New Server Crashing Exploit

Just posting this to let you all know of a new bukkit server crashing exploit. I just got hit by it.
Basically, your console starts to get flooded with

Code:

[WARNING] class net.minecraft.server.NetServerHandler wasn't prepared to deal with a class net.minecraft.server.Packet1Login

Then, after a couple seconds(with hundreds being sent per second):

Code:

2011-12-01 03:29:58 [SEVERE] java.lang.OutOfMemoryError: unable to create new native thread
2011-12-01 03:29:58 [SEVERE]    at java.lang.Thread.start0(Native Method)
2011-12-01 03:29:58 [SEVERE]    at java.lang.Thread.start(Thread.java:640)
2011-12-01 03:29:58 [SEVERE]    at net.minecraft.server.NetworkManager.d(NetworkManager.java:243)
2011-12-01 03:29:58 [SEVERE]    at net.minecraft.server.NetServerHandler.disconnect(NetServerHandler.java:118)
2011-12-01 03:29:58 [SEVERE]    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:660)
2011-12-01 03:29:58 [SEVERE]    at net.minecraft.server.NetHandler.a(SourceFile:22)
2011-12-01 03:29:58 [SEVERE]    at net.minecraft.server.Packet1Login.a(SourceFile:59)
2011-12-01 03:29:58 [SEVERE]    at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
2011-12-01 03:29:58 [SEVERE]    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:92)
2011-12-01 03:29:58 [SEVERE]    at net.minecraft.server.NetworkListenThread.a(SourceFile:108)
2011-12-01 03:29:58 [SEVERE]    at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:516)
2011-12-01 03:29:58 [SEVERE]    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:414)
2011-12-01 03:29:58 [SEVERE]    at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
2011-12-01 03:29:58 [SEVERE] Unexpected exception
java.lang.OutOfMemoryError: unable to create new native thread
        at java.lang.Thread.start0(Native Method)
        at java.lang.Thread.start(Thread.java:640)
        at net.minecraft.server.NetworkManager.d(NetworkManager.java:243)
        at net.minecraft.server.NetServerHandler.disconnect(NetServerHandler.java:118)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:660)
        at net.minecraft.server.NetHandler.a(SourceFile:22)
        at net.minecraft.server.Packet1Login.a(SourceFile:59)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:92)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:108)
        at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:516)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:414)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)

(The server runs out of memory)

There is no other information about what player/IP sent it. The only way to find who is doing it, is be in the console when it is happening and check all the connections/packets being sent per IP.

 

Almost sounds like you were... DDoS'd? (DDoS = Distributed Denial of Service)

(Which would mean a hacking client is sending you tons of spam packets.)

 

How much memory do you have allocated to your server? + This actually does make a lot of sense on how it would crash your server.

 

it crashes our server too some times. we have 12 gb of ram.

 

I have seen this earlier on this forum.

Edit:
Not on the forum then, but on the issue tracker:
https://bukkit.atlassian.net/browse/BUKKIT-43

It seems to be related?

 

Well, each connection to the server seems to be handled by an individual thread. Make lots of bogus connections and you generate a lot of threads which require memory and some processing power. Repeat until server doesn't accept any more connections

While I don't have any deep insights into the inner workings of the Minecraft server it seems to me that it accepts more connections than it actually has slots. Probably as a courtesy to the users because you need an established TCP connection to send back "Sorry, we're full". A quick fix could be a limit to the number of connection threads, like 10 more than slot count. After that incoming connection attempts get rejected hard.

 

@TheBeast808

This seems to be have been a bug according to https://bukkit.atlassian.net/browse/BUKKIT-43 which I wrote earlier. This should have been resolved now in the newest dev builds.
This was Dinnerbone's comment when applying the fix:
"Don't disconnect a player if they're already disconnected (fixes BUKKIT-43) "

This is on build #1544 which was just created 45 minutes ago

Edit:
This might not even just have been a random bug, but might have been exploited. But it should have been fixed now

 

I think DinnerBone is referring to a different bug within the craftbukkit implementation itself, not minecraft.
I believe this thread states a bug which exists in minecraft. That or they're two different bugs with login, and he just fixed one of them.

 

I'm not sure, and no Dinnerbone is not referring to a bug in craftbukkit but in nms (minecraft server). Both this report and BUKKIT-43 bug starts out with a flood of
"[WARNING] class net.minecraft.server.NetServerHandler wasn't prepared to deal with a class net.minecraft.server.Packet1Login" before ending in a crash.
The bug fixed in 43 created a endless lop of some form, which in the end would result in a OutOfMemory exception I'm sure.
Both are related to "net.minecraft.server.NetServerHandler.disconnect", the fix Dinnerbone made in BUKKIT-43 is in "net.minecraft.server.ServerConfigurationManager" and checking against "net.minecraft.server.NetServerHandler.disconnected".
The fix is

Code:

if (entityplayer.netServerHandler.disconnected) return null; // CraftBukkit - exploitsies fix

so also a bug in nms, so either the two bugs are VERY related, or they are infact the same thing?