Re: hack ref boots

Jason Williams (streak@ccwf.cc.utexas.edu)
Thu, 12 Feb 1998 02:17:47 -0600 (CST)


On Wed, 11 Feb 1998 frank@agetech.net wrote:
> how about going directly to the
> ip and BYPASSing the ref ?
>
> what does the kill client packet look like ?
>
> Frustated minds wanna know.....

No..as far as I know, that doesn't do anything...Kill Client packets have
to go from a client TO the reflector..then the reflector disconnects that
client...It's not going from their IP to your IP to disconnect you.
Without the reflector, it can never happen.

It's also come to my attention (Thanks to Chris Silverberg), that only the
Enhanced Reflectors and MPCS reflectors fix this problem. The majority of
the reflectors out there are WP 2.1 reflectors and unfortunately, seem to
be affected by this bug.

I doubt a patch will EVER come out due to White Pine's stance (in the
client anyway), to only support the latest software. In this case, MPCS
is the only reflector solution White Pine is pushing (even though I've
heard that White Pine's MPCS may NEVER support all the platforms that the
2.1 reflector does).

>From what I gather from the list, you can't even BUY the 2.1 reflector
anymore...It's unfortunate that White Pine doesn't follow some of the
Software Engineering principles (supporting the software they produce
rather than always promising a new version "sometime within the next
year" for a handful of the platforms they previously supported). I guess
they are counting on the NT server market to continuously improve over the
next year or two (or until the 4.0 Reflector comes out). It may improve,
but from what I've seen, NT servers lack the robustness of any correctly
configured Unix server.

I'd love to have a patch to the 2.1 reflector that fixes the bugs in it
(like the requirement to always have a public conference defined...or the
way it handles client data and boots people with an Invalid-ID message if
the reflector is full...or this KillClient bug).

Well..enough rambling...If you are intent on finding out who's doing it,
you'd probably need to know the reflector operator well enough to convince
him/her to run extensive logs. It's pretty easy to spot when it happens.
I assume the KillClient packet is like the Aux-Data packet (for private
chat anyway) in that the client must be connected to the reflector AND
send those KillClient packets to the reflector. The simple solution would
be to deny the person you caught doing that.

As far as what the KillClient packet looks like, good question...I just
know the basics :) (and no, my main intent here wasn't to go against
White Pine..just to offer a voice since I just found out the WP 2.X
servers are affected with this problem)

--
streak@ccwf.cc.utexas.edu    * Jason Williams -- Austin, Tx.  |     |
streak@mail.utexas.edu       * University of Texas at Austin  | ___ |
streak@cs.utexas.edu         * BS Computer Science             \_|_/
*************** http://ccwf.cc.utexas.edu/~streak/ **************|