net.minecraft.server.Packet254GetInfo Spam Server Crash

Discussion in 'Bukkit Help' started by kookiekrak, Dec 26, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    kookiekrak

    Does anyone have a fix for this?

    Someone's crashing my server constantly with this hack. It basically resends this packet hundreds of times until the server runs out of memory and freezes.

    Here's a small log sample


    2011-12-27 02:24:52 [WARNING] class org.getspout.spout.SpoutNetServerHandler wasn't prepared to deal with a class net.minecraft.server.Packet254GetInfo
    2011-12-27 02:24:52 [WARNING] class org.getspout.spout.SpoutNetServerHandler wasn't prepared to deal with a class net.minecraft.server.Packet254GetInfo
    2011-12-27 02:24:52 [SEVERE] Unexpected exception
    java.lang.OutOfMemoryError: unable to create new native thread
    at java.lang.Thread.start0(Native Method)
    at java.lang.Thread.start(Thread.java:614)
    at net.minecraft.server.NetworkManager.d(NetworkManager.java:243)
    at net.minecraft.server.NetServerHandler.disconnect(NetServerHandler.java:119)
    at org.getspout.spout.SpoutNetServerHandler.disconnect(SpoutNetServerHandler.java:560)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:661)
    at net.minecraft.server.NetHandler.a(SourceFile:214)
    at net.minecraft.server.Packet254GetInfo.a(SourceFile:16)
    at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:93)
    at org.getspout.spout.SpoutNetServerHandler.a(SpoutNetServerHandler.java:550)
    at net.minecraft.server.NetworkListenThread.a(SourceFile:108)
    at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:527)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:425)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
     
  2. Offline

    pyraetos

    Depending on your router you probably have a way of viewing connection history. If someone really is spam connecting to you, you can easily determine his IP address then block it with a firewall.
     
  3. Offline

    kookiekrak

    From what i've managed to gleam together:

    The bad packet id 254 comes from the new multiplayer server status screen. When a user opens that page it "pings" your server with that packet to see if it is online or not and to get other various data about it. If you are still running a 1.7.* server it wont know how to handle that packet and throw an error. As far as i can tell its not really server impacting... It may be if you run a large server and a lot of people have you on their multiplayer selection screens, you may see an increase in traffic from it.


    Therefore, this new hack spams the getinfo packet so many times, that it creates too many threads to handle them and locks up the server.

    Seems like an inherent security hole in minecraft.

    im using a hosted server :\

    plus ip's can be changed easily. I'd rather have a fix for it

    bump, seems the newest snapshot of the minecraft server has this fix:

    http://mojang.com/2011/12/15/minecraft-dev-snapshot-week-50/

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 22, 2016
  4. Offline

    Gravity

    Supplying a bit more information on this, we've had a problem plaguing my server for weeks with this kind of exploit, and as far as I can tell its something that only mojang can fix.
    Basically, this kid logs into the server using a VPN and a stolen account, and uses the exploit, resulting in this happening in-game:
    [​IMG]
    The stopping the server was me in console stopping it and restarting, because this is what happens:
    Code:
    2011-12-27 18:37:06 [WARNING] class net.minecraft.server.NetServerHandler wasn't prepared to deal with a class net.minecraft.server.Packet254GetInfo
    2011-12-27 18:37:06 [WARNING] class net.minecraft.server.NetServerHandler wasn't prepared to deal with a class net.minecraft.server.Packet254GetInfo
    2011-12-27 18:37:06 [WARNING] class net.minecraft.server.NetServerHandler wasn't prepared to deal with a class net.minecraft.server.Packet254GetInfo
    2011-12-27 18:37:06 [WARNING] class net.minecraft.server.NetServerHandler wasn't prepared to deal with a class net.minecraft.server.Packet254GetInfo
    2011-12-27 18:37:06 [WARNING] class net.minecraft.server.NetServerHandler wasn't prepared to deal with a class net.minecraft.server.Packet254GetInfo
    2011-12-27 18:37:06 [SEVERE] java.lang.OutOfMemoryError: unable to create new native thread
    2011-12-27 18:37:06 [SEVERE]     at java.lang.Thread.start0(Native Method)
    2011-12-27 18:37:06 [SEVERE]     at java.lang.Thread.start(Thread.java:614)
    2011-12-27 18:37:06 [SEVERE]     at net.minecraft.server.NetworkManager.d(NetworkManager.java:243)
    2011-12-27 18:37:06 [SEVERE]     at net.minecraft.server.NetServerHandler.disconnect(NetServerHandler.java:119)
    2011-12-27 18:37:06 [SEVERE]     at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:661)
    2011-12-27 18:37:06 [SEVERE]     at net.minecraft.server.NetHandler.a(SourceFile:214)
    2011-12-27 18:37:06 [SEVERE]     at net.minecraft.server.Packet254GetInfo.a(SourceFile:16)
    2011-12-27 18:37:06 [SEVERE]     at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
    2011-12-27 18:37:06 [SEVERE]     at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:93)
    2011-12-27 18:37:06 [SEVERE]     at net.minecraft.server.NetworkListenThread.a(SourceFile:108)
    2011-12-27 18:37:06 [SEVERE]     at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:527)
    2011-12-27 18:37:06 [SEVERE]     at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:425)
    2011-12-27 18:37:06 [SEVERE]     at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
    2011-12-27 18:37:06 [SEVERE] Unexpected exception
    java.lang.OutOfMemoryError: unable to create new native thread
        at java.lang.Thread.start0(Native Method)
        at java.lang.Thread.start(Thread.java:614)
        at net.minecraft.server.NetworkManager.d(NetworkManager.java:243)
        at net.minecraft.server.NetServerHandler.disconnect(NetServerHandler.java:119)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:661)
        at net.minecraft.server.NetHandler.a(SourceFile:214)
        at net.minecraft.server.Packet254GetInfo.a(SourceFile:16)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:93)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:108)
        at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:527)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:425)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
    2011-12-27 18:37:16 [INFO] CONSOLE: Stopping the server..
    2011-12-27 18:37:16 [INFO] Stopping server
    
