:D ... Thank you! I love such humor! No offence.
Greetings TheNob 2009/5/4 Saul Rennison <[email protected]> > Sorry-- fixed. > > Sent from my iPhone 8Gb, going through a proxy server with specs you > can only dream of. > > On 4 May 2009, at 11:46, TheNob HLDS <[email protected]> wrote: > > >> > >> Sent from my iPhone > > > > > > And you Saul are smart and modern anyway! > > Please tell me how much GB your iPhone has. > > And the specs of your root server(s). > > > > Oh please tell me. I don't have an own life. I only want to know > > what other > > people are and what they have! > > > > Yours faithfully > > Nobody-cares > > > > > > > > > > 2009/5/4 Saul Rennison <[email protected]> > > > >> We've already posted the packet format, the beep character and how to > >> make it untraceable in another topic on here. > >> > >> You're a bit late-- let's hope Valve fixes it now, eh? :D > >> > >> Sent from my iPhone > >> > >> On 4 May 2009, at 10:30, "Unknown | zD." <[email protected]> wrote: > >> > >>> I have exploit of the attack but I will not make it in public as I > >>> have told to the valve community / steam support. We have recorded > >>> the > >>> attack by using this exploit many times ago (that means I am not the > >>> only one have the exploit but others also have it and it existed > >>> for a > >>> long time already), as its not just working in TF2, but in all valve > >>> game dedicated server including HL1, CS 1.6, HL2DM, TFC, TF2, ZPS > >>> and > >>> L4D (actually all the game engines including GoldSource engine, > >>> Source > >>> engine, Source 2007 engine and Source 2007 U1 engine). Please make > >>> sure that you have done any one of the following workaround to > >>> prevent > >>> the DoS attack. > >>> - Patch you engine.dll by replacing the string (A2C_PRINT from %s : > >>> %s) and then start the server with -console parameter, make sure > >>> that > >>> the A2C_PRINT command / string will not be proceeded / printed out > >>> - Remove / disable the beep sound driver (beep.sys) via > >>> devmgmt.msc / > >>> delete the file manually > >>> - Start your server in GUI mode only (not start with -console > >>> parameter, remove -console parameter from the starting line) > >>> > >>> In addition, if the guy is just sending some normal string to you > >>> without using any special character, then its harmless as that will > >>> not use much resources from the machine. All they need to get the > >>> exploit / DoS method works is by sending some special character to > >>> your server console and let them printing out. So I think the plugin > >>> will definitely stop the attack as it can block the non-printable > >>> characters, make sure that you don't block the normal string / other > >>> normal characters as the master server may try to use it if the > >>> normal > >>> encrypted protocol / normal command does not work. > >>> > >>> btw, I still have no idea why valve still doesn't fix the exploit / > >>> problem that existed for a long time ago and still not remove that > >>> command as its useless. That command was working since HL1 is out. > >>> If > >>> valve really doesn't want to fix the issue, I will give the exploit > >>> out for forcing them to fix their own problem. > >>> > >>> btw, someone was saying that the beep sound driver (beep.sys) is not > >>> related as the beep sound is produced by a client that is the same > >>> room as them .... I can tell you that this is not true as the > >>> exploit > >>> needs to use the beep sound driver (beep.sys) to get works ... a > >>> good > >>> evidence is the exploit doesn't work on any valve game dedicated > >>> server that has built on Windows Vista / Windows Server 2008 as > >>> WS2008 > >>> has removed that driver already / not enabled by default. btw, the > >>> attacker is not required to be in game / in the same room as them as > >>> the command is a connectionless packet (not connective and > >>> encrypted) > >>> so I can tell you that that is not true. The exploit doesn't only > >>> work > >>> in LAN environment but also in internet / WAN environment so "is the > >>> server a backyard dedicated server?" really doesn't matter as it > >>> works > >>> on the most internet servers. In addition, the guy that has answered > >>> me is not a bot lol I have seen his name before on official steam > >>> forum and I know that he is an administrator of that forum. I > >>> couldn't > >>> tell you anymore about that problem as people can even use those > >>> information to start the attack ..... so I will not give out any > >>> more > >>> information until valve have fixed it. > >>> > >>> _______________________________________________ > >>> To unsubscribe, edit your list preferences, or view the list > >>> archives, please visit: > >>> http://list.valvesoftware.com/mailman/listinfo/hlds > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list > >> archives, > >> please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds > >> > >> > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list > > archives, please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
