Maybo also a flaw in Airio indeed.
You already did it, plz stop there, if you dont like how lfs is now is simple go to rfactor2 or iracing or other sim race and leave us alone.
you are wasting scawens times with your childish post.
NEWS:
1. crashed [AA] Blackwood FBM, everyone lost connection with OOS-CONNS error.
2. joins host (replay attached)
1. crashed [AA] Blackwood FBM, everyone lost connection with OOS-CONNS error.
2. joins host (replay attached)
No.
So no.
I think I know what he does because the improved logging of 6E let me think in that direction. But I refuse to spend XX hours in this useless crap, researching what the actual security problem is. I don't really see the point of this new wave of exposures to be honest. Other then being annoying. I can be annoying but this is really annoying
At least I told with the WR Blackwood thing what I was doing. Can't be that hard is it? What is the goal of this now? I don't get it. Every self respectable terrorism organization at least can say what their goal is.
.
WTF?? Was he became a Ghost? (1:58.19)
if this is being done for fun then surely he would actively be laughing at you here,which currently is not the case - so maybe some different motive, i was led to believe that in most cases a suspect of most acts of crime are actually closer or more known than you would believe so always look closer to home or in this case closer at everyone who is active in discusions and then derive which seems capable of finding flaws in lfs like that,maybe someone looking for bugs to report and stumbled across this one which they dont wont to give away without earning some big respect so under a guise build up hype first
just giving my half a braincells worth of thought,
take it easy and goodnight
just giving my half a braincells worth of thought,
take it easy and goodnight
Oh and notice that he has speed AND clutch hacks.
What do you mean?
No clutch heating up? Yeah, you have a point.
No clutch heating up? Yeah, you have a point.
Are you have a work speedhack?
What? I said his clutch doesn't heat up.
hmm... but his a max speed is 218 kmh, and on other a drivers is 214 kmh.
Scawen, maybe game have checking account validating before connection? and he change his username to "empty" after that checking ?
That's because of the speed hacks and his gearbox settings. On Haker2.mpr he spins and after he starts accelerating again all the clutch heat vanishes
He is doing that like every few seconds. Maybe its some kind of host spectating (I don't mean like host is spectating him, but he make it like this from his conection).
Has anyone seen Skywalker at any hosts other than the [AA] ones?
I'm asking because this unauthorised entry looks quite impossible as I look through the code. Here and there, I'm reading the code and saying, "it must have been through that line, or he wouldn't be connected, but it can't have been through here, because that other line would have removed him, or this message would be in the log".
In short, there are enough checks on user name validity that it just seems quite impossible that this could happen. It looks like manipulation of the memory occupied by the LFS host. I am trying to examine packets to see if there are any buffers that could be overrun, though I think that every packet's size is checked and every string is checked for null termination. I just can't see how LFS could be allowing a hacker in.
I found flaws in the 0.6B version but they are fixed. I'm seriously doubting myself because I've been wrong about security issues before. But maybe the problem could be outside of LFS this time and I suppose that is worth considering.
I'm asking because this unauthorised entry looks quite impossible as I look through the code. Here and there, I'm reading the code and saying, "it must have been through that line, or he wouldn't be connected, but it can't have been through here, because that other line would have removed him, or this message would be in the log".
In short, there are enough checks on user name validity that it just seems quite impossible that this could happen. It looks like manipulation of the memory occupied by the LFS host. I am trying to examine packets to see if there are any buffers that could be overrun, though I think that every packet's size is checked and every string is checked for null termination. I just can't see how LFS could be allowing a hacker in.
I found flaws in the 0.6B version but they are fixed. I'm seriously doubting myself because I've been wrong about security issues before. But maybe the problem could be outside of LFS this time and I suppose that is worth considering.
If it turns out not to be a local hack on the [AA] servers, I am guessing that packet capture would help...
And, since the capture file could get rather large (!), perhaps you (Scawen) could advise on what filtering could best be used to catch potentially incriminating packets but still keep the capture size under control.
I guess at least some server admins have adequate access to try this, and could thus potentially run a rolling set of captures in the background until he shows himself...
And, since the capture file could get rather large (!), perhaps you (Scawen) could advise on what filtering could best be used to catch potentially incriminating packets but still keep the capture size under control.
I guess at least some server admins have adequate access to try this, and could thus potentially run a rolling set of captures in the background until he shows himself...
I know I don't have much experience with this type of stuff, but it almost seems like he is splitting his data between different outputs. Almost like one packet from one IP and the next from another. Can his mac address be tracked down and blocked?
Just adding some feedback, love the active interest in open communication. Can't wait for the VWS and I'm pretty sure you should hire Lynce lol.
Just adding some feedback, love the active interest in open communication. Can't wait for the VWS and I'm pretty sure you should hire Lynce lol.
I would have thought that LFS used the IP address as the primary way to identify which user a packet is from (and thus would not be able to accept packets for that user from another IP). But am guessing here.
MAC address blocking: 'fraid not - firstly it's trivial to forge a new MAC address; secondly MAC addresses don't get transmitted across the internet...
Impressive amount of JOOS - CAR on demo (cargame.nl S0).
Is that normal? 9 out of 10 connections are JOOS - CAR right now. Weird.
edit: It probably is.. The regulars dont have this.
Is that normal? 9 out of 10 connections are JOOS - CAR right now. Weird.
edit: It probably is.. The regulars dont have this.
Mmmm, does that imply that a bunch of folk are trying out a (fixed) cheat?
Hmm no I think it are vob mods or something. Not sure though, not very experienced with that stuff. Fixed cheat is also possible but that would lead to CPW I think. Hmm... I'm just surprised there are that many... I normally are never around on demo servers.
What happen to your grammar?
Eehh beer 
Didnt know if you could track it down somehow I just remember using Mac addresses to set up static internal ip address at the house a while back
New Version : 0.6E
(618 posts, started )
FGED GREDG RDFGDR GSFDG