Warning: If you abuse this code or vulnerability, you probably be prohibited by law and DON'T USE THIS CODE WITHOUT VICTIM SERVER'S PERMISSION Disclaimer: In https://github.com/PocketMine/Pocke...pocketmine/network/query/QueryHandler.php#L79, QueryHandler gets Session ID with unpacking 4 int data from packet. (And do something, like establishing handshake or sending statistics.) But, in https://github.com/PocketMine/PocketMine-MP/blob/master/src/pocketmine/utils/Binary.php#L326, there's no error handling in unpack(), so remote clients can cause error like , WITHOUT GENERAL MCPE SERVER CONNECTION. This means not only attackers can make this kind of error messages without connected MCPE client but also server managers cannot ban or kick the attacker. This attack does not depend on Raknet! You could think printing error messages is not a serious problem, but I've found creating massive errors could cause servers not sending any packets to clients, then all clients will be disconnected because clients can't get any pong signal from server. Sorry for my bad English, but this example script may tell you what I said: PS: PocketMine-MP saves all server log to server.log, so this attack could affect the server's disk. Moderator: Removed the codes.