Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed server freezing vulnerabiity in multiple packets #245

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Gewinum
Copy link
Contributor

@Gewinum Gewinum commented Jul 3, 2024

There is even plugin called AntiBadPackets about it, but I think some of these vulns are better to be handled here

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
@dries-c
Copy link
Member

dries-c commented Jul 3, 2024

The issue is that these are arbitrary values. Ideally, Mojang themselves would put maximum values on these.

@Gewinum
Copy link
Contributor Author

Gewinum commented Jul 3, 2024

The issue is that these are arbitrary values. Ideally, Mojang themselves would put maximum values on these.

what do you suggest then? i'm often seeing servers affected by attack

@Gewinum
Copy link
Contributor Author

Gewinum commented Jul 3, 2024

The issue is that these are arbitrary values. Ideally, Mojang themselves would put maximum values on these.

what if we just increase all of them to 500 or 1000?

@ShockedPlot7560
Copy link
Member

In the absence of a maximum value defined by mojang, we can't set a maximum value ourselves.

@Gewinum
Copy link
Contributor Author

Gewinum commented Jul 3, 2024

In the absence of a maximum value defined by mojang, we can't set a maximum value ourselves.

maybe you can attempt to discuss that with them? i'm basically freezing server simply by sending million entries in textpacket

@SOF3
Copy link
Member

SOF3 commented Jul 3, 2024

In the future, please send vulnerability patches to us privately via [email protected] instead of a public pull request.

@dktapps
Copy link
Member

dktapps commented Jul 14, 2024

maybe you can attempt to discuss that with them?

imagine thinking that'd work

@Gewinum
Copy link
Contributor Author

Gewinum commented Jul 14, 2024

maybe you can attempt to discuss that with them?

imagine thinking that'd work

whole purpose of mojang is to "improve security" and that would be really bad of them to refuse to fix vulnerability that affects BDS

@dktapps
Copy link
Member

dktapps commented Jul 15, 2024

maybe you can attempt to discuss that with them?

imagine thinking that'd work

whole purpose of mojang is to "improve security" and that would be really bad of them to refuse to fix vulnerability that affects BDS

they've known about it for years already

@Zwuiix-cmd
Copy link

My suggestion is to set the value high enough so that there can be no problems, but low enough to avoid this kind of attack, and I would like to point out that you have forgotten a huge number of packets @Gewinum

@Gewinum
Copy link
Contributor Author

Gewinum commented Aug 14, 2024

My suggestion is to set the value high enough so that there can be no problems, but low enough to avoid this kind of attack, and I would like to point out that you have forgotten a huge number of packets @Gewinum

no point in going on with the PR, they say mojang has no limit so pm wont have too. the best choice is to limit via proxy. as for other packets, i wanted to check if i could fix annoying textpacket vulnerability first, cause its the most op

@NebulaCodesX

This comment was marked as spam.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

7 participants