Luigi Auriemma

Hey,

We are still having the unexplained ping attack problems.

I wanted to try the proof of concept for the fake players bug to make sure I had installed the fix correctly.

I downloaded the unrealfp.zip file from your link, I have tried running the unrealfp.exe file and all I get is a flash of a dos window which instantly dissapears. Can you tell me how I use this program to test the fix is properly in place?

Also is it possible to use this program to send server commands such as removing bans or altering maplists? Something we seem to experience alongside the ping rises.

Thanks

it's a command-line tool: http://aluigi.org/about.htm#howuse
unrealfp.exe 127.0.0.1 10480

Wow...it really is as easy as that....

I got the message 'player or ip limit'...and there were no raised pings so i presume that means we are protected.

I see there are a lot of commands possible with this tool and I struggle to understand them.

If you were a hacker wanting to raise pings and cause a problem and this method did not work. Can I ask what would be your next idea in order to raise pings? This tool seems to have such a variety of functions the thought crosses my mind that with some minor adjustments it could send other commands of some description to our server to raise pings and/or remove bans? Perhaps merely using one of the many command line functions I fail to understand. Is this true and possible, speculatively speaking I mean? I would like to experiment with the command functions and see if I can achieve this.

In your email you also mentioned the 'RPC bunch overflows'. Can you educate me as to what exactly these are? And also speculate as to what could be causing them?

Thanks

yeah unrealfp is really incredible for testing the games based on the Unreal engine through all its options for customizing the packets.
for example there is the -s option which floods the server with a custom type of packet, for example -s "JOINSPLIT" 1 1000 allows to fill the servers which support such commands using only one player's connection.

the problem that I told you also in the mail is that "raising pings" means just nothing, because it's necessary to know the exact cause of this raising (cpu at 100%? network bandwidth saturated? a senseless bug in the game/gameplay? or what?).

I don't know what are those "RPC bunch overflows", maybe check if they appear in your logs only when you see the problem or also in normal conditions.

Yes I can see that it is an incredibly powerful tool for affecting unreal engine servers.

Well at the moment I am making an note of the times it occurs and I am going to ask our hoster to see if anything particular has gone on at those times. I understand that all pings going 999 could be down to a number of things, I was just looking for speculation really.

Since we don't have a dedicated server and our hoster runs numerous other game servers from that location presumably it can't be a problem with their cpu being at 100% seeing as I assume this would affect the other game servers being run from this location and those people would have complained. I'm presuming whatever it is, it must be concentrated on our server only as otherwise it would present itself as a major issue to our hosters. Which it doesn't seem to be.

I did try and google RPC bunch overflows. Apparently it is supposed to mean there were 'more replicated function calls than replicateable in a single tick'. Apparently this is genrally related to a mod. Presumably our 'Gez' admin mod for the server. Seeing as we have had some odd changes recently, randomly appearing on the server, such as our maplist suddenly changing slightly (one map suddenly appeared twice in the list, another was randomly removed) or not so random events such as certain bans dissapearing with some degree of regularity. I'm thinking that this hacker has found some way to send admin commands remotely through our admin mod as these changes all fit admin commands of some sort. The maplist changes seem extremely random and so to me seem like they are most likely not instigated on purpose. Or perhaps a failed attempt at something.

Now what I am about to say might be a load of nonsense, you will have to excuse me if it is as my grasp of the concepts involved is extremely vague at best.

However, is it possible to use this -s command to send a custom packet to the server that instigates a command for our servers admin mod? such as removeban or a mod command that could be repeated to cause a rise in ping? One time a little while back I remember during one of the hackers onslaughts the server became very strange, players would spawn in areas with opposing players for instance and in one instance a certain player was logged in as a SA/SuperAdmin and was completely unaware of how this occured. So could this hack be rather a hack of some vulnerability in our admin mod somehow?

no, the -s command is for low level stuff.
if there is a bug in that Gez mod it could be exploited in-game using the swat4 client.

now if you have had these "strange" problem with the admin-related commands would be logical to try to remove this mod and check if the problems persist.

Hi,

We had an attack today and I was looking through the log and finding the usual repeated lines...

DevNet: RPC bunch overflowed calling Function Engine.PlayerController.ClientSetViewTarget
DevNet: RPC bunch overflowed calling Function Engine.PlayerController.ClientMessage

These two lines are repeated hundreds of times when we have a sustained attack.

However today I also noticed another two different lines in the middle of it....

DevNet: RPC bunch overflowed calling Function SwatGame.SwatGamePlayerController.ClientDestroyPawnsForRespawn
DevNet: RPC bunch overflowed calling Function SwatGame.SwatGamePlayerController.ClientDestroyPawnsForRespawn

Occasionally when we are attacked, the spawn points for either side become messed up, so a player can spawn in the opposing teams spawn with that team as they spawn. I'm presuming that the lines above directly relate to that hack.

What I wanted to ask is that since our admin mod has no such commands, could this attack be at the two crucial ini files for a server, specifically the swat4dedicatedserver.ini file?

We are as you suggested asking our hoster to monitor any activity during these times. I was just curious as to whether you might have any thoughts on these different lines? If you don't no worries, just thought I may aswell ask.

Thanks

HAHAHA same situation but im the bad guy on swat 4 the stetchkov syndicate because the admins are so immature and i can't play for 1 match and so i use the great udpsz tool of luigggiiiiiiiiii!!!

only because the online of swat 4 classic dos'nt work with don't so much legal game disc hehe.
i have play swat 4 1 in the paste when i have the legit game after i have gift to my friend and now i play on swat 4 tts :D.