I also saw multiple connections from one IP (different from ports) after a
while I was IP banning the whole lot of them to block them off.
I did a yahoo/google search and only found that a very few other servers
were logging this, one stats page listed one player that came in under that
name but I suspect that was some sort of mixup related to the steamid
logging bug, that guy had a hundred different player names as alias listed.
I've never seen this on my HLDM server, but then there isn't an in-game
spectator for that mod.
Indeed, none of these connections ever actually entered the game as a
player.
I also did a search for any cheats or hacks that might be doing this
intentionally but did not find any mention of it anywhere (it's a weakassed
explot if it is one).
A number of the connections I traced went to Russia and other "extreme"
locations, but many also came from US and Europe, here are some of the logs
and tracerts:
Client CSNv3.72 connected (72.138.128.210:61005).
Client CSNv3.72 connected (212.244.61.14:1724).
Netchannel: failed processing message clc_ClientInfo.
Client CSNv3.72 connected (212.244.61.14:2162).
] tv_clients
ID: 71, "CSNv3.72" (Spec), Time 02:21, IP 212.244.61.14:2162, In 0.00, Out
0.04.
--- Total 2 Clients ---
(212.244.61.14 is from Poland)
here are a few IP locations:
IP Address Country (Short) Country (Full) Flag Region City ISP
--------------------------------------------------------------------------
85.132.38.135 AZ AZERBAIJAN - - PROVIDER LOCAL REGISTRY
84.27.46.63 NL NETHERLANDS - - @HOME DEN BOSCH HEADEND BLOCK
71.247.25.147 US UNITED STATES NEW YORK NEW YORK VERIZON INTERNET SERVICES
210.214.59.1 IN INDIA PUNJAB LUDHIANA SATYAM INFOWAY PVT.LTD
217.123.101.81 NL NETHERLANDS - - ESSENT KABELCOM B.V
84.114.175.129 AT AUSTRIA WIEN VIENNA PROVIDER LOCAL REGISTRY
217.123.101.81 NL NETHERLANDS - - ESSENT KABELCOM B.V
85.180.132.58 DE GERMANY HESSEN FRANKFURT HANSENET-ADSL
137.205.29.172 UK UNITED KINGDOM ENGLAND COVENTRY CAMPUS NETWORK FOR
UNIVERSITY OF WARWICK
85.97.50.14 TR TURKEY - - ADSL-ALC-IZMIR-DYNAMIC POOL
85.101.108.28 TR TURKEY - - TURKTELEKOM
201.249.67.2 VE VENEZUELA DISTRITO FEDERAL CARACAS CANTV SERVICIOS
VENEZUELA
Here are a few of the console messages:
----------------------------------------
Client CSNv3.72 connected (84.27.46.63:3281).
Client CSNv3.72 connected (84.27.46.63:3799).
Client CSNv3.72 connected (71.247.25.147:50366).
Client CSNv3.72 connected (210.214.59.1:2180).
Client CSNv3.72 connected (217.123.101.81:4698).
Client (1)CSNv3.72 connected (217.123.101.81:4842).
Client CSNv3.72 connected (217.123.101.81:4698).
Client (1)CSNv3.72 connected (217.123.101.81:4842).
Client (1)CSNv3.72 connected (217.123.101.81:4973).
Client CSNv3.72 connected (84.114.175.129:35608).
Client (1)CSNv3.72 connected (217.123.101.81:1521).
Client CSNv3.72 connected (84.114.175.129:33120).
Client CSNv3.72 connected (217.123.101.81:1715).
Client (1)CSNv3.72 connected (84.114.175.129:33553).
Client CSNv3.72 connected (84.114.175.129:33814).
Client (1)CSNv3.72 connected (84.114.175.129:34443).
Client (1)CSNv3.72 connected (84.114.175.129:32907).
Client CSNv3.72 connected (84.114.175.129:33529).
Client CSNv3.72 connected (84.114.175.129:34197).