    The [WARNING] go on for quite a while longer, though, I just copied the last bit.
    At that point everyone in the server slowely times out and you are forced to stop and restart it.
    If anyone has an extra info/fixes, please do post.
     
  5. Offline

    JohnTheRipper

    Hmm, I've seen that exploit on HF a while back when it was discovered. I never looked into a fix, has anyone found one?
     
    Daniel Heppner likes this.
  6. Offline

    Gravity

    I just found this, it pretty much describes the problem so I'm hoping it knows the fix.
    Will keep everyone updated on how it goes..
    http://dev.bukkit.org/server-mods/leaverbuster/
     
  7. Offline

    Daniel Heppner

    Clients can send the server whatever packet they want. Vanilla Minecraft servers will actually crash if they receive one of these foreign packets. I guess Bukkit servers will crash if you send them thousands of the foreign packet in a short time frame.

    This is caused by a client sending a log out packet many times before actually logging out. The server displays that message every time the packet is sent, but doesn't actually force the player to leave the server. That should be an easy fix.
     
  8. Offline

    Gravity

    From what you said, it sounds like I could just open up the admin system that I have running our server, add a player_quit event, and when that happens kick the player with some generic logout message?
    Would it be that simple of a fix?
     
  9. Offline

    Daniel Heppner

    Perhaps, try it!
     
  10. Offline

    Gravity

    This is what I tried earlier: (In player listener)
    Code:
        @Override
        public void onPlayerQuit(PlayerQuitEvent event)
        {
            Player player = event.getPlayer();
            player.kickPlayer("Disconnected from server.");
        }
    It caused a bunch of errors and then caused the player to be banned from the leaverbuster plugin I mentioned before
    I'll take a harder look at it a bit later, though.
     
  11. Offline

    Daniel Heppner

    onPlayerQuit isn't called when the packet is sent though, is it? It's called when the player actually quits.
     
  12. Offline

    Gravity

    Well, there is like Player_Join, Player_Login for when players login, but for quit I'm pretty sure its just quit.
    Thats why I was asking, I would be very surprised if it came down to be that easy of a event listen and kick, but it was worth a try. Like I said I'll look and see if there is a way to see when a player sends the packet as opposed to actually leaving
     
  13. Offline

    Daniel Heppner

    Try using Spout, that way you can make sure. (spout lets you listen for packets)
     
  14. Offline

    pyraetos

    Like I said earlier, I have worked with Minecraft and NMS classes a lot, my recommendation is to get the IP and firewall block it. Also make sure your server is in online mode (premium)
     
  15. Offline

    Gravity

    Do you think we have not tried that :p
    I've banned over 30 accounts with 30 separate IPs from our box's firewall, and we have a really hefty firewall.
    It's not hard if you have tons of accounts, just use VPNs.
     
  16. Offline

    pyraetos

    So it's a floodbot using generated accounts and lists of proxies just like on the old battle.net. The nostalgia!
     
  17. Offline

    Gravity

    Unfortunetly I'm not experienced with Spout nor know how to use it properly. When I have some time I'll do some reading.
    Not even a bot .__. some stupid kid who thinks he is from a "professional griefing team" (his "team" is made up of.. him.)
     
  18. Offline

    HotelErotica

    Getting the same about daily.

