Packets

Dyndrilliac · November 26, 2003, 07:22 PM

Quote from: TriCk on November 26, 2003, 06:22 PM
Well what if someone sends say 6 rejoins
And i know its bannable because i have seen people ban it. thats what i want to achieve with my bot

6 Rejoins would cause an IP ban if done on the same connection. You would have to do it in an instance of 4 then an instance of 2 after reconnecting. I've tested this with my own crude work up of a small FloodBot.

My test results have conclusively pointed out that the most optimum Non IP Bannable data is:

50 second reconnect delay
.001 Second Rejoin Delay
4 Rejoins Per Connect

Using that data, a StealthBot on EFP will ban my bot roughly 1 out of 4 reconnects. Assuming you had enough keys you could theoretically make the spam infinite with the above data by falling in "Safe" parameters so as not to be IP banned.

My Connection speed is 1.7 megabits per second, on Cable btw.

Skywing · November 26, 2003, 08:36 PM

Note that available bandwidth doesn't really guarantee a fast connection (low response times). For instance, take a look at satellite connections.

iago · November 26, 2003, 08:56 PM

Quote from: UserLoser. on November 26, 2003, 07:03 PM
Put it this way on banning a floodbot (*correct me if I'm wrong about server<->server, just what I'm guessing on how the Battle.net servers are operated*):

The floodbot connects to one of the many servers on the gateway, joins a channel, and starts to rejoin. That one server has to send a message to each server on that Gateway which says you joined, then left, then joined, ect, the channel. Each server then has to send out a join/leave message to each user in that channel, and send the channel user list to the floodbot every time it joins. Probably before the servers even start to communicate with each other, the floodbot already disconnects from the server, or shortly after. Anyways, along the way of the moderation bot recieving one of the many join messages, has to process the incoming data, then processes the username through a database (most likely, but shouldn't take any longer than a few milliseconds), then send out the ban message to the server it's on, which has to relay it across the other servers. So your bot basically has a few milliseconds to send a ban message to the server before the server thinks the floodbot is disconnected...

You made sense right until that last statement. From what you're saying, the bot had already disconnected from the server by the time you get the message, so it doesn't matter how fast the bot is.

iago · November 26, 2003, 09:08 PM

How about just, "Because of network latency it's impossible"?

TriCk · November 26, 2003, 09:11 PM

Quote from: Dyndrilliac on November 26, 2003, 07:22 PM
Quote from: TriCk on November 26, 2003, 06:22 PM
Well what if someone sends say 6 rejoins
And i know its bannable because i have seen people ban it. thats what i want to achieve with my bot

6 Rejoins would cause an IP ban if done on the same connection. You would have to do it in an instance of 4 then an instance of 2 after reconnecting. I've tested this with my own crude work up of a small FloodBot.

My test results have conclusively pointed out that the most optimum Non IP Bannable data is:

50 second reconnect delay
.001 Second Rejoin Delay
4 Rejoins Per Connect

Using that data, a StealthBot on EFP will ban my bot roughly 1 out of 4 reconnects. Assuming you had enough keys you could theoretically make the spam infinite with the above data by falling in "Safe" parameters so as not to be IP banned.

My Connection speed is 1.7 megabits per second, on Cable btw.

No its not impossible to send 6 rejoins i can get 6 rejoins easily, even on the massbot i made i can, as fast as a floodbot
Mine are...

0.00 rj wait
6 rj's
0 wait to reconnect. (i can do this for 1hr or 2hrs before ipban)

Dyndrilliac · November 26, 2003, 10:52 PM

Quote from: TriCk on November 26, 2003, 06:22 PM
No its not impossible to send 6 rejoins i can get 6 rejoins easily, even on the massbot i made i can, as fast as a floodbot
Mine are...

0.00 rj wait
6 rj's
0 wait to reconnect. (i can do this for 1hr or 2hrs before ipban)

That's kind of retarded since if you put 0 in a timer in VB the timer itself would completely cease to function....thus making your entire post just now a complete waste.

Edit: And if you mean rapid instant Reconnects you're wrong there too....if you reconnected at .01 delay 5 times you'd be IP banned before you could say "Man, that guy who made sense was right!".

Lenny · November 26, 2003, 11:18 PM

Well you're making the assumption he used a timer in the first place-He probably used a loop....

And I believe the max rejoin is 7
Depends on what kind of rejoin you do also.....
(Joining the void and coming back vs. making a private game and coming back)
But the reconnect part (0.00) isn't possible for 1-2 hrs...Even if you were switching between gateways(which would make no sense)

Also, can one server ban the user if it thinks it still connected (not the server that the floodbot was connected to)

Kp · November 27, 2003, 01:06 AM

Having taken actual packet captures during floodbot attacks, I have millisecond-precision about when the messages came in and the clustering thereof. The floodbots that have attacked vL in recent memory performed their attack in such a way that all the join, talk, and leave events arrived in one mass. This means that, even if I had reacted instantly, I couldn't have done anything about them - they were already gone (offline). I have also observed far less efficient floodbots that move quite slow (including a few that stalled out and took several seconds to get out of channel again). Such were quite easy to ban, but it's generally easier to let our client filtering just delete them instead of even bothering to ban them. It saves queue space on the operator. The ones that you see getting banned are, IMO, not designed very well.

Though it's technically impossible to guarantee that the peer will or will not receive all your data as a glob, there are measures which can give very high assurance of globbing (or of fragmentation, though there's really no good reason for wanting that). Taking such measures makes it far less likely that the floodbot will get caught.

No, I will not tell you what those measures are. Just from what I've said, it ought to be fairly obvious. If it isn't, that's good too.

TriCk · November 27, 2003, 02:59 AM

Quote
That's kind of retarded since if you put 0 in a timer in VB the timer itself would completely cease to function....thus making your entire post just now a complete waste.

Who said anything about a timer?
Ever heard of the kernel32 sleep function?
Or
Not having a timer at all?

Spht · November 27, 2003, 09:53 AM

Like this thread, people are going to let it keep going. In that thread, the concept was explained several times but people ignore it, and decide to go with how they think it works instead. I've tried NUMEROUS times explaining this to different people on Battle.net, and they'll either ignore you because they don't understand, or very few will actually think "oh yeahhh," and then go on to teach the MANY MANY others why they can't ban floodbots and sometimes they can, because far too many people don't understand how it works.

For those which are still not satisfied, I suggest going back and viewing this thread, and especially read every post that Skywing and Kp made, because it explains in very complete detail how the whole concept works.

Dyndrilliac · November 27, 2003, 10:02 AM

Quote from: TriCk on November 27, 2003, 02:59 AM
Quote
That's kind of retarded since if you put 0 in a timer in VB the timer itself would completely cease to function....thus making your entire post just now a complete waste.

Who said anything about a timer?
Ever heard of the kernel32 sleep function?
Or
Not having a timer at all?

Using sleep function would still give you a small delay?

My point was rapid reconnections at 0 is impossible.