Linking back to my own server?

Discussion in 'Bukkit Discussion' started by Errored, Jul 16, 2012.

Thread Status:
Not open for further replies.
  1. Offline


    So I had this curious Guest log on. Told me I was a cool admin and a bunch of kiss ass things. At the time I was building something near spawn and he mentioned that he had built something similar to it on his server and that I should check it out. He gave me an IP and I told him I would check it later. He hung around until I finished working then I went to check his server.

    When I tried to log into his "server" it tried to log into my server using the IP address he gave me. Since I'm the server admin I noticed the console login messages when I tried to log in. At first I didn't notice, but I thought I would check my server after three failed attempts to log into Guest's server (client message would just say "Disconnected" and server message was "endOfStream").

    My question is, what kind of attack is this? My server is on on-line mode so that probably prevented the attack from working. So why try to make me log into his own "server"? What would it have accomplished? I don't see how he would gain OP or anything that would benefit him since it was me logging into my own server just through a different IP.
  2. Offline


    Sounds like MITM. I'm sure TnT can tell you more about this.
  3. Offline


    It's called session stealing. They send you the IP to a fake server, you attempt to join, and they steal your session, allowing them to log in to your server with your username (and therefore be able to OP themselves etc.).
  4. Offline


    That is the MITM attack. Don't join random servers.

    It is fixed in the snapshots.
  5. Offline


    Yep. Fortunately I noticed the issue right away and took action to correct it. Even banned the ip.

    I've been reading around for session hijacking and found it has been a constant problem, glad it's been fixed.

    Thanks for the info, guys!
  6. Offline


    It has not been fixed. As far as I know the MITM attacks are still possible - but Mojang recently fixed a different session-related attack involving migrated accounts.
Thread Status:
Not open for further replies.

Share This Page