We've already posted the packet format, the beep character and how to make it untraceable in another topic on here.
You're a bit late-- let's hope Valve fixes it now, eh? :D Sent from my iPhone On 4 May 2009, at 10:30, "Unknown | zD." <[email protected]> wrote: > I have exploit of the attack but I will not make it in public as I > have told to the valve community / steam support. We have recorded the > attack by using this exploit many times ago (that means I am not the > only one have the exploit but others also have it and it existed for a > long time already), as its not just working in TF2, but in all valve > game dedicated server including HL1, CS 1.6, HL2DM, TFC, TF2, ZPS and > L4D (actually all the game engines including GoldSource engine, Source > engine, Source 2007 engine and Source 2007 U1 engine). Please make > sure that you have done any one of the following workaround to prevent > the DoS attack. > - Patch you engine.dll by replacing the string (A2C_PRINT from %s : > %s) and then start the server with -console parameter, make sure that > the A2C_PRINT command / string will not be proceeded / printed out > - Remove / disable the beep sound driver (beep.sys) via devmgmt.msc / > delete the file manually > - Start your server in GUI mode only (not start with -console > parameter, remove -console parameter from the starting line) > > In addition, if the guy is just sending some normal string to you > without using any special character, then its harmless as that will > not use much resources from the machine. All they need to get the > exploit / DoS method works is by sending some special character to > your server console and let them printing out. So I think the plugin > will definitely stop the attack as it can block the non-printable > characters, make sure that you don't block the normal string / other > normal characters as the master server may try to use it if the normal > encrypted protocol / normal command does not work. > > btw, I still have no idea why valve still doesn't fix the exploit / > problem that existed for a long time ago and still not remove that > command as its useless. That command was working since HL1 is out. If > valve really doesn't want to fix the issue, I will give the exploit > out for forcing them to fix their own problem. > > btw, someone was saying that the beep sound driver (beep.sys) is not > related as the beep sound is produced by a client that is the same > room as them .... I can tell you that this is not true as the exploit > needs to use the beep sound driver (beep.sys) to get works ... a good > evidence is the exploit doesn't work on any valve game dedicated > server that has built on Windows Vista / Windows Server 2008 as WS2008 > has removed that driver already / not enabled by default. btw, the > attacker is not required to be in game / in the same room as them as > the command is a connectionless packet (not connective and encrypted) > so I can tell you that that is not true. The exploit doesn't only work > in LAN environment but also in internet / WAN environment so "is the > server a backyard dedicated server?" really doesn't matter as it works > on the most internet servers. In addition, the guy that has answered > me is not a bot lol I have seen his name before on official steam > forum and I know that he is an administrator of that forum. I couldn't > tell you anymore about that problem as people can even use those > information to start the attack ..... so I will not give out any more > information until valve have fixed it. > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
