|
|
|
|
|
|
| Sniff the spammers, then post their WOL names. [message #1833] |
Sun, 02 March 2003 20:49   |
 |
Blazer
Messages: 3322
Registered: February 2003
Location: Phoenix, AZ
Karma: 0
|
General (3 Stars)
Administrator/General |
|
|
While the Renegade game/client itself does not reveal who sent the page, if you run a sniffer it will. Heres the way it works. when you type "/invite Blazer", it just sends me a normal page with the text "<WWINVITE>". And the Renegade game/client will say "Javaxcx invited you to join him blah blah blah". If you reject his invitation and click "Decline" instead of "join", it sends them a normal page, with "<WWDECLINE>". This makes renegade say "Yo!" and "Your invitation was declined".
Now...the spammers log into relay and just cut and paste or using an mirc script to just flood you with <WWDECLINE> pages.
Here's the good part. As I said, while the renegade game/client itself does not show who these pages are from, a sniffer will. Remember, you are getting a NORMAL page, just as if you typed /page blazer0x <WWDECLINE>. So if you run a sniffer, you WILL see a page from the spammer, including their WOL username.
I suggest you install Ethereal http://www.ethereal.com/distribution/win32/ethereal-setup-0.9.9.exe
Play with it a bit, learn how to start up a capture quickly. Then the next time you are hit with one of these spam attacks, just alt-tab out of renegade, fire up ethereal and now you will have a log of their username.
I'm not going to give a sniffing-101 in how to use Ethereal, but I can tell you the most useful way to view the packet log is to find one definite packet, and click on it and select "view tcp stream". Ethereal will then open up a window and show you all the packets in easy to read plaintext format.
http://www.renevo.com | 
http://strike-team.net/forums/ | XWIS Forums
http://www.n00bstories.com | Crimson is the 0wnage, and I Love her!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| More morons utilizing the "Relay" to spam attack [message #3057] |
Wed, 05 March 2003 17:57 |
 |
Javaxcx
Messages: 1943
Registered: February 2003
Location: Canada, eh?
Karma: 0
|
General (1 Star) |
|
|
I have an update:
Taskbot7 and I were again in a private sniper server. Set to 5 players, and only the 2 of us residing. Anyway, 2 more people join up, and we continue to play. Anyway, someone called "lil2tight" ended up joining. He decided it would be nice of him to go off and try and nuke some buildings, so I stopped him, momentarily after, he says "kick all" in the all chat, and I proceed to disconnect, along with everyone else, including him. Taskbot7 did not, because he was the host.
What happened afterward, was that I was unable to rejoin the server because of a failing port neogaition. I assume the relay was used to change the port used by Taskbot7, and cut the rest of us off.
name: lil2tight
Any information, please bring it to my attention.
Sniper Extraordinaire
Read the FUD Rules before you come in and make an ass of yourself.
All your base are belong to us.
You have no chance to survive make your time.
|
|
|
|
| Re: Sniff the spammers, then post their WOL names. [message #3060] |
Wed, 05 March 2003 18:01 |
 |
Griever92
Messages: 593
Registered: February 2003
Location: Calgary, Alberta, Canada
Karma: 0
|
Colonel |
|
|
| Blazer |
While the Renegade game/client itself does not reveal who sent the page, if you run a sniffer it will. Heres the way it works. when you type "/invite Blazer", it just sends me a normal page with the text "<WWINVITE>". And the Renegade game/client will say "Javaxcx invited you to join him blah blah blah". If you reject his invitation and click "Decline" instead of "join", it sends them a normal page, with "<WWDECLINE>". This makes renegade say "Yo!" and "Your invitation was declined".
Now...the spammers log into relay and just cut and paste or using an mirc script to just flood you with <WWDECLINE> pages.
Here's the good part. As I said, while the renegade game/client itself does not show who these pages are from, a sniffer will. Remember, you are getting a NORMAL page, just as if you typed /page blazer0x <WWDECLINE>. So if you run a sniffer, you WILL see a page from the spammer, including their WOL username.
I suggest you install Ethereal http://www.ethereal.com/distribution/win32/ethereal-setup-0.9.9.exe
Play with it a bit, learn how to start up a capture quickly. Then the next time you are hit with one of these spam attacks, just alt-tab out of renegade, fire up ethereal and now you will have a log of their username.
I'm not going to give a sniffing-101 in how to use Ethereal, but I can tell you the most useful way to view the packet log is to find one definite packet, and click on it and select "view tcp stream". Ethereal will then open up a window and show you all the packets in easy to read plaintext format.
|
Hmm, i would love to figure out who these a$$holes are that keep doing this to me. now i can
Alex "Griever92" Bracken
============================
|
|
|
|
|
|
| More morons utilizing the "Relay" to spam attack [message #3327] |
Thu, 06 March 2003 13:41 |
|
Javaxcx
Messages: 1943
Registered: February 2003
Location: Canada, eh?
Karma: 0
|
General (1 Star) |
|
|
Hmm... Taskbot7 says that he does not have the renlog.txt on his HDD. I highly doubt that this person would say "fuck all", and all of us would disconnect.
I would like to also point out, that I rejoined his server again after he restart it, and within minutes, everyone in there disconnected again. I don't know of any text sent, because I must've disconnected before any text appeared. I'm sorry, I don't know.
Assuming it was a command "kick all", how could it be used to disconnect the entire server, and change the port?
Sniper Extraordinaire
Read the FUD Rules before you come in and make an ass of yourself.
All your base are belong to us.
You have no chance to survive make your time.
|
|
|
|
|
|
|
|
Search
Help
Members
Register
Login
Home
)
