Can you guys just stop saying / posting the exploit / command / packet capture in the wild? coz I have reported the issue to valve already and they have replied to me by saying this ........ 3 « MESSAGE BY DWIGHT ON TUE, 28TH APR 2009 3:24 PM » Hello, Thank you very much for bringing this to our attention. Your comments will be passed along accordingly. It is much appreciated.
And make sure that you have done any one of the following thing before its get fixed ....... - Disable the beep sound driver (beep.sys) by delete it or disable it via devmgmt.msc when showing the hidden devices and non-PnP drivers - Start the server in GUI mode only In addition, you are always able to trace the hacker / DoSer by starting the server with -dev parameter. And yes, this command means "Any to Client printing" according to proto_oob.h (http://72.14.235.132/search?rlz=1C1GGLS_zh-TWHK324HK324&sourceid=chrome&ie=UTF-8&q=cache:http://www.inxbus.net/hldoc/d4/df7/proto__oob_8h-source.html) and I guess valve is using this command for maintenance / backup usage when the normal encrypted protocol from the steam server does not work. So just clam down and stop asking about that .... I guess valve will have to fix it soon otherwise I will just make the exploit in public ..... I have asked for them to fix the problem alraedy. In addition, you are able to fix the problem by yourself too if you are able to modify the engine.dll .... search the following string in the engine.dll and patch it by replacing NULL character to the whole string or at least to the last %s. A2C_PRINT from %s : %s And ya, cs.rin.ru will not do any harmful thing on your machine if you don't piss off them ..... all they do is just printing some lulz strings atm .... but if they really want to DoS your server ..... they can replace the string by using some harmful characters ..... so just stop and clam down about that ..... otherwise I guess just more server operators will get in trouble soon as you guys have given out the command / exploit directly. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
