OK,
I play this online game, i play it on my spare time gaming is one of my hobbies.
The owners of the server that I play on hack, they don’t really do anything destructive, but somehow they are able to make specially crafted packets and send them to my connection and it makes the game mess up badly, the game will play perfectly for about 15-20 minutes, then these guys will start packeting my connection to force my game to timeout, I have tested it enough to know they are the ones responsible for the game crashing.
What i dont understand is that these guys are able to make custom packets\protocols inside of the UDP connection, I have the rule set in comodo to only allow UDP connections and nothing else, but these guys are able to create these protocols, I will list them -sebek-dcp-af-stun2-stun. The list goes on I wont list them all, but they can make these connections inside of the udp connections and it causes the game to crash.
I have proof of there activity, and am more then willing to post it if anybody would like to look at it to see if they can suggest anything I can do.
What i’m looking for is a straight forward packet filter that doesn’t take a rocket science to operate, I used google but to no success I was hoping somebody has a straight forward solution for me.
Thanks
I already have those options checked but this is still occuring.
I can create custom rules where it blocks the packets, but when ever i block the packet they made they create another custom packet with a new payload.
In this screenshot the payload is \200 but when i set this as a block rule the next attack will be \20 or \30 and so on they just keep doing it.
Couple of things here. Wireshark has some know bugs with stun2 and tftp is a pretty early and moreover, simple transfer protocol.
If these ‘hackers’ are worth anything they wouldn’t be using primitives like this, even if all they wanted was to spoil your on-line gaming experience.
If you want us to look into this. you’d be better off showing us some more detail. If you don’t want to post it publicly, you can PM me with the detail. It won’t go any further.