Second Life Forums Archive - Fake system text?

Yumi Murakami

DoIt!AttachTheEarOfACat!

Join date: 27 Sep 2005

Posts: 6,860

02-01-2008 17:04

From: Cunundrum Alcott

The grief attack I witnessed I was definitely in the form of server (or sim owner) notices where you were forced to hit ok/ignore... They came by the hundreds, they did not interrupt my connection or anything other than provide a huge neusance. There were so many so fast you were forced to relog or live with it.

Those are llDialogs. The griefer attack is a pain, but it's not the huge hole that server messages would be.

Lear Cale

wordy bugger

Join date: 22 Aug 2007

Posts: 3,569

02-03-2008 09:51

From: Atashi Toshihiko

What I meant about 'authority' has to do with the fact that IMs are not always just IMs.

SL uses the IM 'package' to send everything that isn't chat. The estate messages, system wide messages from the Lindens, group invites, TP offers, inventory offers, all come in the form of an IM. The browser decides what goes in an IM window and what appears in a blue popup based on what is in the IM package.

If you use a nonstandard viewer or some other means to form a system message and send it out, will the servers blindly pass it on to the destination? Or will they check that a 'system message' is actually coming from a Linden, and not just any kid with an open source client and some spare time?

That's where authority comes into play. It is about authority because it's not just an instant message.

-Atashi

Right -- assuming the OP is correct, it sounds like the SL client is far too trusting in accepting system messages. It sounds as though the client gets the other client's IP via an IM or something, and then sends a fake system message (and the receiving system doesn't do any kind of authentication).

Atashi, do these IMs always go between server and client, or can they go directly from client to client? Above, I assume the latter.

Lear Cale

wordy bugger

Join date: 22 Aug 2007

Posts: 3,569

02-03-2008 09:53

From: Cunundrum Alcott

The grief attack I witnessed I was definitely in the form of server (or sim owner) notices where you were forced to hit ok/ignore... They came by the hundreds, they did not interrupt my connection or anything other than provide a huge neusance. There were so many so fast you were forced to relog or live with it.

The good thing about these is you can mute the source. That's not a guaranteed solution, because the griefer could keep spawning new attack objects.

SuezanneC Baskerville

Forums Rock!

Join date: 22 Dec 2003

Posts: 14,229

02-03-2008 10:01

One thing's for sure, if there's money to be made, or aggravation to be caused, from some kind of faked system messages, and the technique gets spread around, we'll be seeing more of them, such that there won't be any question about what it is.

_____________________

-

So long to these forums, the vBulletin forums that used to be at forums.secondlife.com. I will miss them.

I can be found on the web by searching for "SuezanneC Baskerville", or go to

http://www.google.com/profiles/suezanne

-

http://lindenlab.tribe.net/ created on 11/19/03.

Members: Ben, Catherine, Colin, Cory, Dan, Doug, Jim, Philip, Phoenix, Richard,
Robin, and Ryan

-

Atashi Toshihiko

Frequently Befuddled

Join date: 7 Dec 2006

Posts: 1,423

02-03-2008 10:03

From: Lear Cale

Atashi, do these IMs always go between server and client, or can they go directly from client to client? Above, I assume the latter.

As far as I can see, everything goes through the servers. You cannot get another client's IP address through the SL stuff, there is no mechanism for it. So I am presuming that if this works it is because the servers are too permissive of who can send 'system' mesages.

Although I have the means to test this, I don't care to risk causing or getting in any trouble. Anyone with a libsl setup could test it though, by structuring an IM the right way then sending it to an alt or whatever.

You don't need anyone's IP address though, just their name or UUID for sending the IM to them.

(Note, you can get another person's IP address through other means; easiest is to set up an audio stream because that doesn't go through SL. By looking at the IP addresses that are listening to your stream, and when they are added / removed, you can figure out who is who by what avatars are coming and going. This is old news though and has nothing to do with any version of the SL client.)

In fact I don't even know if you could do it with their IP address -- the client has established a connection to the SL simulator in question, and is sending and receiving packets through that connection, so trying to send an outside packet from another IP address probably wouldn't even get to them - their browser simply wouldn't be listening for random packets from just anywhere.

-Atashi

_____________________

Visit Atashi's Art and Oddities Store and the Waikiti Motor Works at beautiful Waikiti.

Lear Cale

wordy bugger

Join date: 22 Aug 2007

Posts: 3,569

02-03-2008 10:27

Thanks, Atashi.

You mentioned a connection: is SL really using TCP rather than UDP for these things now? Or is this more of a loose association?

