New crash exploit part IV (17.04.2016)
Posted: Sun Apr 17, 2016 1:07 pm
Hi everyone,
since easter 2016 we face a new troll using an exploit crashing servers.
Each time on maps with SDKFZ222 or subs the troll joins server,
prepares console for crash command [xxx.con]
and starts playing till he gets "kicked/banned" or even liberately executes the command.
Result: Server has encountered a problem and must be ended [Popup Msg in Windows Server over remote desktop, so there s NO "couldn t connect to server console" etc. message]
He changes IP over Socks5 Proxy each time he joins.
He changes KEYHASH each time he joins.
This is going on now for over a month.
Therefore we prepared wireshark and logged gameport 14567 upd
Server Settings: Windows Server 2012 / latest BF1942 Server.exe from Tuia [1.612 /128 slots]
Yesterday we could record the troll crashing the server and we hope this Wireshark logs can help to create a server fix to prevent trolls from crashing the remaining battlefiled servers for fun.
KarolPopiolek 95.211.101.232 2d115a5e168a98c87bfc18963470abb4 [unknown]
IP is server in the Netherlands:
http://anti-hacker-alliance.com/index.p ... 11.101.232
Wireshark Recording Troll crashing server:
http://85.214.226.169/patches/hacker16042016.rar
rar file contains:
Wireshark protocoll [complete server communication], so you might need latest
Wireshark: https://www.wireshark.org/download.html
Troll informations:
KarolPopiolek 95.211.101.232 2d115a5e168a98c87bfc18963470abb4 [unknown]
and Wireshark Filter Protocoll [troll -server communication]
Hope you can help us to find a server fix, because ppl stop playing over time when this continues.
Best regards
Grabbi
PS: Only solution we have atm is to set Server under Password, and just give it to those we know well for years.
since easter 2016 we face a new troll using an exploit crashing servers.
Each time on maps with SDKFZ222 or subs the troll joins server,
prepares console for crash command [xxx.con]
and starts playing till he gets "kicked/banned" or even liberately executes the command.
Result: Server has encountered a problem and must be ended [Popup Msg in Windows Server over remote desktop, so there s NO "couldn t connect to server console" etc. message]
He changes IP over Socks5 Proxy each time he joins.
He changes KEYHASH each time he joins.
This is going on now for over a month.
Therefore we prepared wireshark and logged gameport 14567 upd
Server Settings: Windows Server 2012 / latest BF1942 Server.exe from Tuia [1.612 /128 slots]
Yesterday we could record the troll crashing the server and we hope this Wireshark logs can help to create a server fix to prevent trolls from crashing the remaining battlefiled servers for fun.
KarolPopiolek 95.211.101.232 2d115a5e168a98c87bfc18963470abb4 [unknown]
IP is server in the Netherlands:
http://anti-hacker-alliance.com/index.p ... 11.101.232
Wireshark Recording Troll crashing server:
http://85.214.226.169/patches/hacker16042016.rar
rar file contains:
Wireshark protocoll [complete server communication], so you might need latest
Wireshark: https://www.wireshark.org/download.html
Troll informations:
KarolPopiolek 95.211.101.232 2d115a5e168a98c87bfc18963470abb4 [unknown]
and Wireshark Filter Protocoll [troll -server communication]
Hope you can help us to find a server fix, because ppl stop playing over time when this continues.
Best regards
Grabbi
PS: Only solution we have atm is to set Server under Password, and just give it to those we know well for years.