Jump to content
  • 0

Unknown Packets from IP from Los Angeles California


Question

Posted

Hello guys , i have a question im getting my head around i can't fiind answer .. I was leaving acis gameserver console with debug and logger on for almost 2 days now to check whats going on and looks like i get some weird connection but logins server is clean , on game server console i got this , can someone explain me what is this since server is hosted on my server pc home and no one has the ip how can i get packets from an ip what is this aliens contacting me via gs ? o,O

 

[S] SystemMessage
[S] PartySmallWindowDeleteAll
[S] SystemMessage
[S] SocialAction
[C] Logout
[S] LeaveWorld
FourSepulchersManager: end of the round.
CastleManorManager: Manor mode changed to MAINTENANCE
CastleManorManager: Manor mode changed to MODIFIABLE
Backup to SQL Complete
Done the zip of backup.
backup.sql is deleted!
FourSepulchersManager: end of the round.
[C] ProtocolVersion
Client: [IP: 47.251.92.79] - Failed reading: [C] ProtocolVersion ; java.nio.BufferUnderflowException
null
java.nio.BufferUnderflowException
        at java.base/java.nio.Buffer.nextGetIndex(Unknown Source)
        at java.base/java.nio.HeapByteBuffer.getInt(Unknown Source)
        at net.sf.l2j.commons.mmocore.ReceivablePacket.readD(ReceivablePacket.java:45)
        at net.sf.l2j.gameserver.network.clientpackets.ProtocolVersion.readImpl(ProtocolVersion.java:14)
        at net.sf.l2j.gameserver.network.clientpackets.L2GameClientPacket.read(L2GameClientPacket.java:30)
        at net.sf.l2j.commons.mmocore.SelectorThread.parseClientPacket(SelectorThread.java:445)
        at net.sf.l2j.commons.mmocore.SelectorThread.tryReadPacket(SelectorThread.java:382)
        at net.sf.l2j.commons.mmocore.SelectorThread.readPacket(SelectorThread.java:315)
        at net.sf.l2j.commons.mmocore.SelectorThread.run(SelectorThread.java:190)
Client [IP: 47.251.92.79] - Disconnected, too many buffer underflows in non-authed state.
[S] ServerClose
FourSepulchersManager: end of the round.
Olympiad: Olympiad game ended.

 

 

Untitled.png

 

Untitled.png

4 answers to this question

Recommended Posts

  • 0
Posted

ProtocolVersion packet is one of the first exchanges in the client-server handshake, and if the versions don't match, the server cannot correctly interpret the packet, leading to a buffer underflow.


Since you're the only one trying to log in, the error likely means there's a version mismatch between your game client and the server. Even though it's just you on the server, if the client is not exactly aligned with what the server expects, it can still cause the server to misinterpret the data it receives, leading to that BufferUnderflowException error.

  • 0
Posted (edited)

I've been getting similar for as long as I could remember, usually from random IPs. The one I could track in its entirety led me to a cyber-security firm, who was making random requests to test for vulnerabilities, as per their website.

As such, I came to the conclusion that these random packet requests were just automated scanners looking for unsecured connections and/or vulnerabilities they could exploit.
Could it be a malicious request - I'd say totally!
Is there something to worry about - I wouldn't give 2 fks about it since they couldn't get through.

The server closed the connection, and that's what matters. They'll prolly receive an `attempt failed/connection refused` response in their logs.

Edited by Salty Mike
  • 0
Posted
8 hours ago, Katara512 said:

ProtocolVersion packet is one of the first exchanges in the client-server handshake, and if the versions don't match, the server cannot correctly interpret the packet, leading to a buffer underflow.


Since you're the only one trying to log in, the error likely means there's a version mismatch between your game client and the server. Even though it's just you on the server, if the client is not exactly aligned with what the server expects, it can still cause the server to misinterpret the data it receives, leading to that BufferUnderflowException error.

yo thank you for answer but .. as i said i was outside not home and just leave server log open to check how is going when im away , i was suprised fiinding these connections so it was not me trying to connect from other client or something it was not me at all.

 

1 hour ago, Salty Mike said:

I've been getting similar for as long as I could remember, usually from random IPs. The one I could track in its entirety led me to a cyber-security firm, who was making random requests to test for vulnerabilities, as per their website.

As such, I came to the conclusion that these random packet requests were just automated scanners looking for unsecured connections and/or vulnerabilities they could exploit.
Could it be a malicious request - I'd say totally!
Is there something to worry about - I wouldn't give 2 fks about it since they couldn't get through.

The server closed the connection, and that's what matters. They'll prolly receive an `attempt failed/connection refused` response in their logs.

i think you are right sir , chat gpt told me there are actors scanning internet non stop maybe for vulnerable ips or something , this is weird i don't remember this happening in 2014 at all 😄 

  • 0
Posted

This ip can try to check some info by using a PROTOCOL_VERSION packet as PTS like format.

 

On PTS if connected client will send a PROTOCOL_VERSION requiest with -1 or less value - it will wait a response as "server status" or "current online".

 

65534 or -2 - ping

65533 or -3 - sends a server id, max online, current online, private store online.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...