Valhalla Legends Archive

Quote from: Warrior on November 29, 2004, 09:38 AM
Well it is possible to spoof your ping by timing your response to 0x25 but I dont think the Timer Control is accurate to the nearest 1 millisecond so your best bet would be to use SetTimer / KillTimer API Calls

High Performance timer used in multimedia applications would work better I hear.. never bothered though. You can try if you want.

1. The variables fileDB, lngRead, and DBdata pointless in your sample code

2. You can't pass a string variable directly to an API. You are suppose to use ByVal.

3. In your sample code you aren't even using the OVERLAPPED structure. You should just pass a NULL. Use of OVERLAPPED structure for Writing to a file is like APPEND in VB. Use of a NULL is like OUTPUT.

Quote from: Tuberload on July 28, 2004, 01:35 PM

Quote from: o.OV on July 27, 2004, 10:35 PMI don't see how using Random access would help..

Have you tested it? I did a test when I started helping Trust[e1] create his bots database and it was significantly faster than using Binary.

Did you load the database into memory or did you read a block at a time?

Quote from: Tuberload on July 27, 2004, 03:26 PM
If you are really trying to be speed conscious, bypassing loops is not your solution. The solution would be to either use Random access to the file, or bypass VB and look into some disk IO API's. ReadFile, CreateFile, CloseHandle, SetFilePointer, might be something worth looking into.

I don't see how using Random access would help..
and I forgot all about APIs.
I already took a look at the ReadFile declaration and it looks promising.
Thanks.

Currently I load a single file into a byte array using the code below.


Open "Data1.txt" For Binary Access Read As #69
   ReDim DataBase(LOF(69) - 1)
   Get #69, , DataBase()
Close #69


Now my objective is to append/load ANOTHER Data file to the array.

1. I want to avoid loops. (speed conscious)
2. I want to avoid using a secondary array. (the files are large)

Any ideas? Thanks in advance.

In VB6 I use vbNullChar in place of Chr$(0)

Quote from: Dyndrilliac on April 17, 2004, 08:05 PM
1) The bot will squelch the new IP, record the name, and proceed normally.

So if the attacker were to use the same name
but different ip EVERY reconnect..
your bot would continue to squelch them?

Quote
2) If the flooder does not return within the next 90 seconds the ban attempt is aborted, and it begins searching for other attackers.

So 135 seconds later you found yourself a new target..
What if the flooder that failed to return fast enough..
returns after you found that new target?

In both cases you could have more then one squelched IP assuming that you were able to catch them.
Is the analysis still useable?

Quote from: Dyndrilliac on April 17, 2004, 08:54 AM
If the user is still squelched but the user name is different, it knows not to waste time recording the name, and move on to more useful criteria. If it is the same name, it records it and begins recording other criteria. Criteria the bot uses to decide a ban ..

What if the username was the same but the ip was different?

Quote from: Dyndrilliac on April 17, 2004, 04:43 PM
Analyzing is done one attacker at a time. All the criteria is logged in a  text file,  and all my bots use the same log file, so in this way I prevent doubling up and keep a speedy ban system going using several ops bots, for a cooperative banning system.

Note: The same person is not squelched on all ops bots. So in my clan channel, if I have 4 ops bots running, I can use this system on 4 attackers at once.

So one of your bot manages to squelch one somehow..
what if the squelched flooder fails to show up?

Quote from: Dyndrilliac on April 17, 2004, 08:54 AM
Maybe if you believe me to be so wrong, you could contribute a system that you approve?

Quote from: o.OV on April 16, 2004, 07:02 PM
In my opinion your best bet is speed efficient coding.
That is why I didn't really approve of the name evaluation idea.

I don't believe there is any client side system anyone can design to defeat a floodbot so what is the point of asking me to come up with one?

How do you analyse the attacker if you have more then one IP that is squelched?

Don't use vbcrlf..
binary connections are totally different from telnet connections.

arta's bnetdocs was down earlier was it?
It is up now so you can check out the protocol header information and packet structures.

I'll paste it here but you will need to see it for yourself for a better understanding.

(BYTE)      StartPacket - always 0xFF
(BYTE)      Packet ID
(WORD)    Packet length, including this header

(DWORD)       Protocol ID (0)
(DWORD)       Platform ID
(DWORD)       Program ID
(DWORD)       Version Byte
(DWORD)       Product language
(DWORD)       Local IP for NAT compatibility*
(DWORD)       Time zone bias*
(DWORD)       Locale ID*
(DWORD)       Language ID*
(STRING)       Country abreviation
(STRING)       Country

Quote from: RedPhoenix on April 16, 2004, 08:07 PM
Technically it could, but you would have to figure out how this function actually processes the string conversion.

Dim data As [Byte]() = System.Text.Encoding.ASCII.GetBytes(msgSend)
Dim stream As NetworkStream = client.GetStream()
stream.Write(data, 0, data.Length)

And yes, I've tried using the Chr(255), but I don't need 255 in Chr() form, just string since "255" is 0xFF ~ ( CStr(&HFF) ) Also ( Hex(&HFF).ToString ) will both return "255"

Well.. ok.. if you are going to express them in plain bytes
why are you using a string? the dwords should be expressed in bytes as well and not as ascii characters
correct? depending on how your class file handles this.
You may want it as a string or a byte form. can't be both like you have right now. can it?
I don't know how .net and your tcp thing works. so I can't give a straight answer.

Add-On:
If you plan on storing the buffer in a string then..
In VB if you have it as "255" then that is three bytes..
50, 53, and 53
so that is why u need Chr$(255) so it is expressed as a single byte and not three.

im not quite sure how .net works..
but it looks like VB so I'm just gonna make an assumption that strings work the same way.

[ code ]

Private msgStart As String = "255" & "1" & "80" & "0" & "IX86" & "SEXP" & "10" & "0" & "0" & "300" & "0" & "0" & "USA" & "United States"

[ / code ]

wow.. does that work with VB6? heh
perhaps you need to use chr$()


Chr$(255)


Quote from: Soul Taker on April 16, 2004, 04:39 AM
Is it so impossible to assume that, when a name matching common flood bot names (i.e.: something like ?#?#?#?#?#?#?#@USEast), even though it changes every time it joins, just seeing names like that in and out over a short period of time could be considered one flood bot to attempt something like this and ban it.

You missed it..
His proposed solution was to have precise timing so that it bans on join.. or even before.
That isn't possible versus a random name generating bot.

Late Add-On:
Oops.
Sorry Soul Taker.
Thought you were on the topic regarding problems in Dyndrilliac's method.

Yes.. someone stated earlier that floodbots make random names.. that alone would defeat Dyndrilliac's proposed solution and many of the recent flooders do.

Plus.. many floodbots use proxies so timing it isn't as easy as one may think.
If it were that easy.. I'm sure others would have thought of it by now AND implemented it into their ops bot if it had actually yielded positive results versus any recent flooder.
I don't believe Dyndrilliac has ever tested this..
So back to the drawing board for Dyndrilliac I guess.

Quote from: Lenny on April 09, 2004, 01:34 PM
All these bots connected through the same client?

Yes.