Open BlackDemonZyT opened 4 years ago
anything that backs up your claim?
A website called MCSpam has this attack method, its called BungeeSmasher, i own an AntiBot plugin, the top rated in SpigotMC, we tried to block this type of attacks but we can't, as the BungeeCord itself its handling the packets, but lagging and crashing. We cannot directly revoke those packets thru a plugin.
@Janmm14 its exception issue, perhaps you should address in #2719
tbh i thought the netty bug fix would increase exception performance enough
tbh i thought the netty bug fix would increase exception performance enough
Same.
@BlackDemonZyT can you cofirm that using latest build of bungeecord?
(latest 1.15 build is enough for testing)
tbh i thought the netty bug fix would increase exception performance enough
Same.
@BlackDemonZyT can you cofirm that using latest build of bungeecord?
Yes i was
I'm not a security expert but i think thats because the BungeeCord didn't expect that HTTP packet. If you launch like 200-300 of them per second to the bungeecord, it simply lags hard and then crashes, but your machine doesn't even notice it.
BungeeCord does not expect any non-minecraft protocol packet, you can send any kind of trash data, it does not matter at all.
tbh i thought the netty bug fix would increase exception performance enough
It did, but nobody said that it will fix BungeeCord issues.
tbh i thought the netty bug fix would increase exception performance enough
It did, but nobody said that it will fix BungeeCord issues.
So if exception performance would be high enough, such packets which cause bungee to throw exceptions shouldn't cause lags. But this issue claims it still does.
tbh i thought the netty bug fix would increase exception performance enough
It did, but nobody said that it will fix BungeeCord issues.
So if exception performance would be high enough, such packets which cause bungee to throw exceptions shouldn't cause lags. But this issue claims it still does.
Test it with fix in Netty and without.
Basically, a new BungeeCord attack has been found on Premium and No-Premium servers. This attack can let down EVERY BungeeCord that it finds out. Basically, this happens because BungeeCord receives a non-expected packet, but, if it receives a lot of that packets, it will be took down, doesn't matter if you are with OVH, or with the best antiddos company, as your machine won't even notice it, but your bungee will just be not accesible, and, a machine with low-specs can throw this type of attacks to any BungeeCord.
The attack basically consists on typing "serverip:25565" on a browser, if you type that in your browswer you will see that the BungeeCord gives the following exception: https://i.imgur.com/uRRlxHl.png I'm not a security expert but i think thats because the BungeeCord didn't expect that HTTP packet. If you launch like 200-300 of them per second to the bungeecord, it simply lags hard and then crashes, but your machine doesn't even notice it.