It's reasonable that IMs are addressed using UUID, and servers don't really need to filter them. Given that system messages use the same infrastructure, the servers need to reject these coming from clients, or else to have some form of authentication.

Sounds like we need a JIRA entry, if this problem can be confirmed. I believe the OP, but confirmation is important.

Day Oh

Registered User

Join date: 3 Feb 2007

Posts: 1,257

02-03-2008 11:38

Blue dialogs on the top right include IM's from the system, transaction notifications, inventory offers and script dialogs. Scripts can pop these, but the dialog always shows you the name of the sender.

Blue dialogs on the bottom right include alert messages from your sim (online notifications, failed sit, etc) and a certain type of IM's that can originate from agents. I'm pretty sure these dialogs can't have buttons, and they just go away after a moment. It would be nice if the viewer revealed who the message is from.

_____________________

Ordinal Malaprop

really very ordinary

Join date: 9 Sep 2005

Posts: 4,607

02-04-2008 15:04

From: Lear Cale

Thanks, Atashi.

You mentioned a connection: is SL really using TCP rather than UDP for these things now? Or is this more of a loose association?

It's reasonable that IMs are addressed using UUID, and servers don't really need to filter them. Given that system messages use the same infrastructure, the servers need to reject these coming from clients, or else to have some form of authentication.

Sounds like we need a JIRA entry, if this problem can be confirmed. I believe the OP, but confirmation is important.

Eh, with my experience of SL, I _don't_ believe the OP; it sounds to me like the usual Chinese Whispers, in the same line as the repeated "don't rez this object it will take all your money!!!!" warnings that go around. Nobody has actually experienced this as far as I'm aware. I suspect that it was in fact just llDialog griefing and it has been distorted.

_____________________

http://ordinalmalaprop.com/forum/ - visit Ordinal's Scripting Colloquium for scripting discussion with actual working BBCode!

http://ordinalmalaprop.com/engine/ - An Engine Fit For My Proceeding, my Aethernet Journal

http://www.flickr.com/groups/slgriefbuild/ - Second Life Griefbuild Digest, pictures of horrible ad griefing and land spam, and the naming of names

Day Oh

Registered User

Join date: 3 Feb 2007

Posts: 1,257

02-04-2008 15:54

Anybody who wants a demonstration can IM me in-world and ask o_o

Lol, if this is hard to believe, wait 'til you find out all the other crazy stuff the system lets you do o_o

_____________________

Ordinal Malaprop

really very ordinary

Join date: 9 Sep 2005

Posts: 4,607

02-04-2008 16:06

Fair enough, he has actually sent me a bottom-right blue message

I withdraw the above though I think it was still a fair assumption

_____________________

http://ordinalmalaprop.com/forum/ - visit Ordinal's Scripting Colloquium for scripting discussion with actual working BBCode!

http://ordinalmalaprop.com/engine/ - An Engine Fit For My Proceeding, my Aethernet Journal

http://www.flickr.com/groups/slgriefbuild/ - Second Life Griefbuild Digest, pictures of horrible ad griefing and land spam, and the naming of names

Yumi Murakami

DoIt!AttachTheEarOfACat!

Join date: 27 Sep 2005

Posts: 6,860

02-04-2008 16:30

From: Day Oh

Anybody who wants a demonstration can IM me in-world and ask o_o

Lol, if this is hard to believe, wait 'til you find out all the other crazy stuff the system lets you do o_o

Have you bug reported this?

SuezanneC Baskerville

Forums Rock!

Join date: 22 Dec 2003

Posts: 14,229

02-04-2008 16:50

From: Ordinal Malaprop

Fair enough, he has actually sent me a bottom-right blue message

I withdraw the above though I think it was still a fair assumption

Does that make some text that shows as blue in your history?

If I'm the OP, no reason to disbelieve me. I did read a message in libsecondlife group chat saying what I said it said.

From: someone

"TheGuy WhoSaidIt: I received a "notice" from someone with a custom client similar to the notice you get when a friend comes online but it contained custom text. It also shows up as blue text in your history."

_____________________

-

So long to these forums, the vBulletin forums that used to be at forums.secondlife.com. I will miss them.

I can be found on the web by searching for "SuezanneC Baskerville", or go to

http://www.google.com/profiles/suezanne

-

http://lindenlab.tribe.net/ created on 11/19/03.

Members: Ben, Catherine, Colin, Cory, Dan, Doug, Jim, Philip, Phoenix, Richard,
Robin, and Ryan

-

Day Oh

Registered User

Join date: 3 Feb 2007

Posts: 1,257

02-04-2008 16:59

I think it's in use for some things, such as the "you are no longer welcome" message that goes with parcel bans. I'm not sure..