Client CSNv3.72 connected (217.123.101.81:2492).
Client CSNv3.72 connected (85.180.132.58:61658).
Client (1)CSNv3.72 connected (85.180.132.58:62125).
Client CSNv3.72 connected (83.97.236.119:4574).
Client CSNv3.72 connected (137.205.29.172:2614).
Client (1)CSNv3.72 connected (137.205.29.172:3315).
Client CSNv3.72 connected (85.97.50.14:1492).
Client CSNv3.72 connected (85.97.50.14:1934).
Client CSNv3.72 connected (85.101.108.28:2357).
Client (1)CSNv3.72 connected (85.101.108.28:2763).
Client CSNv3.72 connected (201.249.67.2:62795).
Client (1)CSNv3.72 connected (201.249.67.2:62649).
Client CSNv3.72 connected (201.249.67.2:62596).
Client (1)CSNv3.72 connected (201.249.67.2:62520).
Client CSNv3.72 connected (201.249.67.2:61818).
Client (1)CSNv3.72 connected (201.249.67.2:63393).
Client CSNv3.72 connected (201.249.67.2:63282).
Client CSNv3.72 connected (201.249.67.2:63067).
Client (1)CSNv3.72 connected (201.249.67.2:62806).
Client CSNv3.72 connected (84.155.34.57:1731).
Client CSNv3.72 connected (84.114.175.129:35300).
Client (1)CSNv3.72 connected (84.114.175.129:33915).
Client CSNv3.72 connected (84.114.175.129:33452).
Client (1)CSNv3.72 connected (84.114.175.129:33001).
Client CSNv3.72 connected (84.114.175.129:34508).
Client (1)CSNv3.72 connected (84.114.175.129:32829).
----- Original Message -----
From: "[GS]BeNt"
To: <[email protected]>
Sent: Saturday, January 28, 2006 7:13 PM
Subject: Re: [hlds] CSNv4.8?
Well I have the latest updates for my HL1 servers.All of these are CS
servers.This isn't a HLTV or Source TV proxie.So I have no clue what it
is,and its only coming in from 3 different ips.All in different subnets I
believe I would have to recheck it to be sure.I just think it seems weird
that it actually shows up in game if it was a browsing tool.I dunno,I may
have to check out some different website to see if this might be some sort
of hack or something.I have also seen this connect with the same name and
same ip but different port kinda like people being lanned up.And when they
are in the server I can not kick/ban them because they are not getting
steamids.According to the logs they never make it into the servers.I'm
stumped.
[GS]-BeNt-
----- Original Message -----
From: "Kevin Ottalini" To: <[email protected]>
Sent: Saturday, January 28, 2006 8:58 PM
Subject: Re: [hlds] CSNv4.8?
I saw a lot of this before the last update, but haven't seen it at all
since
I updated the server.
I only saw it on the HL2 spectator proxy (my HL1 spec servers are
passworded
so I wouldn't see them there).
One hint is that during the time I saw them happening I never saw the
"bad
challenge" message that comes from out-of-date 3rd part browsers, but now
I
see that message again, so my thinking is this is related.
I had to reduce my spectator slots to 2 though since at one point I had
15
or 20 of these things attaching at the same time and causing lag.
----- Original Message -----
From: "[GS]BeNt"
To: <[email protected]>
Sent: Saturday, January 28, 2006 6:08 PM
Subject: [hlds] CSNv4.8?
I keep having this person? connect to my servers.Their name is "CSNv4.8"
and
they have also used "CSNv3.71".When they connect it gives me their ip
address only.No steamid.They sit in spec for about 10-15 seconds and then
leave.They have hit my biggest servers with this,has anyone else seen this
in their servers?Also they have came in from multiple ip addresses.Could
this be some sort of a spectator hack or something similar?I'm only seeing
one other player across all my server who are even in the same subnet.What
is this?
[GS]-BeNt-
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
