reconnect from a ban with same IP how?

[Blue_Pr!nt]

Dec 11 03:34:45 [188.220.239.21] client BluePr!nt|BC| called a vote: ban player Teh54, reason: GTFO
Dec 11 03:34:45 [88.163.251.84] disconnecting client Teh54 (vote-banned from the server) cn 2, 28 seconds played, score saved
Dec 11 03:34:50 [88.163.251.84] client connected
Dec 11 03:34:50 [88.163.251.84] disconnecting client Teh54 (connection refused - you have been banned from this server) cn 2, 0 seconds played
Dec 11 03:34:52 [] >1$U<kaBOOM gibbed Miyagui
Dec 11 03:34:54 [] client connected
Dec 11 03:34:54 [] Ashley logged in (default), AC: 1104|840
Dec 11 03:34:55 [] +sCr3W+ParK0uR says: 'Go get 'em boys!'
Dec 11 03:34:58 [] +sCr3W+ParK0uR says: 'We did it!'
Dec 11 03:34:59 [] disconnected client Miyagui cn 4, 188 seconds played, score saved
Dec 11 03:35:00 [] ITCHI-BATI-SAN gibbed >1$U<kaBOOM
Dec 11 03:35:02 [] >1$U<kaBOOM says: 'ns'
Dec 11 03:35:03 [] +sCr3W+ParK0uR says: 'We did it!'
Dec 11 03:35:05 [88.163.251.84] client connected
Dec 11 03:35:05 [88.163.251.84] Teh54 logged in (default), AC: 1103|840
Dec 11 03:35:12 [88.163.251.84] Teh54 says: '?????????'
Dec 11 03:35:12 [] +sCr3W+ParK0uR gibbed >1$U<kaBOOM
Dec 11 03:35:18 [] >1$U<kaBOOM says: 'how he come backl'
Dec 11 03:35:22 [] +sCr3W+ says: 'hackkkk'

Teh54 used the same IP yet, was able to reconnect in less then a minute. he done this various times..
how is this possible with no IP change?

[samsattF]

Weird, maybe it's an exploit.

[Mael]

Whatever he did it only took him 15 seconds. I'd guess it's a simple exploit that just hasn't been found.

[Ronald_Reagan]

I took a noticing to his AC version which was 1103, was he using a different one before that?
* Ronald_Reagan starts shooting in the dark

[ärkefiende]

which server? what is the setting of "-kB"?

[tempest]

"If you don't know what it does, better set it to 0"?

[Blue_Pr!nt]

the "-kB" although wrong was not the issue. (note arke, bans on others did remain, i have a "abnormal client behaviour" and my ban needed the admin pass after 5 minutes)

so there is still some exploit used. does no one know him? [Teh54] he has some skill, thats the worse part of it

[V-Man]

I think Ronald_Reagan is on to something, but can't confirm it.

So I tried a different approach. After running some tests on a local server, I believe the exploit is based on changes made to local DNS -- changing the local IP address without changing the external IP address. Something as simple as switching to another computer may allow this, though I believe some additional tweaking is required.
My experiment, truncated for clarity:

[SELECT ALL] Code:

logging local AssaultCube server (version 1104, protocol 1132/104) now..
[127.1.1.0] client connected
[127.1.1.0] unarmed logged in (default), AC: 1104|840
[127.1.1.0] client connected
[127.1.1.0] DES|V-Man logged in (default), AC: 1104|840
[127.1.1.0] player DES|V-Man used admin password in line 9
[127.1.1.0] set role of player DES|V-Man to admin
[127.1.1.0] client DES|V-Man called a vote: ban player unarmed, reason: noob
[127.1.1.0] disconnecting client unarmed (vote-banned from the server) cn 0, 49 seconds played, score saved
[127.1.1.0] client connected
[127.1.1.0] disconnecting client unarmed (connection refused - you have been banned from this server) cn 0, 0 seconds played
[127.0.0.1] client connected
[127.0.0.1] unarmed logged in (default), AC: 1104|840
[127.0.0.1] unarmed says: ':D'

Although... I can't imagine why an external IP address would be discriminated by the server in this way. "88.163.251.84" looks like any other "88.163.251.84" to the server. I can't imagine how this would be done in a public server.

[Blue_Pr!nt]

locally i can see the sense in that. was the server on your machine? (maybe a stupid Q from IP's)
if the server was remote i would be interested in that local change being allowed/making a difference remotely. which i doubt but nice try V-man

[V-Man]

As I said, I can't figure out how to apply this principle on an external IP basis. :/ But I think it's a clue!

[tempest]

I'm pretty sure this is an error somewhere in AC's code. I don't think it's related to networking in any way, but you could tip eihrul about it.

[Thrawn]

Is it possible that this isn't as complicated as a hack? Maybe he just got ahold of the server/admin pass? I mean, if you have the pass, you can log in even if your're banned, right?

