Re: hack ref boots

Jason Williams (streak@ccwf.cc.utexas.edu)
Wed, 11 Feb 1998 16:52:08 -0600 (CST)


On Wed, 11 Feb 1998 frank@agetech.net wrote:
> so how many times does one get booted
> off only to find that it is NOT the refs
> booting u off ?

Which refs is this? I assume you are positive there aren't reflector
operators or monitors kicking you off for some reason.

> How about some ANTI-boot hack to prevent
> IP spoofing ?
>
> anyone got a way to block the IP hit ?
>
> Can I filter my IP traffic to stop those
> commands goin to the cuseeme client to close?

I'm no expert..perhaps Bill Godette can answer better than me on this
topic. But from what I remember, the older reflectors have a bug in them
that allow people to send packets to the reflector to kill other clients.
It doesn't have anything to do with YOUR IP...It has to do with someone
else creating a kill client packet with your IP in the address field.

I know Brian Godette's Enhanced Reflector fixes this..not sure about the
status of other reflectors (does MPCS fix this? does the WP 2.1 ref fix
it?)

An excerpt from Brian Godette's page
(http://www.dimensional.com/~bgodette):
* Client-To-Client close bouncing. This "fix" will send back to the
sending client any close message that is sent as a
client-to-client packet. This is in response to a program that was
written that utilizes an oversight in the client that allows any
client with this program to cause other clients to disconnect from
the reflector. As this type of packet will never be generated by
the client itself, I simply have the reflector send the packet
back to the client that sent it, thereby causing that client to
disconnect.

As far as tracking who's doing it, the reflector logs can come in quite
handy :)

--
streak@ccwf.cc.utexas.edu    * Jason Williams -- Austin, Tx.  |     |
streak@mail.utexas.edu       * University of Texas at Austin  | ___ |
streak@cs.utexas.edu         * BS Computer Science             \_|_/
*************** http://ccwf.cc.utexas.edu/~streak/ **************|