I have exploit of the attack but I will not make it in public as I have told to the valve community / steam support. We have recorded the attack by using this exploit many times ago (that means I am not the only one have the exploit but others also have it and it existed for a long time already), as its not just working in TF2, but in all valve game dedicated server including HL1, CS 1.6, HL2DM, TFC, TF2, ZPS and L4D (actually all the game engines including GoldSource engine, Source engine, Source 2007 engine and Source 2007 U1 engine). Please make sure that you have done any one of the following workaround to prevent the DoS attack. - Patch you engine.dll by replacing the string (A2C_PRINT from %s : %s) and then start the server with -console parameter, make sure that the A2C_PRINT command / string will not be proceeded / printed out - Remove / disable the beep sound driver (beep.sys) via devmgmt.msc / delete the file manually - Start your server in GUI mode only (not start with -console parameter, remove -console parameter from the starting line)
In addition, if the guy is just sending some normal string to you without using any special character, then its harmless as that will not use much resources from the machine. All they need to get the exploit / DoS method works is by sending some special character to your server console and let them printing out. So I think the plugin will definitely stop the attack as it can block the non-printable characters, make sure that you don't block the normal string / other normal characters as the master server may try to use it if the normal encrypted protocol / normal command does not work. btw, I still have no idea why valve still doesn't fix the exploit / problem that existed for a long time ago and still not remove that command as its useless. That command was working since HL1 is out. If valve really doesn't want to fix the issue, I will give the exploit out for forcing them to fix their own problem. btw, someone was saying that the beep sound driver (beep.sys) is not related as the beep sound is produced by a client that is the same room as them .... I can tell you that this is not true as the exploit needs to use the beep sound driver (beep.sys) to get works ... a good evidence is the exploit doesn't work on any valve game dedicated server that has built on Windows Vista / Windows Server 2008 as WS2008 has removed that driver already / not enabled by default. btw, the attacker is not required to be in game / in the same room as them as the command is a connectionless packet (not connective and encrypted) so I can tell you that that is not true. The exploit doesn't only work in LAN environment but also in internet / WAN environment so "is the server a backyard dedicated server?" really doesn't matter as it works on the most internet servers. In addition, the guy that has answered me is not a bot lol I have seen his name before on official steam forum and I know that he is an administrator of that forum. I couldn't tell you anymore about that problem as people can even use those information to start the attack ..... so I will not give out any more information until valve have fixed it. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