    Code:
    2011-12-27 18:16:25 [WARNING] class net.minecraft.server.NetServerHandler wasn't prepared to deal with a class net.minecraft.server.Packet254GetInfo
    2011-12-27 18:16:25 [INFO] [WorldInventories] Player Beavisback quit from world: adventure
    2011-12-27 18:16:25 [INFO] [MCBans] Beavisback has disconnected!
    2011-12-27 18:16:25 [INFO] [WorldInventories] Saving inventory of Beavisback
    2011-12-27 18:16:25 [WARNING] class net.minecraft.server.NetServerHandler wasn't prepared to deal with a class net.minecraft.server.Packet254GetInfo
    <<<<<<<<<<<<<<<<<<<<INSERT 200 lines of spam>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    2011-12-27 18:16:25 [WARNING] class net.minecraft.server.NetServerHandler wasn't prepared to deal with a class net.minecraft.server.Packet254GetInfo
    2011-12-27 18:16:26 [WARNING] class net.minecraft.server.NetServerHandler wasn't prepared to deal with a class net.minecraft.server.Packet254GetInfo
    2011-12-27 18:16:26 [SEVERE] java.lang.OutOfMemoryError: unable to create new native thread
    2011-12-27 18:16:26 [SEVERE]     at java.lang.Thread.start0(Native Method)
    2011-12-27 18:16:26 [SEVERE]     at java.lang.Thread.start(Thread.java:657)
    2011-12-27 18:16:26 [SEVERE]     at net.minecraft.server.NetworkManager.d(NetworkManager.java:243)
    2011-12-27 18:16:26 [SEVERE]     at net.minecraft.server.NetServerHandler.disconnect(NetServerHandler.java:119)
    2011-12-27 18:16:26 [SEVERE]     at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:661)
    2011-12-27 18:16:26 [SEVERE]     at net.minecraft.server.NetHandler.a(SourceFile:214)
    2011-12-27 18:16:26 [SEVERE]     at net.minecraft.server.Packet254GetInfo.a(SourceFile:16)
    2011-12-27 18:16:26 [SEVERE]     at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
    2011-12-27 18:16:26 [SEVERE]     at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:93)
    2011-12-27 18:16:26 [SEVERE]     at net.minecraft.server.NetworkListenThread.a(SourceFile:108)
    2011-12-27 18:16:26 [SEVERE]     at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:527)
    2011-12-27 18:16:26 [SEVERE]     at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:425)
    2011-12-27 18:16:26 [SEVERE]     at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
    2011-12-27 18:16:26 [SEVERE] Unexpected exception
    java.lang.OutOfMemoryError: unable to create new native thread
        at java.lang.Thread.start0(Native Method)
        at java.lang.Thread.start(Thread.java:657)
        at net.minecraft.server.NetworkManager.d(NetworkManager.java:243)
        at net.minecraft.server.NetServerHandler.disconnect(NetServerHandler.java:119)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:661)
        at net.minecraft.server.NetHandler.a(SourceFile:214)
        at net.minecraft.server.Packet254GetInfo.a(SourceFile:16)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:93)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:108)
        at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:527)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:425)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
    
     
  19. Offline

    Daniel Heppner

    No, it's just one guy sending the same packet over and over.
     
  20. Offline

    kookiekrak

    Btw guys I patched this on my server.

    Went into network manager and commented out the creation of the network monitoring threads.

    ie:

    Here's the class if anyone wants it. Just open up your bukkit jar and drop it in.

    I've been running this for the past few days and it's been OK. No crashes or anything.

    Also this one comes with some debug info. It'll post the ip of everyone who sends a packet 254 to your server.

    So you can filter for the assholes who are spamquit crashing people.
     

    Attached Files:

    • fix.zip
      File size:
      4 KB
      Views:
      20
  21. Offline

    Gravity

    I'm honestly not quite sure how that would fix the problem.. Care to elaborate on why that would work without rendering things not functional?

    EDIT: Oh, also, what do you mean by network manager
     
  22. Offline

    kookiekrak

    honestly, I haven't looked into the source code enough to know what it does.

    From what I saw, i think it created a monitoring thread that died after 2000 of idle time. I don't think it did anything critical, but the spamquit exploit basically forces the server to create tons and tons of these that dont have enough time to die.

    I've been running my server all week with my fixed code and weve been hit by around 5 spamquit's that i've lived through.
     
  23. Offline

    kookiekrak

    survived another crash attempt 2012-01-02_02.35.42.png
     
  24. Offline

    MonsieurApple

    Could you show me the modifications to where it logs the IP for the people who send 254 packets?
     
Thread Status:
Not open for further replies.

Share This Page