Armed Assault Server Protection Tools

[Nutty_101 0]

I have released the first version of the firewall plugin. I could use some feedback on this as well as the sniffer plugin.

PowerPanel - Host Application (Required)

PowerPanel - Sniffer Plugin

PowerPanel - Firewall

* sniffer i am working fixing it for unicode.

Some quick install help:

Download the main application, extract it to a folder. Do the same for each plugin you wish to use. I would suggest you make a copy of the config files to the main folder for editing or see this topic for more information.

The program is all x64 and x86 ready.

[MEDICUS 0]

Very nice!

Will test this asap!

[Dwarden 1125]

quite shocking that this thread isn't flooded from admins who own public windows servers ...

i guess they prefer kaos over chance to bring some order

[Auss 208]

Quote[/b] ]quite shocking that this thread isn't flooded from admins who own public windows servers ...

i guess they prefer kaos over chance to bring some order

Thats a rather pointless statment mate. what we would like is some instructions as to how it works, and how to correctly implement it etc

[aussie dave 0]

its about time Bohemia Interactive used PB or released a anti-cheat for the game. its over a year old now.

[SeppSchrot 0]

quite shocking that this thread isn't flooded from admins who own public windows servers ...

i guess they prefer kaos over chance to bring some order

*rofl*

Actually, as an server admin I can sleep pretty well even without closed source binaries from some random internet guy running on my servers. (Nothing personal, Nuttty.)

The fact that there is hardly any documentation on what it exactly does (and the license trying to prevent me to find out) doesn't make it any better.

Do as much security by obscurity as you like but never ever try to make the admins feel guilty when they don't care the least about "your super-secret anti cheat hack".

[Dwarden 1125]

nutty is posting here what and how he does it for several months so i suggest you change your tone ...

on his forum there is some insight how it works and i bet you even not tried ask him to be able take look at source code ...

[SeppSchrot 0]

Hello,

I am sorry if the tone sounded offending but in fact I was reading these kind of postings for several months. And they all were of the same tenor "don't discuss the cheats in detail nor how the detection works to prevent the wrong guys from knowing them."

A point of view I certainly disagree with.

But I did not bother to step in until I read your line:

Quote[/b] ]i guess they prefer kaos over chance to bring some order

which I couldn't resist to comment as you seemed to not understand why there are administrators who do not get overexcited about every tool (as promising they might sound) they can download and execute just "as is".

[Nutty_101 0]

That's fine. I understand your view on just running things. I have no issues with that. If you noticed I did not put an installer in there (hate them anyway) and it has no internet connections to tell you a new version is out or let me know who is using it. Hell I don't even log who downloads the application. The idea of this app was to help locate who is doing what in our games. It is not some super anti-cheat system; nor will it ever be. However what it does do is pull apart the traffic and generate logs on who is doing what.

On the documentation point this is a beta release almost alpha. I need input on if it even works or am I just wasting my time. I know people would really like to get some help files out there and I will work on getting that out there at a little later date. The included license is just typical bs and was copied off some other junk that was done a long time ago. I have removed it from the packages as well now that I looked at it again. ROFL. On the topic of the source code; there will be some out there. Not all of it for several reasons but I am going to offer some up. The sniffer will not be public due to the nature of what it does. If anyone wants to figure out how it works take the time and monitor the packets for a while. If you’re creative you might be able to see some of the source anyway.

I have also never been one who has been quiet about the cheats. If you look up all my posts there has been a ton of information released on how they work or how arma works from me. Quite a few flames on me for doing it to I might add. This whole project was done to help people out here. The real stuff I have worked on/am still working on is a plug-in interface to arma. The whole data storage / persist idea that I picked up where the ofpwatch left off. I went a different approach to put in security to prevent the ability to access the program while still allowing admin's/scripters to have the power they needed to build the mission they envisioned. I opened arma to a slew of methods like database integration, email, http, ftp, file, stored memory, ability to use external programs and more.

