Join packets and IP spoofing

Discussion in 'Spigot Plugin Development' started by Hex_27, Jul 17, 2018.

  1. Just a question, regarding the above bot that works for cracked servers... why does that happen?
    Shouldn't the machine fully know where the packet comes from? Why is it possible to alter the IP sent in the packet?

    Assuming this doesn't work from a botnet, because that's rather overkill to take down a minecraft server, and it'd be possible to just take down the machine instead.
  2. That bot uses multiple proxy address contained in a text file I know cause I used that back then to test another server security with the owners permission of course.

    Additional: a decent server cannot be taken down by this bot. it just fills your player slot preventing new legit players from joining your server

    some of its features was chat spamming lol
  3. What about clients like IP Spoofers that let you set your ip to silly sources like
  4. dont know much about the spoofers but does not matter as most of the ip used today is dynamic
  5. shouldn’t be possible though. It feels like it’s a packet that has an inherent IP value modified
  6. electronicboy

    IRC Staff

    You can't "ip spoof" in TCP if you wish to maintain a connection
    being able to set stupid IP addresses is more than likely going to be down to software misconfiguration on the servers side, many of the plugins used to try to protect bungeecord instances are also actually flawed in how they handle checking
  7. But the packets received by bungee cord seem to be processed before anything makes a check. Doesn’t that mean bungee is the one that’s being exploited?
  8. electronicboy

    IRC Staff

    The network address that bungee sees is from the netty socket, I really see no way that that could be changed outside of the proxy protocol (or plugins doing weird stuff), which to my knowledge should be disabled by default...
  9. Odd. If anyone wants to try it for themselves, I tried a client called CheatMine (Dymeth Client 2.0). Though it's mostly for curiosity's sake. I don't really have anything to do with this information (unless the problem is something that's patchable within my limits).