aboutsummaryrefslogtreecommitdiff
path: root/src/server/authserver/Server/AuthSocket.cpp
diff options
context:
space:
mode:
authorjackpoz <giacomopoz@gmail.com>2013-09-18 21:05:46 +0200
committerjackpoz <giacomopoz@gmail.com>2013-10-05 13:10:06 +0200
commit03657525ad0c76fb1daedc68a91817df87be2676 (patch)
tree0b6136013afc40c429e98995b7037d81d89dddd9 /src/server/authserver/Server/AuthSocket.cpp
parent0177d1c4d4267836c55c0294aa359e131a5680fd (diff)
Core/Auth: Mitigate DoS attacks to authserver
Mitigate DoS attacks to authserver like "Wow Auth Flooder.exe" by allowing a finite number of AUTH_LOGON_CHALLEGE packets in a row from same socket, 3 sounds like a reasonable limit.
Diffstat (limited to 'src/server/authserver/Server/AuthSocket.cpp')
-rw-r--r--src/server/authserver/Server/AuthSocket.cpp13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/server/authserver/Server/AuthSocket.cpp b/src/server/authserver/Server/AuthSocket.cpp
index 1ab9ae6eb62..4a9d3ce7faf 100644
--- a/src/server/authserver/Server/AuthSocket.cpp
+++ b/src/server/authserver/Server/AuthSocket.cpp
@@ -222,12 +222,25 @@ void AuthSocket::OnClose(void)
// Read the packet from the client
void AuthSocket::OnRead()
{
+ #define MAX_AUTH_LOGON_CHALLENGES_IN_A_ROW 3
+ uint32 challengesInARow = 0;
uint8 _cmd;
while (1)
{
if (!socket().recv_soft((char *)&_cmd, 1))
return;
+ if (_cmd == AUTH_LOGON_CHALLENGE)
+ {
+ ++challengesInARow;
+ if (challengesInARow == MAX_AUTH_LOGON_CHALLENGES_IN_A_ROW)
+ {
+ TC_LOG_WARN(LOG_FILTER_AUTHSERVER, "Got %u AUTH_LOGON_CHALLENGE in a row from '%s', possible ongoing DoS", challengesInARow, socket().getRemoteAddress().c_str());
+ socket().shutdown();
+ return;
+ }
+ }
+
size_t i;
// Circle through known commands and call the correct command handler