_____________________

Fake system text?
Yumi Murakami DoIt!AttachTheEarOfACat! Join date: 27 Sep 2005 Posts: 6,860	02-01-2008 17:04 From: Cunundrum Alcott The grief attack I witnessed I was definitely in the form of server (or sim owner) notices where you were forced to hit ok/ignore... They came by the hundreds, they did not interrupt my connection or anything other than provide a huge neusance. There were so many so fast you were forced to relog or live with it. Those are llDialogs. The griefer attack is a pain, but it's not the huge hole that server messages would be.
Lear Cale wordy bugger Join date: 22 Aug 2007 Posts: 3,569	02-03-2008 09:51 From: Atashi Toshihiko What I meant about 'authority' has to do with the fact that IMs are not always just IMs. SL uses the IM 'package' to send everything that isn't chat. The estate messages, system wide messages from the Lindens, group invites, TP offers, inventory offers, all come in the form of an IM. The browser decides what goes in an IM window and what appears in a blue popup based on what is in the IM package. If you use a nonstandard viewer or some other means to form a system message and send it out, will the servers blindly pass it on to the destination? Or will they check that a 'system message' is actually coming from a Linden, and not just any kid with an open source client and some spare time? That's where authority comes into play. It is about authority because it's not just an instant message. -Atashi Right -- assuming the OP is correct, it sounds like the SL client is far too trusting in accepting system messages. It sounds as though the client gets the other client's IP via an IM or something, and then sends a fake system message (and the receiving system doesn't do any kind of authentication). Atashi, do these IMs always go between server and client, or can they go directly from client to client? Above, I assume the latter.
Lear Cale wordy bugger Join date: 22 Aug 2007 Posts: 3,569	02-03-2008 09:53 From: Cunundrum Alcott The grief attack I witnessed I was definitely in the form of server (or sim owner) notices where you were forced to hit ok/ignore... They came by the hundreds, they did not interrupt my connection or anything other than provide a huge neusance. There were so many so fast you were forced to relog or live with it. The good thing about these is you can mute the source. That's not a guaranteed solution, because the griefer could keep spawning new attack objects.
SuezanneC Baskerville Forums Rock! Join date: 22 Dec 2003 Posts: 14,229	02-03-2008 10:01 One thing's for sure, if there's money to be made, or aggravation to be caused, from some kind of faked system messages, and the technique gets spread around, we'll be seeing more of them, such that there won't be any question about what it is. _____________________ - So long to these forums, the vBulletin forums that used to be at forums.secondlife.com. I will miss them. I can be found on the web by searching for "SuezanneC Baskerville", or go to http://www.google.com/profiles/suezanne - http://lindenlab.tribe.net/ created on 11/19/03. Members: Ben, Catherine, Colin, Cory, Dan, Doug, Jim, Philip, Phoenix, Richard, Robin, and Ryan -
Atashi Toshihiko Frequently Befuddled Join date: 7 Dec 2006 Posts: 1,423	02-03-2008 10:03 From: Lear Cale Atashi, do these IMs always go between server and client, or can they go directly from client to client? Above, I assume the latter. As far as I can see, everything goes through the servers. You cannot get another client's IP address through the SL stuff, there is no mechanism for it. So I am presuming that if this works it is because the servers are too permissive of who can send 'system' mesages. Although I have the means to test this, I don't care to risk causing or getting in any trouble. Anyone with a libsl setup could test it though, by structuring an IM the right way then sending it to an alt or whatever. You don't need anyone's IP address though, just their name or UUID for sending the IM to them. (Note, you can get another person's IP address through other means; easiest is to set up an audio stream because that doesn't go through SL. By looking at the IP addresses that are listening to your stream, and when they are added / removed, you can figure out who is who by what avatars are coming and going. This is old news though and has nothing to do with any version of the SL client.) In fact I don't even know if you could do it with their IP address -- the client has established a connection to the SL simulator in question, and is sending and receiving packets through that connection, so trying to send an outside packet from another IP address probably wouldn't even get to them - their browser simply wouldn't be listening for random packets from just anywhere. -Atashi _____________________ Visit Atashi's Art and Oddities Store and the Waikiti Motor Works at beautiful Waikiti.
