15:57 < converse> Hey
15:57 < heinrich5991> hello :)
15:57 < converse> Have a question to some client-programmer
15:58 < converse> I just joined a server, and somehow he wrote in the chat in MY name(not only happend to me) and my name posted MY ip?
15:58 < converse> it was like: converse: 23.23.23.23:2222
15:58 < converse> That happend to about 10 people, how is that possible?
15:59 < heinrich5991> somebody is exploiting the fact that teeworlds does not authenticate the packets in any way
15:59 < converse> He also did some other weird stuff like connection 30 dummys meanwhile only 2 players allowed per ip, he can kick people with reason "idiots" and stuff
16:00 < converse> Is this possible to re-code? Ive found some stuff online from Shaddix he got that programm too i guess
16:01 < heinrich5991> the ddnet people are trying to mitigate the issue, but that's only possible because they have a custom client
16:02 < converse> Well i know the ingame nick of this guy, maybe if i can post hes ip he will stop. If not im gonna help him to stop. Just asking if someone here has the ability to recode such client/program which records IP addresses
16:02 <@matricks> converse: it's a trick
16:03 <@matricks> converse: he has a server that records all info requests to it
16:03 < deen> converse: and they have a server with ip address spoofing, so they can pretend to be anyone
16:03 <@matricks> converse: that way he gets the ip of all the clients more or less
16:04 <@matricks> converse: then he has a list of perhaps 1000 ips to go though to find yours
16:04 < converse> Nana it wasnt like this, he connected with about ~10 dummys, left with all, and in the chat all players posted at the same time their own ip
16:04 < converse> I mean the spoofed server stuff makes sense to me
16:05 < converse> But how can he pretend to be me, without knowing my ip first? Its like he gets it thru the chat connection or something
16:05 < heinrich5991> he sent a chat message from all IP addresses that just say their IP address
16:05 <@matricks> converse: he knows your ip thats the thing I said
16:05 < heinrich5991> he has a limited subset of IP addresses from running a server
16:05 < deen> as a small workaround, this shouldn't be possible as easily with ddnet client
16:06 < converse> Wow.. thats annoying.. is there no way to block this? I mean its not very nice to get your ip published on a server where all 12yr old kids use stressers..
16:06 <@matricks> converse: well, then you won't be able to get ping times from all the servers
16:06 < converse> With ddnet this is already possible?
16:07 <@matricks> the ip-spoofing attack can be fixed however
16:07 <@matricks> and should be fixed
16:07 < deen> converse: it uses a different random port for pinging servers and connecting to servers
16:07 < deen> converse: so they also have to find out your port, which they don't seem to do so far
16:07 < converse> Who the fuck makes so much just for getting players ip? oO who pays for servers that spoof etc? 
16:07 < deen> converse: the same guys who ddos DDNet with 100 Gbit/s ;)
16:07 < heinrich5991> converse: servers are cheap
16:08 < converse> deen: he had my port^^
16:08 < deen> converse: you used ddnet client?
16:08 < converse> deen: It got posted into the chat like converse: ip.ip.ip.ip:port
16:08 < converse> Yes, but got kicked with it
16:08 < converse> then i switched to 13x37
16:08 < deen> interesting
16:08 < converse> he could kick all players with DDnet i guess
16:08 < converse> not all players got kicked, only about ~10 from 64
16:09 < converse> it was blmapv3_royal if you wonder what server
16:09 < deen> ddnet ger?
16:09 < deen> they're doing this since yesterday there i think
16:09 <@matricks> anyway, this can be fixed and should be fixed
16:09 < converse> Yep i havent seen this around since i play teeworlds.. and ive seen some weird stuff already but this was compeltly unkown to me
16:10 <@matricks> snatching up the IP however is.. well. kinda hard todo something against
16:10 < converse> I guess this is just getting abused like the old Cod4 exploit, im sure they can use all teeworlds servers to send ddos commands
16:11 < converse> but thanks for the help so i know now^^