search

ndo360 / codelinkv2

Automatically exported from code.google.com/p/codelinkv2
0 stars 0 forks source link

Index-based bounce chains cause unexpected results in agent satnet #561

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Version: 2.0.9.8s
User: PartyFlava

Summary:
Proxy bounce chains are based on server index. The new agents satnet that only 
displays online users does not have a consistent mapping of index -> user. 
Therefore if a proxy route to a given user is saved, when the list changes, 
different gateways end up being connected to in the proxy chain (the gateways 
that are now at the index where the intended gateway used to be). Also this 
means that the bounce chain fails if the original intended index is past the 
end of the current agent server list.

Comment:
I believe momo stated in chat that in the future agent bounce routes could not 
be saved. This is a workaround although not necessarily an ideal one, but it 
does the job.

This bug can currently be exploited to essentially allow a user to proxy 
through random agent gateways during PvP. However, this exploit is not 
particularly problematic at this time due to relative lack of PvP.

Original issue reported on code.google.com by jason.ci...@gmail.com on 27 Sep 2013 at 11:04

GoogleCodeExporter commented 8 years ago 
Related to this: When you *do* proxy through an agent, log entries appearing in 
gateways that you have accessed frequently show a usr# different than the one 
you proxied through, presumably because log entry labels are stored as 
references to an index in the server list. This was first noticed by Pikramus 
evening of 9/29.

Original comment by jason.ci...@gmail.com on 30 Sep 2013 at 10:47

GoogleCodeExporter commented 8 years ago 
Confirming that the log entry issue mentioned in comment #1 still exists as of 
10/2 00:51, after recent changes to stabilize agents satnet. Unless underlying 
log system is modified to reference server names instead of list indexes, or 
indexes are somehow made constant for various users, this problem will persist. 
Case in point: After attacking a target through a proxy, target noted that his 
logs showed him being attacked by *himself* (coincidentally when he relogged 
his index was that of the attacking proxy). After relogging again, the 
addresses displayed in the logs changed again.

Original comment by jason.ci...@gmail.com on 2 Oct 2013 at 4:54

GoogleCodeExporter commented 8 years ago

Original comment by codelin...@gmail.com on 6 Oct 2013 at 3:27