There could be a slight vulnerability, in which commands and actions could be spoofed.
As the client-server architecture gives a lot of power to the client in BZFlag.
It is to my understanding, the client sends actions (such as jump) to the server which then sends them to other clients(so they would interpret whether a tank has jumped or not, for example).
This technically allows one to send spoofed commands or actions to the server, for example making someone else's tank jump in a bad situation.
Spoofing attacks possiblity?
- Zehra
- Private First Class
- Posts: 921
- Joined: Sun Oct 18, 2015 3:36 pm
- Location: Within the BZFS API and Beyond it
- Contact:
Spoofing attacks possiblity?
Last edited by Zehra on Mon Dec 21, 2015 8:25 pm, edited 2 times in total.
Those who are critical of me, I'll likely be the same of them. ~Zehra
The decisions we make are the ones we look forward too and the ones we regret. ~Zehra
There's a difference between knowing my name and knowing me, one shows respect to my name and the other is to who I am. ~Zehra
See where I've last been active at Strayers.
Visit BZList.net for a modern HTML5 server stats site.
Click here to view the 101 Leaderboard & Score Summaries Last updated 2021-01-12 (YYYY-MM-DD)
Latest 101 thread
The decisions we make are the ones we look forward too and the ones we regret. ~Zehra
There's a difference between knowing my name and knowing me, one shows respect to my name and the other is to who I am. ~Zehra
See where I've last been active at Strayers.
Visit BZList.net for a modern HTML5 server stats site.
Click here to view the 101 Leaderboard & Score Summaries Last updated 2021-01-12 (YYYY-MM-DD)
Latest 101 thread
Re: Spoofing attacks possiblity?
Please analyze the source code or conduct local tests to validate your ideas before you speculate whether a specific attack is possible. The server has numerous checks to validate data it receives from clients before accepting and relaying it. Furthermore, we generally do not allow discussions about specific ways of attacking bzfs servers here, nor any kind of cheating or attempts to compromise the game.
- Zehra
- Private First Class
- Posts: 921
- Joined: Sun Oct 18, 2015 3:36 pm
- Location: Within the BZFS API and Beyond it
- Contact:
Re: Spoofing attacks possiblity?
Sorry my bad.
Last edited by Zehra on Wed Jan 04, 2017 3:38 am, edited 1 time in total.
Those who are critical of me, I'll likely be the same of them. ~Zehra
The decisions we make are the ones we look forward too and the ones we regret. ~Zehra
There's a difference between knowing my name and knowing me, one shows respect to my name and the other is to who I am. ~Zehra
See where I've last been active at Strayers.
Visit BZList.net for a modern HTML5 server stats site.
Click here to view the 101 Leaderboard & Score Summaries Last updated 2021-01-12 (YYYY-MM-DD)
Latest 101 thread
The decisions we make are the ones we look forward too and the ones we regret. ~Zehra
There's a difference between knowing my name and knowing me, one shows respect to my name and the other is to who I am. ~Zehra
See where I've last been active at Strayers.
Visit BZList.net for a modern HTML5 server stats site.
Click here to view the 101 Leaderboard & Score Summaries Last updated 2021-01-12 (YYYY-MM-DD)
Latest 101 thread
Re: Spoofing attacks possiblity?
In some ways, the server is little more than a relay. It's far better than it used to be, but still is far from perfect. Ideally the server would actually have a complete game state (meaning, it would know where tanks are, where shots are, how physics are going to behave, etc) so that it could make intelligent decisions and determine if a client is sending bogus updates.