Lear Cale wordy bugger Join date: 22 Aug 2007 Posts: 3,569	02-03-2008 10:27 Thanks, Atashi. You mentioned a connection: is SL really using TCP rather than UDP for these things now? Or is this more of a loose association? It's reasonable that IMs are addressed using UUID, and servers don't really need to filter them. Given that system messages use the same infrastructure, the servers need to reject these coming from clients, or else to have some form of authentication. Sounds like we need a JIRA entry, if this problem can be confirmed. I believe the OP, but confirmation is important.
Day Oh Registered User Join date: 3 Feb 2007 Posts: 1,257	02-03-2008 11:38 Blue dialogs on the top right include IM's from the system, transaction notifications, inventory offers and script dialogs. Scripts can pop these, but the dialog always shows you the name of the sender. Blue dialogs on the bottom right include alert messages from your sim (online notifications, failed sit, etc) and a certain type of IM's that can originate from agents. I'm pretty sure these dialogs can't have buttons, and they just go away after a moment. It would be nice if the viewer revealed who the message is from. _____________________
Ordinal Malaprop really very ordinary Join date: 9 Sep 2005 Posts: 4,607	02-04-2008 15:04 From: Lear Cale Thanks, Atashi. You mentioned a connection: is SL really using TCP rather than UDP for these things now? Or is this more of a loose association? It's reasonable that IMs are addressed using UUID, and servers don't really need to filter them. Given that system messages use the same infrastructure, the servers need to reject these coming from clients, or else to have some form of authentication. Sounds like we need a JIRA entry, if this problem can be confirmed. I believe the OP, but confirmation is important. Eh, with my experience of SL, I _don't_ believe the OP; it sounds to me like the usual Chinese Whispers, in the same line as the repeated "don't rez this object it will take all your money!!!!" warnings that go around. Nobody has actually experienced this as far as I'm aware. I suspect that it was in fact just llDialog griefing and it has been distorted. _____________________ http://ordinalmalaprop.com/forum/ - visit Ordinal's Scripting Colloquium for scripting discussion with actual working BBCode! http://ordinalmalaprop.com/engine/ - An Engine Fit For My Proceeding, my Aethernet Journal http://www.flickr.com/groups/slgriefbuild/ - Second Life Griefbuild Digest, pictures of horrible ad griefing and land spam, and the naming of names
Day Oh Registered User Join date: 3 Feb 2007 Posts: 1,257	02-04-2008 15:54 Anybody who wants a demonstration can IM me in-world and ask o_o Lol, if this is hard to believe, wait 'til you find out all the other crazy stuff the system lets you do o_o _____________________
Ordinal Malaprop really very ordinary Join date: 9 Sep 2005 Posts: 4,607	02-04-2008 16:06 Fair enough, he has actually sent me a bottom-right blue message I withdraw the above though I think it was still a fair assumption _____________________ http://ordinalmalaprop.com/forum/ - visit Ordinal's Scripting Colloquium for scripting discussion with actual working BBCode! http://ordinalmalaprop.com/engine/ - An Engine Fit For My Proceeding, my Aethernet Journal http://www.flickr.com/groups/slgriefbuild/ - Second Life Griefbuild Digest, pictures of horrible ad griefing and land spam, and the naming of names
Yumi Murakami DoIt!AttachTheEarOfACat! Join date: 27 Sep 2005 Posts: 6,860	02-04-2008 16:30 From: Day Oh Anybody who wants a demonstration can IM me in-world and ask o_o Lol, if this is hard to believe, wait 'til you find out all the other crazy stuff the system lets you do o_o Have you bug reported this?
SuezanneC Baskerville Forums Rock! Join date: 22 Dec 2003 Posts: 14,229	02-04-2008 16:50 From: Ordinal Malaprop Fair enough, he has actually sent me a bottom-right blue message I withdraw the above though I think it was still a fair assumption Does that make some text that shows as blue in your history? If I'm the OP, no reason to disbelieve me. I did read a message in libsecondlife group chat saying what I said it said. From: someone "TheGuy WhoSaidIt: I received a "notice" from someone with a custom client similar to the notice you get when a friend comes online but it contained custom text. It also shows up as blue text in your history." _____________________ - So long to these forums, the vBulletin forums that used to be at forums.secondlife.com. I will miss them. I can be found on the web by searching for "SuezanneC Baskerville", or go to http://www.google.com/profiles/suezanne - http://lindenlab.tribe.net/ created on 11/19/03. Members: Ben, Catherine, Colin, Cory, Dan, Doug, Jim, Philip, Phoenix, Richard, Robin, and Ryan -
Day Oh Registered User Join date: 3 Feb 2007 Posts: 1,257	02-04-2008 16:59 I think it's in use for some things, such as the "you are no longer welcome" message that goes with parcel bans. I'm not sure.. _____________________

Welcome to the Second Life Forums Archive

Fake system text?