Spoofing attacks possiblity?

NOTE: this is an informal bug post place ONLY. Real bugs should be posted on GitHub
Post Reply
User avatar
Zehra
Private First Class
Private First Class
Posts: 277
Joined: Sun Oct 18, 2015 3:36 pm
Location: Arctic
Contact:

Spoofing attacks possiblity?

Post by Zehra » Mon Dec 21, 2015 5:33 pm

There could be a slight vulnerability, in which commands and actions could be spoofed.
As the client-server architecture gives a lot of power to the client in BZFlag.
It is to my understanding, the client sends actions (such as jump) to the server which then sends them to other clients(so they would interpret whether a tank has jumped or not, for example).
This technically allows one to send spoofed commands or actions to the server, for example making someone else's tank jump in a bad situation.
Last edited by Zehra on Mon Dec 21, 2015 8:25 pm, edited 2 times in total.
There's this game I love and it's called Ducati. ~Zehra
Those who are critical of me, I'll likely be the same of them. ~Zehra
There's always something to remember and it's been a game I love. ~Zehra
The time spent is a time which can never be regained, so it's a time to enjoy. ~Zehra
The decisions we make are the ones we look forward too and the ones we regret. ~Zehra
The details and the skill of knowing and applying them is what excellence is made of. ~Zehra
The best player is the one who knows what to do and when and applies it successfully. ~Zehra
There's a difference between knowing my name and knowing me, one shows respect to my name and the other is to who I am. ~Zehra
My blog is available at zehrahblog.wordpress.com.

User avatar
macsforme
General
General
Posts: 1948
Joined: Wed Mar 01, 2006 5:43 am

Re: Spoofing attacks possiblity?

Post by macsforme » Mon Dec 21, 2015 7:20 pm

Please analyze the source code or conduct local tests to validate your ideas before you speculate whether a specific attack is possible. The server has numerous checks to validate data it receives from clients before accepting and relaying it. Furthermore, we generally do not allow discussions about specific ways of attacking bzfs servers here, nor any kind of cheating or attempts to compromise the game.

User avatar
Zehra
Private First Class
Private First Class
Posts: 277
Joined: Sun Oct 18, 2015 3:36 pm
Location: Arctic
Contact:

Re: Spoofing attacks possiblity?

Post by Zehra » Mon Dec 21, 2015 8:04 pm

Sorry my bad.
Last edited by Zehra on Wed Jan 04, 2017 3:38 am, edited 1 time in total.
There's this game I love and it's called Ducati. ~Zehra
Those who are critical of me, I'll likely be the same of them. ~Zehra
There's always something to remember and it's been a game I love. ~Zehra
The time spent is a time which can never be regained, so it's a time to enjoy. ~Zehra
The decisions we make are the ones we look forward too and the ones we regret. ~Zehra
The details and the skill of knowing and applying them is what excellence is made of. ~Zehra
The best player is the one who knows what to do and when and applies it successfully. ~Zehra
There's a difference between knowing my name and knowing me, one shows respect to my name and the other is to who I am. ~Zehra
My blog is available at zehrahblog.wordpress.com.

User avatar
blast
General
General
Posts: 4596
Joined: Fri Mar 21, 2003 3:49 pm
Location: playing.cxx
Contact:

Re: Spoofing attacks possiblity?

Post by blast » Mon Dec 21, 2015 11:03 pm

In some ways, the server is little more than a relay. It's far better than it used to be, but still is far from perfect. Ideally the server would actually have a complete game state (meaning, it would know where tanks are, where shots are, how physics are going to behave, etc) so that it could make intelligent decisions and determine if a client is sending bogus updates.
"In addition to knowing the secrets of the Universe, I can assure you that I am also quite potty trained." -Koenma (Yu Yu Hakusho)

Image

Post Reply

Who is online

Users browsing this forum: No registered users and 6 guests