These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

Convo request spamming - why isn't this an exploit?

First post
Author
Previous Topic Next Topic
Darth Gustav
Sith Interstellar Tech Harvesting
#101 - 2012-10-05 01:11:53 UTC  |  Edited by: Darth Gustav
ISD Suvetar wrote:
Hi Gustav,

Not intentionally; I don't have many people blocked anyway.

This is why it's best to take it to the GMs though - they can see the server logs and would know explicitly what has happened.

Again, speaking just as a player, here the rules are quite specific, with regards the Terms of use.

In particular point 16:
You may not do anything that interferes with the ability of other EVE Online subscribers to enjoy the game or web site in accordance with its rules. This includes, but is not limited to, making inappropriate use of any public channels within the game and/or intentionally creating excessive latency (lag) by dumping cargo containers, corpses or other items in the game world.

If you suspect blocked people are breaching that ruling, then again the GMs are the people who will know for sure.


My question is clear, your answers continue to be ambiguous. There is a commonly used setting that allows you to block conversation requests from everyone in the client. So if everyone is blocked, how would you ever suspect such an attack?

I'm asking for some precise clue rather than a glittering generality of "if you suspect..."

If there aren't any then, frankly, your posts about this matter lack any real content...

He who trolls trolls best when he who is trolled trolls the troller. -Darth Gustav's Axiom
Mallak Azaria
Caldari Provisions
Caldari State
#102 - 2012-10-05 01:21:20 UTC
Darth Gustav wrote:
So if everyone is blocked, how would you ever suspect such an attack?


Spies are a good way to tell. Seriously, if you have to ask how you would suspect this sort of attack then I don't know what to tell you.

This post was lovingly crafted by a member of the Goonwaffe Posting Cabal, proud member of the popular gay hookup site somethingawful.com, Spelling Bee, Grammar Gestapo & #1 Official Gevlon Goblin Fanclub member.
James Amril-Kesh
Viziam
Amarr Empire
#103 - 2012-10-05 01:22:22 UTC
Scenario:

You're in a fleet of capital ships, which comes upon an enemy fleet. You notice that whenever one of your capitals gets primaried, he disconnects from the game. You hear in TS/Mumble that they were convo spammed. Suddenly this happens to the next person who gets primaried, and the next. Everybody sets their client to auto-reject conversation requests, but the disconnects still happen.

That's one scenario where you could reasonably suspect such an attack.

Enjoying the rain today? ;)
Il Feytid
State War Academy
Caldari State
#104 - 2012-10-05 01:24:51 UTC
Boat is gonna **** blood. lol
Darth Gustav
Sith Interstellar Tech Harvesting
#105 - 2012-10-05 01:25:08 UTC
James Amril-Kesh wrote:
Scenario:

You're in a fleet of capital ships, which comes upon an enemy fleet. You notice that whenever one of your capitals gets primaried, he disconnects from the game. You hear in TS/Mumble that they were convo spammed. Suddenly this happens to the next person who gets primaried, and the next. Everybody sets their client to auto-reject conversation requests, but the disconnects still happen.

That's one scenario where you could reasonably suspect such an attack.

Edge cases. If it's an actionable item for GMs now, every single dc'd capsuleer is going to be peitioning this and I am shocked that everyone in this conversation doesn't intuitively know this.

If there were some clear indicator, then maybe it would make sense to have it be an actionable offense. But since the option is "leave yourself vulnerable" or "prevent yourself from being aware of it" the options are really lose/lose for players.

That means any reasonable scenario will be petitioned, whether it happened or not.

He who trolls trolls best when he who is trolled trolls the troller. -Darth Gustav's Axiom
James Amril-Kesh
Viziam
Amarr Empire
#106 - 2012-10-05 01:27:26 UTC
Marlona Sky wrote:
Boat is gonna **** blood. lol

Okay? I'd rather he stop doing it too, but it's not as if he'd listen to me.

Darth Gustav wrote:
James Amril-Kesh wrote:
Scenario:

You're in a fleet of capital ships, which comes upon an enemy fleet. You notice that whenever one of your capitals gets primaried, he disconnects from the game. You hear in TS/Mumble that they were convo spammed. Suddenly this happens to the next person who gets primaried, and the next. Everybody sets their client to auto-reject conversation requests, but the disconnects still happen.

That's one scenario where you could reasonably suspect such an attack.

Edge cases. If it's an actionable item for GMs now, every single dc'd capsuleer is going to be peitioning this and I am shocked that everyone in this conversation doesn't intuitively know this.

If there were some clear indicator, then maybe it would make sense to have it be an actionable offense. But since the option is "leave yourself vulnerable" or "prevent yourself from being aware of it" the options are really lose/lose for players.

