Well i was thinking a bit about, and I have some information about.-
First, my English its not the best im from Argentina.-
Ok - So, lets see - In Linux inside the system at Kernel level you have a firewall we are going to call it "IPTables" so... everything related to LAN (internet / LAN) pass through that firewall.-
By default its all allowed for normal using.-
The difference it's how Linux firewall works compared to Windows.-
Windows firewalls works at Network and transport level- That's why you can drop ports, process, etc.-
Linux firewall works at application level, thats how you can "examinate" the information of every packet.-
This all in general lines
It's more deep the Linux firewall - The Windows firewall it's not bad, I mean for normal or server applications go OK - This is a very specific situation, usually this work its made by proxies, for example pfsense (linux based) Mikrotik (linux based) etc.-
---
The question it's we can do something similar in Windows? - Yes but my understanding of programming and all that it's bad - I only work in servers and infrastructure area.-
How? - Well the Idea of HarpyWar it's good, with a Sniffer - You can catch a packet (late) make a examination and detect the code, then send that IP to firewall (network level) and avoid any hack from that IP.-
But you will not avoid the hack, and attack IP can change anytime.-
The best resource I find, is this
www.nirsoft.net/utils/smsniff.html
---
The best solution I find at this moment is this:
Run a Linux host, any distribution you want - put a virtual machine (VirtualBox / VMWare) with any OS you want XP will do the trick - put the network of the virtual machine in NAT mode, set in the NAT rule of the VirtualBox / VMWare - Port 4000 TCP/UDP from any host, to any host.-
Install PVPGN in the linux host run everything OK and MySQL too (bnetd / d2gc and d2dbs) configure the address translation of D2GS - Im not sure if the NAT IP (10.1.1.2 for example) or put the local IP and the NAT will do the trick I need test that tomorrow.-
Finally the IP Table rule in the Host and ready to go.
So you have everything in a native environment - A powerfull Firewall and probably will be stable.-
--
I know in practice we want use Windows because probably you run more things - If you are using a hosting, you probably ask to Tech support to drop that Hex code to your IP of your Windows server because usually hosting have a proxy behind, router, speed control, DDOS avoid, etc.-
-
But this is the only easy situation I can Find - Probably a D2GS emulation in Wine works too.- and that will avoid you to use a virtual machine, and a NAT rule.-
Added: 04.08.2017 12:41
Hi guys,
Well today i finish a few more test of the IPTable anti hack -
First the hack its the first 4 hex values example (this not the hack funny girls)
F3 F3 FA FA 00 00 00 00 00
The process D2GS crash using the first "F3 F3" you can add more random code but the first 4 digits are the crash.-
In this example F3 F3 make the crash - So, If I put in the packet F3 F2 will not be detected by the IP Table but, that will not crash the process becase its not the "hack code".-
So GOOD news.-
I have the code for the IP Table rule, using the first 4 digits, and will use regular expression to see the first 4 digits and ignore any length of code or combination.-
---
I will implement this in my server, in a real enviroment using external conections and all that stuff - And the attack my self (hell yeah!) - And see what happend.-
If this work, I want to talk with you @harpyWar and @Meanski - And see how we can inform this fix, because the IPTable rule will expose the hack - And the people dont have Linux will no be safe.-
Added: 04.08.2017 13:26
By the way if this works fine - Im going to put the D2GS in a Linux with Wine and see estability - Because if that works - You can do the same using Windows host, create a full PVPGN network in Windows, put a Virtual Machine with linux (a tiny version) install Wine, configurate - Run D2GS - And put the IP Table rule - that will protect you D2GS process - And ready to go.-
Because for NAT its the same
If this Idea Works Fine - I can create a virtual machine of 300 mb with a Tiny Linux - And upload to test in any Windows Enviroment with D2GS, loaded, you only will need to change the IP in the .reg file - And will have the IP Table rule ready.
Admin / Owner Project:==
OldServers Argentina ==