Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 14:43

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 
Author Message
 Post subject: Possible Exploit Potential?
PostPosted: 27 Nov 2008 15:43 

Joined: 12 Nov 2008 01:13
Posts: 6
Well i noticed that when trying to send packets to ventrilo, you get automatically banned for 30 minutes, unless the server is manually restarted, i thought that there may be some way to exploit it? would it be possible to spoof your IP to that of someone who is currently on the server, send a junk packet and they would get banned? Just an idea ^^


Top
 Profile  
 
 
 Post subject: Re: Possible Exploit Potential?
PostPosted: 27 Nov 2008 17:09 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
if with "packets" you mean UDP packets with random or specific content remains the problem that you don't know the IP address of the other clients and so it's not a security treat.
While if with packets you mean the data in a TCP connection to the server, you can't spoof it.


Top
 Profile  
 
 Post subject: Re: Possible Exploit Potential?
PostPosted: 27 Nov 2008 18:52 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
3 things, first you have no idea what you talk about :)
2nd, as Luigi said, you don't know other clients IPs
3rd, you CAN'T just change your ip to whatever you want (dont look too many movies), you can use a proxy, but you can't make connection from my IP, while im using it. it maybe possible to somehow fool ISP, so it would give you other person's ip (using mac change or their user:pass ..etc), but then you would have to be connected to same ISP's network (using same lines that go to that ISP). for example i have DSL and it uses user:pass auth. so if somebody else would connect to my ISP using my user:pass, then yes it would give that person same connection (but ofcourse it have to be in same country) but it wouldn't give same ip, because my ISP has dynamic ips (just like 99% of ISPs)


Top
 Profile  
 
 Post subject: Re: Possible Exploit Potential?
PostPosted: 27 Nov 2008 19:21 

Joined: 12 Nov 2008 01:13
Posts: 6
I meant TCP, and Sethioz, you say i have no idea what i'm talking about - when i haven't even made a statement. I asked a question and also, i can pretty much guarantee i have around 10x the amount of programming knowledge you have. So don't flame me, i'm just asking a question.


Top
 Profile  
 
 Post subject: Re: Possible Exploit Potential?
PostPosted: 28 Nov 2008 19:43 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
yes sure and im president of usa :) im not blaming, i just pointed out the facts.
anyways what amount that would be ? what scale you use to measure it ?

fact is that it is totally ridiculous to get somebody's IP. or you mean that you send a packet to server that tells server to ban somebody else ?
and other FACT is what Luigi pointed out already, you don't know IP of the other clients, which should be very clear and logical.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: