Re: hack ref boots
Wed, 11 Feb 1998 18:45:57 -0500

how about going directly to the
ip and BYPASSing the ref ?

what does the kill client packet look like ?

Frustated minds wanna know.....

thanks in advance.,

At 04:52 PM 2/11/98 -0600, Jason Williams wrote:
>On Wed, 11 Feb 1998 wrote:
>> so how many times does one get booted
>> off only to find that it is NOT the refs
>> booting u off ?
>Which refs is this? I assume you are positive there aren't reflector
>operators or monitors kicking you off for some reason.
>> How about some ANTI-boot hack to prevent
>> IP spoofing ?
>> anyone got a way to block the IP hit ?
>> Can I filter my IP traffic to stop those
>> commands goin to the cuseeme client to close?
>I'm no expert..perhaps Bill Godette can answer better than me on this
>topic. But from what I remember, the older reflectors have a bug in them
>that allow people to send packets to the reflector to kill other clients.
>It doesn't have anything to do with YOUR IP...It has to do with someone
>else creating a kill client packet with your IP in the address field.
>I know Brian Godette's Enhanced Reflector fixes this..not sure about the
>status of other reflectors (does MPCS fix this? does the WP 2.1 ref fix
>An excerpt from Brian Godette's page
> * Client-To-Client close bouncing. This "fix" will send back to the
> sending client any close message that is sent as a
> client-to-client packet. This is in response to a program that was
> written that utilizes an oversight in the client that allows any
> client with this program to cause other clients to disconnect from
> the reflector. As this type of packet will never be generated by
> the client itself, I simply have the reflector send the packet
> back to the client that sent it, thereby causing that client to
> disconnect.
>As far as tracking who's doing it, the reflector logs can come in quite
>handy :)
> * Jason Williams -- Austin, Tx. | |
> * University of Texas at Austin | ___ |
> * BS Computer Science \_|_/
>*************** **************|