[JGAN]

nope it would log "player connected using admin pass in line x"

[Blue_Pr!nt]

nope it would log "player connected using admin pass in line x"

exactly, also its my server so i know who has pass

[JGAN]

can i haz pass? ;D

[#M|A#Wolf]

can i haz pass? ;D

Make an app for the BC Servershare ;) (beyondcompare.org)

[ExodusS]

On some server hosters (like Roxserver i think) you can give one or some IP's (or range i think) who will can be ban but who the server will auto-deban without specific message.
It's often do for server's owner.

So maybe , the banned had the same IP (or range) than the owner.

________________________________________________________________

I often saw TeH54 insulting some random players.
But he insults in french language , i really hate this.
I should have some screens if i search a little.

[OpenSource]

I often saw TeH54 insulting some random players.
But he insults in french language , i really hate this.
I should have some screens if i search a little.

88.163.251.84 // 12-21-2010 Teh54 - TKer
------------
His banned from my server.

[ExodusS]

Ok , happy to learn that :)

[Jomattix]

I often saw TeH54 insulting some random players.
But he insults in french language , i really hate this.
I should have some screens if i search a little.

88.163.251.84 // 12-21-2010 Teh54 - TKer
------------
His banned from my server.

ahhh yes I know this fool, was blacklisted in Exodus 1.0.4 for using many cheats and utter rudeness to others...

[fox_ares]

Is it possible that this isn't as complicated as a hack? Maybe he just got ahold of the server/admin pass? I mean, if you have the pass, you can log in even if your're banned, right?

no its not a hack, some servers has passwords that can let you in, for example: |FOX| Clan Server has a pass were you can come back after a ban, the pass is "happy". Some other servers have them to, you just gotta figure it out and be nerdy! =D

[titiPT]

Is it possible that this isn't as complicated as a hack? Maybe he just got ahold of the server/admin pass? I mean, if you have the pass, you can log in even if your're banned, right?

no its not a hack, some servers has passwords that can let you in, for example: |FOX| Clan Server has a pass were you can come back after a ban, the pass is "happy". Some other servers have them to, you just gotta figure it out and be nerdy! =D

D: D: D: D: D: :D D: D: D: D: D:
Then basically anyone can hack on your servers, be banned, and get back?

[eftertanke]

As said above: "nope it would log 'player connected using admin pass in line x'"

[IBiteBack]

I hear this can be bone by re-installing assault cube. I don't think there is any way to keep this from happening.

---

Dec 11 03:34:45 [188.220.239.21] client BluePr!nt|BC| called a vote: ban player Teh54, reason: GTFO
Dec 11 03:34:45 [88.163.251.84] disconnecting client Teh54 (vote-banned from the server) cn 2, 28 seconds played, score saved
Dec 11 03:34:50 [88.163.251.84] client connected
Dec 11 03:34:50 [88.163.251.84] disconnecting client Teh54 (connection refused - you have been banned from this server) cn 2, 0 seconds played
Dec 11 03:34:52 [] >1$U<kaBOOM gibbed Miyagui
Dec 11 03:34:54 [] client connected
Dec 11 03:34:54 [] Ashley logged in (default), AC: 1104|840
Dec 11 03:34:55 [] +sCr3W+ParK0uR says: 'Go get 'em boys!'
Dec 11 03:34:58 [] +sCr3W+ParK0uR says: 'We did it!'
Dec 11 03:34:59 [] disconnected client Miyagui cn 4, 188 seconds played, score saved
Dec 11 03:35:00 [] ITCHI-BATI-SAN gibbed >1$U<kaBOOM
Dec 11 03:35:02 [] >1$U<kaBOOM says: 'ns'
Dec 11 03:35:03 [] +sCr3W+ParK0uR says: 'We did it!'
Dec 11 03:35:05 [88.163.251.84] client connected
Dec 11 03:35:05 [88.163.251.84] Teh54 logged in (default), AC: 1103|840
Dec 11 03:35:12 [88.163.251.84] Teh54 says: '?????????'
Dec 11 03:35:12 [] +sCr3W+ParK0uR gibbed >1$U<kaBOOM
Dec 11 03:35:18 [] >1$U<kaBOOM says: 'how he come backl'
Dec 11 03:35:22 [] +sCr3W+ says: 'hackkkk'

Teh54 used the same IP yet, was able to reconnect in less then a minute. he done this various times..
how is this possible with no IP change?

[V-Man]

Do you suppose he reinstalled AC in 15 seconds?

[tempest]

Plus, that wouldn't help either.

[IBiteBack]

I don't know.

[Darkbee]

If the "hack" is simply to use another instance of AC then the portable version for Windows at PortableApps.com would be a perfect solution. You can "install" that as many times as you'd like to different folders. It's self-contained so it looks like a completely new instance from a programatic stand-point.

If you'd setup several instances beforehand you wouldn't even need 15 seconds, just launch a new instance and you're good to go. If that is the case then this is a serious flaw in AC, because you'd still be using the same IP address (as seen above). If this was done on purpose I can only assume it would be to allow for the possibility of a legitimate user being re-issued that same IP at some future point. It's pretty odd though and I can't imagine it's as simple as that.

[tempest]

A questions to the devs: can valid_client() be spoofed?

[Luc@s]

I don't think. Need confirmation ?