Before I begin this review, I must send out my most sincere apologies to a lovely lady named Sarah. I'm so terribly sorry I DDoS'd the crap out of your server in the process of testing this patch. I'm even more sorry that I happened to do it during a ranked ladder TFFA match that I was completely unaware of at the time.
Can you ever forgive me? :(
On to the review!
This patch supposedly prevents various types of attacks on JKA servers. The attacks in question are Denial Of Service, buffer overflow, "fake players". As a bonus, the patch also corrects the inherent terrible-ness of JKA's built-in logging system with various enhancements to server logs.
Sounds good, doesn't it? Well, I'm going to keep this short, because otherwise I might end up circumventing FileFront's Acceptable Use Policy, and being fired and possibly sued is never a good thing.
Let me just say that I found one inherent flaw with this. It only tends to work against these attacks when they are generated by the various utilities scattered around the internet.
When using such a utility (which the author kindly - albeit unintentionally - provided me with for testing purposes), the patch worked like a dream on blocking Denial Of Service attacks. It was only semi-successful with the fake players - I managed to flood JA+, Lugormod and Makermod servers to the point of them having hardware crashes, yet JAE was tight as a button. (I didn't try ClanMod, so if anyone would like to test it for me and post the results in the comments, it would be appreciated - just let your server provider know that you're going to attempt a flood attack first so that they don't cut your service!)
(I've never had a buffer overflow error in my life, and wouldn't know how to replicate it even if I tried, since baseJKA automatically caps off command strings at a reasonable limit below the crash-point level.)
However, when not using a utility - i.e. carrying out manual attacks - there was really no change in the effects between when this patch was installed and when it wasn't. I still managed to thrash the servers* the same way I could even if the patch hadn't been installed, but I believe that's probably because unlike a program, humans are dynamic - we don't follow a pre-set subroutine and therefore we're less predictable, and thus the patch can't really block us because it doesn't know what to expect, therefore since it doesn't know what to expect it doesn't know how to react.
So, as a general rule, against someone who really knows what they're doing, the effects of this security fix will be limited. However, since that kind of "hacker" is generally working at security software companies earning a six-figure salary rather than sitting at home crashing game servers, all you have to worry about are the little Matrix-era haxor kiddies who make up stories about "hackin' mainframes and shizzle" when they tell their friends about how they downloaded an Eminem MP3 - and against that kind of person, this patch will do a very nice job of securing your server.
Server owners, this patch may just do you a few favours, so it's a very useful add-on to have in your defensive arsenal.
Oh, and as a side note, if any of you are one of the haxor kiddies I described above, then please do society a favour, and take the blue pill. >_>
* I would just like to add as a postscript, that I would never do such a thing for any reasons other than purely scientific or technological ones.
*********************************** Jedi Knight: Jedi Academy *********************************** TITLE : BaseJKA Security Fix VERSION : 1.0d AUTHOR : Gamall E-MAIL : [email protected] WEBSITE : http://gamall-ida.com FILENAME Windows : basejka_Gamalls_fix_10d.pk3 FILENAME Linux : jampgamei386.so FILESIZE : < 2 Mo DATE RELEASED : April 2007 INSTALLATION INSTRUCTIONS: =-=-=-=-=-=-=-=-=-=-=-=-=- Just put the relevant file in your server's base folder. DESCRIPTION: =-=-=-=-=-=- This patch (technically it is a mod) corrects the three Denial of Service vulnerabilities I am aware of affecting basejka, and makes the logs more useful to an experienced admin, without attempting to alter the gameplay or admin etc in any way. Some random fixes were also added, but they are hardly worth mentionning. IMPORTANT: My patch only affects the component "jampgame". In order to completely protect a server, you must also use patched "jampded". Here is one link to ready to use jampdeds : http://jediknight2.filefront.com/file/UNOFFICIAL_Patch_for_JA_101_Dedicated_Servers;41652 SUMMARY OF THE CHANGES: =-=-=-=-=-=-=-=-=-=-=-= -> Client disconnect buffer overflow: fixed trap_SendServerCommand(). -------------------------------------------------------------------- The possibility to cause a DoS disconnecting all clients by sending overlong strings to the server has been fixed. Incorrect commands are just ignored. -> Ingame buffer overflow (say/tell): fixed Cmd_Say_f() and Cmd_Tell_f(). ------------------------------------------------- The possibility to crash the server by using say or tell to pass overlong strings to the server has been removed. Incorrect calls are truncated to a decent length (150). -> Fake Players Attack: heavily secured, customisable ClientConnect(). ---------------------------------------------------------------------- The possibility to lag and even crash the server by sending a great number of fake connection requests using a third party program such as q3fill has been removed. See below for more information. -> Improvement of the log file/server messages. ----------------------------------------------- > Each time a client connects, the complete userinfo string is logged, even is the connection is denied. This includes the IP, port, qport, name of the client and much more. > If the connection is denied, a message explaining why is displayed by the server, and relevant information is written down in the log file. Since those messages