Stop Crash Packets and Protocol Exploits

What Crash Packets Are

Volumetric DDoS is brute force. Crash packets are surgical, a single malformed packet, structured to look like real game traffic, that hits an edge case in the Netty networking stack the server uses. The thread spins, heap fills, the JVM dies.

Endercloud Shield can't stop these, they look like valid client packets to the edge. They get filtered inside the server JVM, by plugins that sit on top of Netty.

Install LPX (or Equivalent AntiCrash)

1. 1Stop the server
2. 2Drop LPX.jar (or your preferred AntiCrash plugin) into /plugins/
3. 3Start the server
4. 4Check the console, LPX prints what it's loaded with

The plugin hooks Netty pipelines and:

• Inspects every inbound packet against known exploit signatures
• Rate-limits packets that look fine individually but spam in aggregate
• Drops malformed payloads before they reach the game logic
• Logs the source IP so you can ban

Keep It Patched

The whole point of crash packets is they exploit zero-days. The fix is fast updates:

• Subscribe to your AntiCrash plugin's release feed
• Update your server JAR. Paper publishes exploit fixes constantly, running an old build is the #1 way to get crashed
• Run a recent Java (17+), old JDKs have CVEs of their own

Detecting An Attack In Progress

Console signs you're being probed:

• Repeated IOException: An existing connection was forcibly closed
• Burst of joins from the same IP with garbled usernames
• Sudden TPS drop to near zero with no in-game cause
• OutOfMemoryError shortly after a connection burst

Ban the IP. Forward console to support.

Need More Help?

Console attacks not stopping after LPX? Open a ticket with the last 200 console lines.