1.8.8 Blocking NullPing or Packet attacks

Discussion in 'Spigot Plugin Development' started by Neoncam, Jun 29, 2021.

  1. So umm hi spigot community ^^

    Could someone please help me?
    I never worked with a thing like this:
    Code (Text):

    this.asmr_exploits.put("abd", (out, host, port) -> {
    PacketUtils.writePacket(PacketUtils.createHandshakePacket(host, port, 47), out);
    for (var9 = 0; var9 < 260; ++var9) {
    I'm just wondering how to block it, can someone please help?
  2. I have never seen a thing like this in my entire life.
    Looks cool tho, but where is it from and what is it for?
  3. it's the thing to crash servers :/ I wanna make something that will block it from reaching server
  4. Well I noticed that the protocol version from that packet is from the version 1.8 ~ 1.8.9 which was released 6 to 7 years ago.
    I don't believe that script is causing servers to crash nowadays. In fact, I think modern servers will still even process that information and return a response without any trouble.

  5. well, this can actually crash spigot servers, I'm working on a custom AntiBot system and I wanna patch this, I can block almost any bot attack but the problem is with the NullPing ... it can take down the server with ease. so that's why I'm askin' for help.
  6. Looking at this video now, I am convinced that this could be a potential threat to servers.
    This exploit is a bit older which makes me consinder the fact that this could be patched now.
    But if not, I think your best shot is intercepting the channel pipeline at the beginning and checking for packets with no payload.
    Hoping this problem is not caused by Netty itself, if so, then you can hardly do anything.
    Don't ask me how since I have never faced anything like this before.
    #6 DanielTheDev, Jun 29, 2021
    Last edited: Jun 29, 2021
    • Agree Agree x 1
  7. if you're running a vServer or RootServer you could iptable it.
  8. "IPtabling" a single IP is useless. The attacker can just update proxies? lol