LF Unknown Packets from IP from Los Angeles California

[LoVe+]

Hello guys , i have a question im getting my head around i can't fiind answer .. I was leaving acis gameserver console with debug and logger on for almost 2 days now to check whats going on and looks like i get some weird connection but logins server is clean , on game server console i got this , can someone explain me what is this since server is hosted on my server pc home and no one has the ip how can i get packets from an ip what is this aliens contacting me via gs ? o,O

 

[S] SystemMessage
[S] PartySmallWindowDeleteAll
[S] SystemMessage
[S] SocialAction
[C] Logout
[S] LeaveWorld
FourSepulchersManager: end of the round.
CastleManorManager: Manor mode changed to MAINTENANCE
CastleManorManager: Manor mode changed to MODIFIABLE
Backup to SQL Complete
Done the zip of backup.
backup.sql is deleted!
FourSepulchersManager: end of the round.
[C] ProtocolVersion
Client: [IP: 47.251.92.79] - Failed reading: [C] ProtocolVersion ; java.nio.BufferUnderflowException
null
java.nio.BufferUnderflowException
        at java.base/java.nio.Buffer.nextGetIndex(Unknown Source)
        at java.base/java.nio.HeapByteBuffer.getInt(Unknown Source)
        at net.sf.l2j.commons.mmocore.ReceivablePacket.readD(ReceivablePacket.java:45)
        at net.sf.l2j.gameserver.network.clientpackets.ProtocolVersion.readImpl(ProtocolVersion.java:14)
        at net.sf.l2j.gameserver.network.clientpackets.L2GameClientPacket.read(L2GameClientPacket.java:30)
        at net.sf.l2j.commons.mmocore.SelectorThread.parseClientPacket(SelectorThread.java:445)
        at net.sf.l2j.commons.mmocore.SelectorThread.tryReadPacket(SelectorThread.java:382)
        at net.sf.l2j.commons.mmocore.SelectorThread.readPacket(SelectorThread.java:315)
        at net.sf.l2j.commons.mmocore.SelectorThread.run(SelectorThread.java:190)
Client [IP: 47.251.92.79] - Disconnected, too many buffer underflows in non-authed state.
[S] ServerClose
FourSepulchersManager: end of the round.
Olympiad: Olympiad game ended.

 

 

 

[Katara512]

ProtocolVersion packet is one of the first exchanges in the client-server handshake, and if the versions don't match, the server cannot correctly interpret the packet, leading to a buffer underflow.

Since you're the only one trying to log in, the error likely means there's a version mismatch between your game client and the server. Even though it's just you on the server, if the client is not exactly aligned with what the server expects, it can still cause the server to misinterpret the data it receives, leading to that BufferUnderflowException error.

[Salty Mike]

I've been getting similar for as long as I could remember, usually from random IPs. The one I could track in its entirety led me to a cyber-security firm, who was making random requests to test for vulnerabilities, as per their website.

As such, I came to the conclusion that these random packet requests were just automated scanners looking for unsecured connections and/or vulnerabilities they could exploit.
Could it be a malicious request - I'd say totally!
Is there something to worry about - I wouldn't give 2 fks about it since they couldn't get through.

The server closed the connection, and that's what matters. They'll prolly receive an `attempt failed/connection refused` response in their logs.

Edited August 22, 2024 by Salty Mike

[LoVe+]

8 hours ago, Katara512 said:

ProtocolVersion packet is one of the first exchanges in the client-server handshake, and if the versions don't match, the server cannot correctly interpret the packet, leading to a buffer underflow.

Since you're the only one trying to log in, the error likely means there's a version mismatch between your game client and the server. Even though it's just you on the server, if the client is not exactly aligned with what the server expects, it can still cause the server to misinterpret the data it receives, leading to that BufferUnderflowException error.

yo thank you for answer but .. as i said i was outside not home and just leave server log open to check how is going when im away , i was suprised fiinding these connections so it was not me trying to connect from other client or something it was not me at all.

 

1 hour ago, Salty Mike said:

I've been getting similar for as long as I could remember, usually from random IPs. The one I could track in its entirety led me to a cyber-security firm, who was making random requests to test for vulnerabilities, as per their website.

As such, I came to the conclusion that these random packet requests were just automated scanners looking for unsecured connections and/or vulnerabilities they could exploit.
Could it be a malicious request - I'd say totally!
Is there something to worry about - I wouldn't give 2 fks about it since they couldn't get through.

The server closed the connection, and that's what matters. They'll prolly receive an `attempt failed/connection refused` response in their logs.

i think you are right sir , chat gpt told me there are actors scanning internet non stop maybe for vulnerable ips or something , this is weird i don't remember this happening in 2014 at all  

[MrIndex]

This ip can try to check some info by using a PROTOCOL_VERSION packet as PTS like format.

 

On PTS if connected client will send a PROTOCOL_VERSION requiest with -1 or less value - it will wait a response as "server status" or "current online".

 

65534 or -2 - ping

65533 or -3 - sends a server id, max online, current online, private store online.

[Meissgenry]

I’d suggest you take a closer look at those unknown packets from the Los Angeles IP. Sometimes, these can be linked to network scans or even someone testing their setup. If you're worried about security or tracking, you could consider blocking the IP or running a quick scan on your system. If it’s a recurring issue, it might even be worth looking into using a booter service to test your network’s strength and security. Just be sure you’re not violating any terms of service!

Edited February 7 by Meissgenry