Sorry-- fixed. Sent from my iPhone 8Gb, going through a proxy server with specs you can only dream of.
On 4 May 2009, at 11:46, TheNob HLDS <[email protected]> wrote: >> >> Sent from my iPhone > > > And you Saul are smart and modern anyway! > Please tell me how much GB your iPhone has. > And the specs of your root server(s). > > Oh please tell me. I don't have an own life. I only want to know > what other > people are and what they have! > > Yours faithfully > Nobody-cares > > > > > 2009/5/4 Saul Rennison <[email protected]> > >> We've already posted the packet format, the beep character and how to >> make it untraceable in another topic on here. >> >> You're a bit late-- let's hope Valve fixes it now, eh? :D >> >> Sent from my iPhone >> >> On 4 May 2009, at 10:30, "Unknown | zD." <[email protected]> wrote: >> >>> I have exploit of the attack but I will not make it in public as I >>> have told to the valve community / steam support. We have recorded >>> the >>> attack by using this exploit many times ago (that means I am not the >>> only one have the exploit but others also have it and it existed >>> for a >>> long time already), as its not just working in TF2, but in all valve >>> game dedicated server including HL1, CS 1.6, HL2DM, TFC, TF2, ZPS >>> and >>> L4D (actually all the game engines including GoldSource engine, >>> Source >>> engine, Source 2007 engine and Source 2007 U1 engine). Please make >>> sure that you have done any one of the following workaround to >>> prevent >>> the DoS attack. >>> - Patch you engine.dll by replacing the string (A2C_PRINT from %s : >>> %s) and then start the server with -console parameter, make sure >>> that >>> the A2C_PRINT command / string will not be proceeded / printed out >>> - Remove / disable the beep sound driver (beep.sys) via >>> devmgmt.msc / >>> delete the file manually >>> - Start your server in GUI mode only (not start with -console >>> parameter, remove -console parameter from the starting line) >>> >>> In addition, if the guy is just sending some normal string to you >>> without using any special character, then its harmless as that will >>> not use much resources from the machine. All they need to get the >>> exploit / DoS method works is by sending some special character to >>> your server console and let them printing out. So I think the plugin >>> will definitely stop the attack as it can block the non-printable >>> characters, make sure that you don't block the normal string / other >>> normal characters as the master server may try to use it if the >>> normal >>> encrypted protocol / normal command does not work. >>> >>> btw, I still have no idea why valve still doesn't fix the exploit / >>> problem that existed for a long time ago and still not remove that >>> command as its useless. That command was working since HL1 is out. >>> If >>> valve really doesn't want to fix the issue, I will give the exploit >>> out for forcing them to fix their own problem. >>> >>> btw, someone was saying that the beep sound driver (beep.sys) is not >>> related as the beep sound is produced by a client that is the same >>> room as them .... I can tell you that this is not true as the >>> exploit >>> needs to use the beep sound driver (beep.sys) to get works ... a >>> good >>> evidence is the exploit doesn't work on any valve game dedicated >>> server that has built on Windows Vista / Windows Server 2008 as >>> WS2008 >>> has removed that driver already / not enabled by default. btw, the >>> attacker is not required to be in game / in the same room as them as >>> the command is a connectionless packet (not connective and >>> encrypted) >>> so I can tell you that that is not true. The exploit doesn't only >>> work >>> in LAN environment but also in internet / WAN environment so "is the >>> server a backyard dedicated server?" really doesn't matter as it >>> works >>> on the most internet servers. In addition, the guy that has answered >>> me is not a bot lol I have seen his name before on official steam >>> forum and I know that he is an administrator of that forum. I >>> couldn't >>> tell you anymore about that problem as people can even use those >>> information to start the attack ..... so I will not give out any >>> more >>> information until valve have fixed it. >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list >>> archives, please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list >> archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
