Spoofing attacks possiblity?

NOTE: this is an informal bug post place ONLY. Real bugs should be posted on GitHub
Post Reply
User avatar
Zehra
Private First Class
Private First Class
Posts: 914
Joined: Sun Oct 18, 2015 3:36 pm
Location: Within the BZFS API and Beyond it
Contact:

Spoofing attacks possiblity?

Post by Zehra »

There could be a slight vulnerability, in which commands and actions could be spoofed.
As the client-server architecture gives a lot of power to the client in BZFlag.
It is to my understanding, the client sends actions (such as jump) to the server which then sends them to other clients(so they would interpret whether a tank has jumped or not, for example).
This technically allows one to send spoofed commands or actions to the server, for example making someone else's tank jump in a bad situation.
Last edited by Zehra on Mon Dec 21, 2015 8:25 pm, edited 2 times in total.
Those who are critical of me, I'll likely be the same of them. ~Zehra
The decisions we make are the ones we look forward too and the ones we regret. ~Zehra
There's a difference between knowing my name and knowing me, one shows respect to my name and the other is to who I am. ~Zehra

See where I've last been active at Strayers.
Visit BZList.net for a modern HTML5 server stats site.

Click here to view the 101 Leaderboard & Score Summaries Last updated 2021-01-12 (YYYY-MM-DD)
Latest 101 thread
User avatar
macsforme
General
General
Posts: 2069
Joined: Wed Mar 01, 2006 5:43 am

Re: Spoofing attacks possiblity?

Post by macsforme »

Please analyze the source code or conduct local tests to validate your ideas before you speculate whether a specific attack is possible. The server has numerous checks to validate data it receives from clients before accepting and relaying it. Furthermore, we generally do not allow discussions about specific ways of attacking bzfs servers here, nor any kind of cheating or attempts to compromise the game.
User avatar
Zehra
Private First Class
Private First Class
Posts: 914
Joined: Sun Oct 18, 2015 3:36 pm
Location: Within the BZFS API and Beyond it
Contact:

Re: Spoofing attacks possiblity?

Post by Zehra »

Sorry my bad.
Last edited by Zehra on Wed Jan 04, 2017 3:38 am, edited 1 time in total.
Those who are critical of me, I'll likely be the same of them. ~Zehra
The decisions we make are the ones we look forward too and the ones we regret. ~Zehra
There's a difference between knowing my name and knowing me, one shows respect to my name and the other is to who I am. ~Zehra

See where I've last been active at Strayers.
Visit BZList.net for a modern HTML5 server stats site.

Click here to view the 101 Leaderboard & Score Summaries Last updated 2021-01-12 (YYYY-MM-DD)
Latest 101 thread
User avatar
blast
General
General
Posts: 4931
Joined: Fri Mar 21, 2003 3:49 pm
Location: playing.cxx
Contact:

Re: Spoofing attacks possiblity?

Post by blast »

In some ways, the server is little more than a relay. It's far better than it used to be, but still is far from perfect. Ideally the server would actually have a complete game state (meaning, it would know where tanks are, where shots are, how physics are going to behave, etc) so that it could make intelligent decisions and determine if a client is sending bogus updates.
"In addition to knowing the secrets of the Universe, I can assure you that I am also quite potty trained." -Koenma (Yu Yu Hakusho)

Image
Post Reply