could be used to spam the screen in case of a fake players attack, and in the case you just don't want to know about that, you can deactivate the public messages : just set those cvars to 0 (default = 1): ga_showBadPassClient | 0 or 1 : display a message when a client connects with a bad password. ga_showBannedClient | 0 or 1 : display a message when a banned client connects. > The "Infostring length exceeded" console error message has been made a tad more explicit. I noticed a bug which would cause it to be sent each frame. It is hard to debug if you don't know what caused it ;) > Each time a user changes name, it is written down in the log file. > When a client disconnects, their name is logged. > Each time a client says/tells something, their client number is logged along with their name. -> Random unimportant fixes/improvements. ----------------------------------------- > The annoying timelimit when changing name has been dulled down from five seconds to 0.7 second. > The ^0 (black) colour now works properly. If you don't want to see black in names, you can deactivate this by seting the following cvar to 0: ga_allowBlackInNames | 0 or 1 (default = 1) > When a player's name is incorrect, it is set to "Padawan" in basejka, which is annoying, since you end up with many "Padawan"s. You can now decide what it will be, and if you so choose, you can add the player's client number to their name by typing "%i" in the name. ga_defaultName | (default = "^4P^7adawan ^5(^7%i^5)") For instance, with the default setting, the client 9 will be renamed to "Padawan (9)". Note that I put many spaces between the name and number: normal players can't use more than three spaces in a row, so nobody will be able to imitate the default name with the number of someone else, and trick you in kicking that other player instead of them... If you don't like that, you can just change it back to "Padawan". PROTECTION AGAINST THE FAKE PLAYERS : =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= There are three different protections against the q3fill attack : When a client connects, three protection layers activate : -> Clever Fake Detection ------------------------ The connection string is checked for a value specific to JKA players, of which the bots are devoid by default. If no such value is found, then the connection is denied, and the IP can be automatically added to the banlist. This aspect is controlled by the following cvars : ga_cleverFakeDetection | default = "model" ga_cleverfakeAutoBan | default = "1" This first protection alone will get rid of 99.99 % of all attacks. If the attacker knows what he is doing, he can easily fool that by altering the attack. Most script-kiddies do not have that kind of know-how though. You can deactivate this feature by setting ga_cleverFakeDetection "none". -> Hard-Coded Fake Detection ---------------------------- Check for a value specific to bots, that does not appear in legitimate players. This is a viewpoint completely opposed to the first layer, but works exactly the same way. ga_hardFakeDetection | default = "cl_guid" ga_hardFakeAutoBan | default = "1" To fool this layer is tricky, as the target value is hard-coded into q3fill. The attacker would need to alter q3fill's source code in an appropriate way without breaking anything and recompile it... definitely not something your average dumb server crasher can do :D You can deactivate this feature by setting ga_hardFakeDetection "none". -> Connect Flood Detection -------------------------- If the two first layers fail (or are deactivated), then there is no way to tell a genuine player and a bot apart. So we must detect them by the speed at which they connect from the same IP. ga_sameIpNumber | default = "5" ga_sameIpTime | default = "30" ga_sameIpAutoBan | default = "1" ga_sameIpAutoKick | default = "1" With the default settings, the connection of more than 5 players from the same ip in less than 30 seconds will be deemed a fake players attack. As usual, the connection will be denied, and the IP can be banned, depending on the admin's choice. The bots that got in can also been kicked automatically. Setting ga_sameIpNumber to 0 will deactivate this third layer. NOTE: Be very careful when playing with ga_hardFakeDetection and ga_cleverFakeDetection. Putting incorrect values there may prevent ANY player from entering the game, or in the best case scenario render the protection useless. The default values are good. Don't alter them unless you know what you are doing. TECHNICALITIES: =-=-=-=-=-=-=-= This patch has been compiled with the following compilers: On Windows: ----------- Visual C++ 2005 (8); It is the same compiler Raven Software used to compile the original jampgame (albeit they used version 7), and the very same compilation parameters. So there is NO reason at all that the damages/blocks should be altered in any way. On Linux: --------- GCC 2.96 on a Red Hat Linux release 7.2 (Enigma); GCC is a very good compiler, but Raven used ICC, which is a commercial product I don't have. So the damages might in theory be slightly altered, although I personally can't tell the difference. This would come from the way each compiler handles the computation of float variables. SOURCE CODE: =-=-=-=-=-=- The most important parts of the code are available in source_extracts.rtf. Note that many little fixes have been left out, and that the code may not be up to date. Feel free to reuse part of that code in your mods ; just give me some credit in your readme and I'll be happy :P CREDITS: =-=-=-=- Kudos to Trimbo for his linux-ready version of the vanillia SDK. Warm regards to Luigi Auriemma for his work on JKA and the q3 engine. THIS MODIFICATION IS NOT MADE, DISTRIBUTED, OR SUPPORTED BY ACTIVISION, RAVEN, OR LUCASARTS ENTERTAINMENT COMPANY LLC. ELEMENTS TM & © LUCASARTS ENTERTAINMENT COMPANY LLC AND/OR ITS LICENSORS.
There are no comments yet. Be the first!