That means any reasonable scenario will be petitioned, whether it happened or not.

At the moment we're not faced with any better alternative, are we?
Unless you're maintaining that DoS attacks are legitimate gameplay.

Enjoying the rain today? ;)
Darth Gustav
Sith Interstellar Tech Harvesting
#107 - 2012-10-05 01:28:47 UTC  |  Edited by: Darth Gustav
James Amril-Kesh wrote:
Marlona Sky wrote:
Boat is gonna **** blood. lol

Okay? I'd rather he stop doing it too, but it's not as if he'd listen to me.

Darth Gustav wrote:
James Amril-Kesh wrote:
Scenario:

You're in a fleet of capital ships, which comes upon an enemy fleet. You notice that whenever one of your capitals gets primaried, he disconnects from the game. You hear in TS/Mumble that they were convo spammed. Suddenly this happens to the next person who gets primaried, and the next. Everybody sets their client to auto-reject conversation requests, but the disconnects still happen.

That's one scenario where you could reasonably suspect such an attack.

Edge cases. If it's an actionable item for GMs now, every single dc'd capsuleer is going to be peitioning this and I am shocked that everyone in this conversation doesn't intuitively know this.

If there were some clear indicator, then maybe it would make sense to have it be an actionable offense. But since the option is "leave yourself vulnerable" or "prevent yourself from being aware of it" the options are really lose/lose for players.

That means any reasonable scenario will be petitioned, whether it happened or not.

At the moment we're not faced with any better alternative, are we?
Unless you're maintaining that DoS attacks are legitimate gameplay.

DoS attacks inolve repetitive pings.

Powering on your bank of routers is not a DDoS, but each router sends out some packets...

[Edit]
Also, let me be absolutely frank here, buoying GMs with dozens of difficult-to-investigate scenarios is probably not what Eve Online needs at this particular time, thank you very much.
[/Edit]

He who trolls trolls best when he who is trolled trolls the troller. -Darth Gustav's Axiom
James Amril-Kesh
Viziam
Amarr Empire
#108 - 2012-10-05 01:32:40 UTC  |  Edited by: James Amril-Kesh
Darth Gustav wrote:
DoS attacks inolve repetitive pings.

No, DoS attacks can take several forms. That's merely one form. They can also be done with single packets. There was a router exploit a while back whereby a specific string of text beginning with "DCC SEND" appearing anywhere in a TCP string on port 6667 (the port commonly used by IRC clients) would cause an input validation error, causing that person's router to crash. That's been patched by firmware now, but it used to cause problems with certain Netgear, D-Link and Linksys routers.

Enjoying the rain today? ;)
Darth Gustav
Sith Interstellar Tech Harvesting
#109 - 2012-10-05 01:34:29 UTC
James Amril-Kesh wrote:
Darth Gustav wrote:
DoS attacks inolve repetitive pings.

No, DoS attacks can take several forms. That's merely one form. They can also be done with single packets. There was a router exploit a while back whereby a specific string of text beginning with "DCC SEND" appearing anywhere in a TCP string on port 6667 (the port commonly used by IRC clients) would cause an input validation error, causing that person's router to crash.

Fair enough, but this type of attack requires multiple attackers and is different than that.

It is most like the type I mentioned. And without a way to detect it, this is a can of worms.

I am not going to keep hammering on this, but this is all not very well-thought out from what I've seen.

He who trolls trolls best when he who is trolled trolls the troller. -Darth Gustav's Axiom
James Amril-Kesh
Viziam
Amarr Empire
#110 - 2012-10-05 01:51:44 UTC
Darth Gustav wrote:
And without a way to detect it, this is a can of worms.

Well you've mentioned the alternatives as being either leaving yourself vulnerable or having no way of knowing.

But if convo bombing worked on someone who was rejecting conversation requests automatically (which it would, since the traffic is still there), you're vulnerable no matter which you do. So there's really no point in auto-rejecting chat requests. So you'll know when you're being convo-bombed, the result is the same either way, except now you have more reason to believe you should petition.

Enjoying the rain today? ;)
Darth Gustav
Sith Interstellar Tech Harvesting
#111 - 2012-10-05 02:15:18 UTC
James Amril-Kesh wrote:
Darth Gustav wrote:
And without a way to detect it, this is a can of worms.

Well you've mentioned the alternatives as being either leaving yourself vulnerable or having no way of knowing.

But if convo bombing worked on someone who was rejecting conversation requests automatically (which it would, since the traffic is still there), you're vulnerable no matter which you do. So there's really no point in auto-rejecting chat requests. So you'll know when you're being convo-bombed, the result is the same either way, except now you have more reason to believe you should petition.

I guess there should be a memo and a devblog. People deserve to know.

