Re: [hlds] serious cs:s vulnerability

[Bruce \"Bahamut\" Andrews]

better to ban ID's if they're low numbers, if they're high chances are
someone is exploiting the steam vulnerabilities and have unlimited ID's
therefore banning ID is useless :P

- Bruce "Bahamut" Andrews

TooL wrote:

Better to ban ID's instead of IP's IMO

Here are some that made everyone time out on my server:

L 10/15/2004 - 21:56:40: "%n<2288><STEAM_0:1:1287646>" disconnected ("%n
timed out")

L 10/15/2004 - 23:24:15: "Joey Fagnuts<2318><STEAM_0:1:657221><CT>" changed
name to "%n"
L 10/15/2004 - 23:24:18: "%n<2318><STEAM_0:1:657221><CT>" committed suicide
with "world"

L 10/16/2004 - 03:44:18: "%n<2513><STEAM_0:0:570997>" disconnected ("%n
timed out")

L 10/16/2004 - 22:26:49: "%n<636><STEAM_0:0:734331><TERRORIST>" say
"groont.com and votenader.org says this server is going to crash"
L 10/16/2004 - 22:26:55: "%n<636><STEAM_0:0:734331><TERRORIST>" committed
suicide with "world"

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bruce "Bahamut"
Andrews
Sent: Sunday, October 17, 2004 3:25 AM
To: [EMAIL PROTECTED]
Subject: Re: [hlds] serious cs:s vulnerability

might like to ban their ID's as well.  Though it is pretty much impossible
to tell the difference between someone that got a new account for HL2 so
they didn't lose their old cd key and someone who's using the steam exploit,
it's better to keep them off the servers in any way possible.

Since these are malicious attacks against your server, you could try some
legal movements on the people if you have some spare time =)

- Bruce "Bahamut" Andrews

[EMAIL PROTECTED] wrote:

All you can do for now is to go thru your logs, looking for ppl who
have changed their name to %n and ban their IP address accordingly so
they cant come back and do it again. I have noticed some repeat
offenders on my servers, just got thru banning several people on my
servers.

- K2

"thrillhaus" <[EMAIL PROTECTED]> wrote:

So what can be done?? Nothing? Just happened on my server :(

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Gerry
Sent: Saturday, October 16, 2004 9:58 AM
To: [EMAIL PROTECTED]
Subject: RE: [hlds] serious cs:s vulnerability

Peh, I just had this happen to myself.

What idiots >.<

Pretty much...
"%n: Don't kill or kick me or you'll all crash  -myg0t"

Then it crashed.

*sigh*

~

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Saturday, October 16, 2004 9:27 AM
To: [EMAIL PROTECTED]
Subject: Re: [hlds] serious cs:s vulnerability

Yup. One of my admins was watching the console on my server and saw
exactly how it's done. Dave, did ya send the particulars to Valve
already? Hoping this gets resolved soon Valve.

- K2

David Fencik <[EMAIL PROTECTED]> wrote:

Here's another ip address of someone who exploited the format string
vulnerability to disconnect all clients on one of my servers:

138.88.222.21

Dave

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Fencik
Sent: Friday, October 15, 2004 8:29 PM
To: [EMAIL PROTECTED]
Subject: RE: [hlds] serious cs:s vulnerability

Just for grins....here's the ip address of the offending hacker:

68.37.174.181

Dave

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, October 15, 2004 8:07 PM
To: [EMAIL PROTECTED]
Subject: Re: [hlds] serious cs:s vulnerability

Yeah I just had to restart one of my servers as well. It *looks* like
the last exploit (malformed rcon command that would hang the server
and peg the CPU at
100%) however this time cpu usage doesnt skyrocket, and in the console
you can
see all of the players drop via timing out, all at the same time almost.

You seeing the same thing Dave?

- K2
http://www.hardfought.org

David Fencik <[EMAIL PROTECTED]> wrote:

This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Some script kiddie just crashed one of my source servers.  It amazes

me

that there could be such an easily exploitable vulnerability in such

an

obvious place.  Here's a hint to you all:  format-string

vulnerability.

Feel free to email me off list if you'd like the specifics.

Dave
--

_______________________________________________
To unsubscribe, edit your list preferences, or view the list
archives,

please

visit:
http://list.valvesoftware.com/mailman/listinfo/hlds

_______________________________________________
To unsubscribe, edit your list preferences, or view the list
archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds

_______________________________________________
To unsubscribe, edit your list preferences, or view the list
archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds

_______________________________________________
To unsubscribe, edit your list preferences, or view the list
archives,

please

visit:
http://list.valvesoftware.com/mailman/listinfo/hlds

_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit: http://list.valvesoftware.com/mailman/listinfo/hlds

_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit: http://list.valvesoftware.com/mailman/listinfo/hlds

_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,

please

visit:
http://list.valvesoftware.com/mailman/listinfo/hlds

_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit: http://list.valvesoftware.com/mailman/listinfo/hlds

_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit: http://list.valvesoftware.com/mailman/listinfo/hlds

_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds

_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds