Re: DoS Attack through MUD...

From: Lyam ConDoin / Muerioch (Lyam_ConDoin@hotmail.com)
Date: 10/17/02

Next message: Jason Pullara: "Re: DoS Attack through MUD..."
Previous message: Torgny Bjers: "Re: [CODE] Patch 22 broke Easy Color"
Maybe in reply to: Vladimir Nano: "DoS Attack through MUD..."
Next in thread: Jason Pullara: "Re: DoS Attack through MUD..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hallo.
> Somebody (XXX from X.X.X.X) tried attack (through my MUD)server,
> which runs my mud.
> He(she) opens 300 connections (only 300, because I had max_players = 300)
> to Mud port.
> Attack failed, but he(she) reached max_players limit
> and 'normal' players could not play.
>
> Here is my solution and I want to know, what do You think
> about it:
> (running bpl19 on Linux)
>
> 1. only 50 players together
>  in config.c changed max_players = 50
>  (on my mud max 10 players play together)

Why? In the next few lines, you say that you want to limit multiple logins
from one ip...

>
>
> 2. only 5 players from one site (one IP address)
>
>  in comm.c: in new_descriptor():
>
>   /* determine if the site is banned */
>   if (isbanned(newd->host) == BAN_ALL) {
>     CLOSE_SOCKET(desc);
>     sprintf(buf2, "Connection attempt denied from [%s]", newd->host);
>     mudlog(buf2, CMP, LVL_GOD, TRUE);
>     free(newd);
>     return (0);
>   }
>
>   +/* ADDED, (PROXIES - SORRY) */
>   +if (check_players_per_site(newd->host)) {
>   +  CLOSE_SOCKET(desc);
>   +  sprintf(buf2, "Too many players from [%s]", newd->host);
>   +  mudlog(buf2, CMP, LVL_GOD, TRUE);
>   +  free(newd);
>   +  return (0);
>   +}
>

I believe there is a multi-limit snippet on the site... It works great
I have it in my mud too.

> and (for example) in ban.c
>
> +/* ADDED */
> +extern int max_plrs_per_site; /*from config.c, = 5 */
> +
> +int check_players_per_site(char *hostname)
> +{
> +  struct descriptor_data *d;
> +  int num = 0;
> +
> +  for (d = descriptor_list; d; d = d->next) {
> +    if (d->host && *d->host) {
> +      if (strstr(hostname, d->host)) {
> +        num++;
> +        if (num >= max_plrs_per_site) return 1;
> +      }
> +    }
> +  }
> +
> +  return 0;
> +}
>
>
> 3. kick out players from menu (after 1 hour)

Nice idea, but what if someone like me (a student) goes off to school,
leaves his
connection on. The MUD crashes, and he has a client with auto-login. The
char
will be stuck in the menu untill he actually returns from school (6 hours
later).

--
   +---------------------------------------------------------------+
   | FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
   | Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
   | Newbie List:  http://groups.yahoo.com/group/circle-newbies/   |
   +---------------------------------------------------------------+

Next message: Jason Pullara: "Re: DoS Attack through MUD..."
Previous message: Torgny Bjers: "Re: [CODE] Patch 22 broke Easy Color"
Maybe in reply to: Vladimir Nano: "DoS Attack through MUD..."
Next in thread: Jason Pullara: "Re: DoS Attack through MUD..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : 06/25/03 PDT