sure you check your logs before you restart your server, if he starts using zombies, or other people start using it, you can just repeat, repeat, repeat.