L2J Server

delete

delete

Known method used by some bot softwares.

Basically, 116.68.136.61 (wich is auth of Philippines retail servers) —or whatever— is used trough a loopback interface, that's why you see it in pcIp.

That's a very quick and ugly explanation, anyway; google 116.68.136.61 for more infos

Very nice new tool which some of the guys of my server showed me as well and asked if I could blocking logging it with it like I dit with l2net. Heard it can even block backstabs and much more. Annoying. -.-

momo61 wrote:Update:

I asked the botting player, what tool he is using to bot. He said ZRANGER. it's a famous bot tool

I found a short description about that program in google, says:

Ranger uses a unique technology of traffic capturing and analyzing that allows to be absolutely transparent for such shield programs as GameGuard and so on. It provides almost unlimited possibilities. Note: the program DOES NOT use any kind of injections or another un-legit ways to handle GameGuard. The program does not contain any trojans and will not ever use your traffic for improper purposes.

However in this case, it's not just a "traffic capturing" tool, it doesn't capture the link layer packets. This is a local proxy that osiride said ("through a loopback interface"). Too bad, some people share these things on the net thus giving other people the "hacker power" with such simple user friendly programs. If this is what it says, then the "unlimited possibilities" contains the possibility of sending any pcip in EnterWorld packet.

We should find a way, like sending pcip in the packet header using a local proxy for every player and that the server communicates with, but I don't think we can modify the header escpecially in Java. However this can be done in C with raw sockets.

Edit: Found a RockSaw JNI lib for Java that can run raw sockets.
http://www.savarese.com/software/rocksaw/

Anyone with other solutions?

okay. got it. this topic can be closed. they are all bots =p