[Auss 208]

Quote[/b] ]on his forum there is some insight how it works and i bet you even not tried ask him to be able take look at source code

I, like most other Server admins do not want to see source code, I dont understand it and I dont feel as if I should have too. I have my hands full running 4 servers. I have also asked Nutty quite a few times in posts for Instructions, I have created a user account on his forums and looked for info on how to correctly implement and use.

I understand Nutty is a busy man, I fully appreciate the time he spends writing these tools. All I ask is info on using it.

@Dwarden- If your going to make a generalized statement please dont be offended when you receive some flak. As a server admin I do as best I can to stop cheating and I felt your comment was uncalled for.

[Dwarden 1125]

aussie,

source related answer was to what SeppySchrot said about 'closed source' so i don't get why You offended ...

nutty gave some hints and info how to use his work and said multiple times he gunna spend some time on better 'howto' docs...

---

anyway for these who want to experiment You may try snort signature rule like  following ones

(i give no warranty on results atm

Quote[/b] ]

alert udp $EXTERNAL_NET any -> $HOME_NET any (content: "player setdammage 0"; msg: "ARMA un-standard traffic01b!";classtype:misc-activity;rev:1

alert udp $EXTERNAL_NET any -> $HOME_NET any (content: "player setdamage 0"; msg: "ARMA un-standard traffic01a!";classtype:misc-activity;rev:1

alert udp $EXTERNAL_NET any -> $HOME_NET any (content: "damage player== 0"; msg: "ARMA un-standard traffic01!";classtype:misc-activity;rev:1

they may help against certain pack

ofc only if You know how use these rules first...

[Nutty_101 0]

Quote[/b] ]on his forum there is some insight how it works and i bet you even not tried ask him to be able take look at source code

I, like most other Server admins do not want to see source code, I dont understand it and I dont feel as if I should have too. I have my hands full running 4 servers. I have also asked Nutty quite a few times in posts for Instructions, I have created a user account on his forums and looked for info on how to correctly implement and use.

I understand Nutty is a busy man, I fully appreciate the time he spends writing these tools. All I ask is info on using it.

@Dwarden- If your going to make a generalized statement please dont be offended when you receive some flak. As a server admin I do as best I can to stop cheating and I felt your comment was uncalled for.

When i have a few moments i will release two new versions of the firewall and sniffer plugin that contain some docs on setup and use. The sniffer needs to have some new code migrated into it so it will fully link into the firewall plugin. At the moment it does but not 100%.

[Johnnie_Walker 0]

<table border="0" align="center" width="95%" cellpadding="0" cellspacing="0"><tr><td>Code Sample </td></tr><tr><td id="CODE">alert udp $EXTERNAL_NET any -> $HOME_NET any (content: "player setdammage 0"; msg: "ARMA un-standard traffic01!";classtype:misc-activity;rev:1;)

alert udp $EXTERNAL_NET any -> $HOME_NET any (content: "damage player== 0"; msg: "ARMA un-standard traffic01!";classtype:misc-activity;rev:1;)

If this works, it is pretty simple to setup more specific strings to not interact with purely mission scripting commands.

Keep the good work Nutty_101

[whisper 0]

quite shocking that this thread isn't flooded from admins who own public windows servers ...

i guess they prefer kaos over chance to bring some order

Linux server....

[Dwarden 1125]

quite shocking that this thread isn't flooded from admins who own public windows servers ...

i guess they prefer kaos over chance to bring some order

Linux server....

thats why my line contain 'windows'

anyway snort rules you can use in linux too ...'

btw., johnie these snort rules works only for non packed data so it's usage is limited

[Nutty_101 0]

quite shocking that this thread isn't flooded from admins who own public windows servers ...

i guess they prefer kaos over chance to bring some order

Linux server....

Yeah, I know that one. I will work on some linux stuff as well but my linux ability is quite limited. Most the unix stuff i do is mumps and well that's not really something of use to us.

[Auss 208]

Quote[/b] ]aussie,

source related answer was to what SeppySchrot said about 'closed source' so i don't get why You offended ...

Ok understand, I presumed you were reffering to all of us who had posted to change our tone

[Dwarden 1125]

it's fine

anyway i updated my post with one more snort rule to 'cover' both setdamage/setdammage