He who trolls trolls best when he who is trolled trolls the troller. -Darth Gustav's Axiom
Mallak Azaria
Caldari Provisions
Caldari State
#112 - 2012-10-05 02:46:48 UTC
Darth Gustav wrote:
And without a way to detect it, this is a can of worms.


Given that you're also a part of the CFC, I will assume that you're aware of the existence of spies.

This post was lovingly crafted by a member of the Goonwaffe Posting Cabal, proud member of the popular gay hookup site somethingawful.com, Spelling Bee, Grammar Gestapo & #1 Official Gevlon Goblin Fanclub member.
Darth Gustav
Sith Interstellar Tech Harvesting
#113 - 2012-10-05 02:51:01 UTC
Mallak Azaria wrote:
Darth Gustav wrote:
And without a way to detect it, this is a can of worms.


Given that you're also a part of the CFC, I will assume that you're aware of the existence of spies.

You're probably missing my point. Spies won't be a source the GMs are going to refer to.

Players can either choose to not block by default, which leaves them vulnerable but allows them to know if they were convo bombed, or they can block by default, which saves them from petty annoyances but doesn't do anything to stop the convo bomb. A spy's knowledge is worth nothing to a GM, who will have logs (lots of them, a tedious amount even, perhaps) to go through in order to correctly dispense "justice" for this "misuse of the system" where everybody happens to press a button at the same time.

If the nuisance is disabled, you have no way to know if you DC because of normal lag or convo bomb lag. This means you would be foolish not to petition if there is a resulting loss.

I'm tryng to say we don't need tons of people petitioning this knowing GM's might reimburse them now or hand out bans or something. It's just going to generate a lot of work in an already-strained area of CCP's operation.

He who trolls trolls best when he who is trolled trolls the troller. -Darth Gustav's Axiom
LilRemmy
Aliastra
Gallente Federation
#114 - 2012-10-05 02:55:51 UTC
FA defending exploits? Not surprised.
Darth Gustav
Sith Interstellar Tech Harvesting
#115 - 2012-10-05 02:57:32 UTC
LilRemmy wrote:
FA defending exploits? Not surprised.

Actually if you read the thread you'd see that I think they need to deal with this server-side.

Then it goes away.

But no. You just do the ad-hominem thing.

Nice job.

He who trolls trolls best when he who is trolled trolls the troller. -Darth Gustav's Axiom
LilRemmy
Aliastra
Gallente Federation
#116 - 2012-10-05 03:19:56 UTC
Darth Gustav wrote:
LilRemmy wrote:
FA defending exploits? Not surprised.

Actually if you read the thread you'd see that I think they need to deal with this server-side.

Then it goes away.

But no. You just do the ad-hominem thing.

Nice job.



Like I said, not surprised one bit at all.
Mallak Azaria
Caldari Provisions
Caldari State
#117 - 2012-10-05 03:21:12 UTC
Darth Gustav wrote:

You're probably missing my point. Spies won't be a source the GMs are going to refer to.


A good spy in the right fleet is going to pass on who this is happening to. If that person suddenly drops out, it's not exactly hard to figure out what happened. True that the GM's won't ask the spy, but that wasn't the point in the first place.

This post was lovingly crafted by a member of the Goonwaffe Posting Cabal, proud member of the popular gay hookup site somethingawful.com, Spelling Bee, Grammar Gestapo & #1 Official Gevlon Goblin Fanclub member.
Darth Gustav
Sith Interstellar Tech Harvesting
#118 - 2012-10-05 04:24:47 UTC
LilRemmy wrote:
Darth Gustav wrote:
LilRemmy wrote:
FA defending exploits? Not surprised.

Actually if you read the thread you'd see that I think they need to deal with this server-side.

Then it goes away.

But no. You just do the ad-hominem thing.

Nice job.



Like I said, not surprised one bit at all.

Well I guess nothing can surprise you, then?

He who trolls trolls best when he who is trolled trolls the troller. -Darth Gustav's Axiom
Herzog Wolfhammer
Sigma Special Tactics Group
#119 - 2012-10-05 04:47:15 UTC
It could be proven to see if convo-bombing, even if rejecting is set, still creates traffic on the router.

Just follow the stream in Wireshark and look to see if packets flood in. I bet any corporation with a good plurality can do this.

Bring back DEEEEP Space!
James Amril-Kesh
Viziam
Amarr Empire
#120 - 2012-10-05 14:35:55 UTC
Herzog Wolfhammer wrote:
It could be proven to see if convo-bombing, even if rejecting is set, still creates traffic on the router.

Just follow the stream in Wireshark and look to see if packets flood in. I bet any corporation with a good plurality can do this.


I might try this whenever I have time.

Enjoying the rain today? ;)