Help Handshake phase does not handle packet 80

[Klaus 154]

SYSERR: Mar  1 20:12:45 :: Analyze: Handshake phase does not handle packet 80 (fd 50)
SYSERR: Mar  1 20:12:45 :: Process: SEQUENCE_LOG [UNKNOWN]-------------
	[080 : 0xaf]
SYSERR: Mar  1 20:12:45 :: Analyze: Handshake phase does not handle packet 80 (fd 42)
SYSERR: Mar  1 20:12:45 :: Process: SEQUENCE_LOG [UNKNOWN]-------------
	[080 : 0xaf]

SYSERR: Mar  1 20:12:45 :: Analyze: Handshake phase does not handle packet 80 (fd 50)
SYSERR: Mar  1 20:12:45 :: Process: SEQUENCE_LOG [UNKNOWN]-------------
	[080 : 0xaf]
SYSERR: Mar  1 20:12:45 :: Analyze: Handshake phase does not handle packet 80 (fd 42)
SYSERR: Mar  1 20:12:45 :: Analyze: Handshake phase does not handle packet 80 (fd 50)
SYSERR: Mar  1 20:12:45 :: Analyze: Handshake phase does not handle packet 80 (fd 42)
SYSERR: Mar  1 20:12:45 :: Process: SEQUENCE_LOG [UNKNOWN]-------------
	[080 : 0xaf]

Client:

0301 20:05:34250 :: invalid idx 0
0301 20:08:43366 :: invalid idx 0

Good evening! This error started from nothing and whenever you select the character or teleport, it is disconnected. Does anyone have any idea if it is a flaw or vulnerability that someone is using? (At first, it started after 200 ~~ 250 online, now with 20 ~~ 50 online the errors start, out of nowhere)

I thank you for your attention! = D

 

Fix: 

 

Edited March 2, 2020 by Klaus

[IceShiva 150]

This is just information about lack of information what to do with packet of id 80 and handler cannot process this packet so it's ignored. Sometimes happend when someone trying to send wreid data to server. Probably you have packet mismatches in protocol and of course it's not a vulnreability.

[Klaus 154]

14 hours ago, IceShiva said:

Essas são apenas informações sobre falta de informações sobre o que fazer com o pacote de identificação 80 e o manipulador não pode processar esse pacote, portanto ele é ignorado. Às vezes acontecia quando alguém tentava enviar dados do wreid para o servidor. Provavelmente você tem incompatibilidade de pacotes no protocolo e, claro, não é uma vulnerabilidade.

Hello,

At first, I believed it was really a problem in the source / packet, however, after analyzing the syslog of the channels, I noticed several attempts at the same IP address, after installing pf.conf, such IP was blocked and the problem did not return to occur, we can conclude that yes, it was attacks on the channels. We can conclude that not always errors like this, which initially indicates problems / flaws in the packets / functions, are not always!

[IceShiva 150]

You can solve this problem by creating blacklist map which includes ip address as key and unhandled connections count as data in specific time, then define "connection threshold" if exceesed you just reject futherer connection from this ip. This mehod theoretically solve all problems with dos and other unwanded shieet. Of course all should be implemented in server source due "raw pf" is l3/4 firewall

Cheers.

Edited March 3, 2020 by IceShiva