The online racing simulator
Maybo also a flaw in Airio indeed.
Quote from Denny12 :Scawen said that Eric is working.. Why do we still have ugly textures? For that time he is working, we will have tons of new content, or at least, improved the default ones.... Try to play default LFS.. After 2 hours, your eyes will be bleeding..

Its not designed to start a flamewar
. Its a feedback. It's my opinion as a customer, as a fan of LFS.

You already did it, plz stop there, if you dont like how lfs is now is simple go to rfactor2 or iracing or other sim race and leave us alone.

you are wasting scawens times with your childish post.
NEWS:


1. crashed [AA] Blackwood FBM, everyone lost connection with OOS-CONNS error.

2. joins host (replay attached)
Attached files
BL1_race_4L_4R_0F_8.mpr - 114.4 KB - 366 views
Quote from Hector_UA :is he join servers only with airio?

No.

Quote from Hector_UA :maybe he get an admins rights through it?

So no.

I think I know what he does because the improved logging of 6E let me think in that direction. But I refuse to spend XX hours in this useless crap, researching what the actual security problem is. I don't really see the point of this new wave of exposures to be honest. Other then being annoying. I can be annoying but this is really annoying

At least I told with the WR Blackwood thing what I was doing. Can't be that hard is it? What is the goal of this now? I don't get it. Every self respectable terrorism organization at least can say what their goal is.
.
Quote from DANIEL-CRO :NEWS:


1. crashed [AA] Blackwood FBM, everyone lost connection with OOS-CONNS error.

2. joins host (replay attached)

WTF?? Was he became a Ghost? (1:58.19)
if this is being done for fun then surely he would actively be laughing at you here,which currently is not the case - so maybe some different motive, i was led to believe that in most cases a suspect of most acts of crime are actually closer or more known than you would believe so always look closer to home or in this case closer at everyone who is active in discusions and then derive which seems capable of finding flaws in lfs like that,maybe someone looking for bugs to report and stumbled across this one which they dont wont to give away without earning some big respect so under a guise build up hype first

just giving my half a braincells worth of thought,

take it easy and goodnight
Oh and notice that he has speed AND clutch hacks.
What do you mean?

No clutch heating up? Yeah, you have a point.
Quote from Sobis :Oh and notice that he has speed AND clutch hacks.

Are you have a work speedhack?
Quote from Sobis :What? I said his clutch doesn't heat up.

hmm... but his a max speed is 218 kmh, and on other a drivers is 214 kmh.
Scawen, maybe game have checking account validating before connection? and he change his username to "empty" after that checking ?
Quote from [Audi TT] :hmm... but his a max speed is 218 kmh, and on other a drivers is 214 kmh.

That's because of the speed hacks and his gearbox settings. On Haker2.mpr he spins and after he starts accelerating again all the clutch heat vanishes
Quote from [Audi TT] :WTF?? Was he became a Ghost? (1:58.19)

He is doing that like every few seconds. Maybe its some kind of host spectating (I don't mean like host is spectating him, but he make it like this from his conection).
Has anyone seen Skywalker at any hosts other than the [AA] ones?

I'm asking because this unauthorised entry looks quite impossible as I look through the code. Here and there, I'm reading the code and saying, "it must have been through that line, or he wouldn't be connected, but it can't have been through here, because that other line would have removed him, or this message would be in the log".

In short, there are enough checks on user name validity that it just seems quite impossible that this could happen. It looks like manipulation of the memory occupied by the LFS host. I am trying to examine packets to see if there are any buffers that could be overrun, though I think that every packet's size is checked and every string is checked for null termination. I just can't see how LFS could be allowing a hacker in.

I found flaws in the 0.6B version but they are fixed. I'm seriously doubting myself because I've been wrong about security issues before. But maybe the problem could be outside of LFS this time and I suppose that is worth considering.
If it turns out not to be a local hack on the [AA] servers, I am guessing that packet capture would help...
And, since the capture file could get rather large (!), perhaps you (Scawen) could advise on what filtering could best be used to catch potentially incriminating packets but still keep the capture size under control.

I guess at least some server admins have adequate access to try this, and could thus potentially run a rolling set of captures in the background until he shows himself...
I know I don't have much experience with this type of stuff, but it almost seems like he is splitting his data between different outputs. Almost like one packet from one IP and the next from another. Can his mac address be tracked down and blocked?

Just adding some feedback, love the active interest in open communication. Can't wait for the VWS and I'm pretty sure you should hire Lynce lol.
Quote from Blade3562 :Almost like one packet from one IP and the next from another. Can his mac address be tracked down and blocked?

I would have thought that LFS used the IP address as the primary way to identify which user a packet is from (and thus would not be able to accept packets for that user from another IP). But am guessing here.

MAC address blocking: 'fraid not - firstly it's trivial to forge a new MAC address; secondly MAC addresses don't get transmitted across the internet...
Impressive amount of JOOS - CAR on demo (cargame.nl S0).

Is that normal? 9 out of 10 connections are JOOS - CAR right now. Weird.

edit: It probably is.. The regulars dont have this.
Mmmm, does that imply that a bunch of folk are trying out a (fixed) cheat?
Hmm no I think it are vob mods or something. Not sure though, not very experienced with that stuff. Fixed cheat is also possible but that would lead to CPW I think. Hmm... I'm just surprised there are that many... I normally are never around on demo servers.
Quote from DANIEL-CRO :He is doing that like every few seconds. Maybe its some kind of host spectating (I don't mean like host is spectating him, but he make it like this from his conection).

from www.airattack.co.uk forum
Quote from delta s4 :
so i went to lfs remote and spectated him every time he joined the race, he got so mad that he started changing his nick into no nick at all, but when i typed "!spec anakin skywalker" on lfs remote he could still get spectated dispite having no nick and no username.

explanation for his disapearing?
Quote from cargame.nl :Hmm no I think it are vob mods or something. Not sure though, not very experienced with that stuff. Fixed cheat is also possible but that would lead to CPW I think. Hmm... I'm just surprised there are that many... I normally are never around on demo servers.

What happen to your grammar?
Eehh beer
Didnt know if you could track it down somehow I just remember using Mac addresses to set up static internal ip address at the house a while back

New Version : 0.6E
(618 posts, started )
FGED GREDG RDFGDR GSFDG