Layer 4 Amplification using Players as Attack Vectors (secret to realms crashing)

[Matrix1101]

Well this one realm I was in crashed and rolled back, so it's still possible to oryx dupe.

[Kushala Daora]

Well this one realm I was in crashed and rolled back, so it's still possible to oryx dupe.

Never said it would be impossible, but it's going to get harder now that the protection is reconfiguring itself after the servers got new operating systems.

[krazyshank]

Send long text packets that are wayy longer than the "limit", server still has to read them fully and handle the condition + send a response
Atleast send the max length packet if having it go through successfully is required

[enmity4]

Layer 4 amplification? I don't think you know what that actually means

[nyaa~]

This one was quite a nice find. Basically, whenever you send a text packet, the server processes each byte in the packet, then sends it out to each player, regardless if they have their star requirement up. (can't say the same about ignoring, since that is server side)

Here is a video demonstrating.

Basically, have tons of bots spam the text packet over and over, then finish off the server with tons of spellbombs. (The server processes 20 ServerShoot packets with each spellbomb, so 100 spellbombs x 20 = 2000 packets to process in less than a second...)

Amazons DDoS protection kicks in after a few crashes and renders the spam useless, meaning it gets auto patched.

This was the secret to realms crashing, the longer the server was alive and processing other players' text packets, the higher chance of a crash. This is why fuller realms were more likely to crash.

me and @einaras had fun while it lasted, soon all the servers will auto patch this, which means rip oryx dupe

You sound like a HF seller advertising his booter

Are you just overloading the server by making it distribute a packet to the players? How does that make them "Attack Vectors"?
And what do you mean by "Layer 4 Amplification"? Of course, those are some fancy words, but do you understand what they actually mean?

[Kushala Daora]

You sound like a HF seller advertising his booter

Tee hee.

And what do you mean by "Layer 4 Amplification"? Of course, those are some fancy words, but do you understand what they actually mean?

Layer 4 = TCProtocol which is what rotmg uses to send and receive packets. Amplification is due to the fact that each player assists in the attack, making it stronger.

Are you just overloading the server by making it distribute a packet to the players? How does that make them "Attack Vectors"?

This is how the amplification factor works. For each player the server has to send out an additional packet. Since the server processes each packet, then sends out the packet a long with the text, more bandwidth consumption.

[yentlXD]

hi, i wanted to talk to you for the longest time but mpgh doenst let me send a message -.-, would it be possible like any onther ddos attack that you use a DNS amplification to the server ip? i have many other idea's & i would like to get some help to get started with some of them.

[Kushala Daora]

hi, i wanted to talk to you for the longest time but mpgh doenst let me send a message -.-, would it be possible like any onther ddos attack that you use a DNS amplification to the server ip? i have many other idea's & i would like to get some help to get started with some of them.

DNS + NTP attack while the realm is shaking = Doop

[yentlXD]

DNS + NTP attack while the realm is shaking = Doop

i think so to however i realy don't know how they have setup their servers, is there anyway how i can contact you privatly aka skyp or so?

[nyaa~]

Tee hee.

Layer 4 = TCProtocol which is what rotmg uses to send and receive packets. Amplification is due to the fact that each player assists in the attack, making it stronger.

This is how the amplification factor works. For each player the server has to send out an additional packet. Since the server processes each packet, then sends out the packet a long with the text, more bandwidth consumption.

Thanks for a mature answer.
Of course it's TCP

I would disagree with the usage of term attack vector, but that's just nitpicking.

Nice find.