nwnx_anti crash plugin?

[Baaleos]

Hi Zebby, or Virusman -
I was chatting to Funky on nwn forums, and they mentioned a plugin that they have which protects against a vulnerability in nwn server, which allows douchbags (Funkys own words. Lol) to crash servers through use of Corrupted Characters.

http://nwn.bioware.com/forums/viewtopic.html?topic=715224&forum=56&sp=15

Apparently the only person who has the source code for the plugin is Acaos - But I was wondering if any of you nwnx guru's would be willing to port Acaos's plugin to Windows - if he was willing to share his code with you.


I kinda got onto the subject of this crashing exploit, when over the holidays, I had a hacker on my server, who was able to bring it down, 5 times in the space of 20 minutes.

Banning is not effective, as also discussed on the forums, as CDKEY's are able to be grinded to find one which works, Account Names can be made indefinitly, and ip addresses are crap - cause they change.

Ideally, I'd like to protect against the crash exploit.
Im sure everyone would like to be protected too.

I'd imagine that a condition of Acaos sharing the source code(if he agree's), is that it doesnt get added to any svn etc, as it would probably increase vulnerability of other servers etc, if anyone could view the protection mechanism.

[Zebranky]

I'll PM acaos about it.
_________________
Win32 SVN builds: http://www.mercuric.net/nwn/nwnx/

<Fluffy-Kooshy> NWNx plugin is to this as nuclear warheads are to getting rid of fire ants.

<ThriWork> whenever I hear nwn extender, I think what does NWN need a penis extender for?

[Baaleos]

Thx Zeb,
Your a star. Would nominate you for a community award or something, if one existed. Lol
(Hopes that they dont exist.. else I might look silly)

[dacarlo]

I propose setting up a beer fund for this guys.

[Vladiat0r]

I believe our antiworld.biz server is having a very similar problem where a malicious player is crashing the server constantly, but I can't figure out how. Please PM me if you can help. Thanks.

[addicted2rpg]

Any more news on this issue? The last comment in the bioware thread states that Zeb was given the code.

I think there are a lot of community developers and general interest in this topic (self included) to enlist many willing collaborators, but it also sounds like something in the fix implies further instability & exploitability as to warrant suppression of the code. If that is so, thank you for your discretion in this matter.

[Fireboar]

It's more that this is an extremely rarely known exploit, and since there isn't a fix yet for Windows servers, releasing the Linux fix would be counterproductive because the source code would enlighten the reader as to the precise nature of the exploit and how to carry it out, making Windows servers much more vulnerable.