Watching that YouTube video he said he wrote a plugin for it (that he's now selling), yet another reason why client-side plugins should be blocked.
------------------------------------------------- From: "Kigen" <[email protected]> Sent: Tuesday, April 27, 2010 11:25 AM To: "Half-Life dedicated Win32 server mailing list" <[email protected]> Subject: Re: [hlds] CSS: Long disconnect messages crashing servers? > KAC 1.2.1.0 should block the disconnect exploit without interfering > with normal disconnects so you know why someone left otherwise. All > the other "fixes" just replace the reason all the time with something > else. > > Right now, I'm not really expecting any fix until it because pretty > normal for people to go into unprotected servers and use the exploit > to cause people to disconnect with VAC messages, pausing, and then the > simple disconnect all. > > On Mon, Apr 26, 2010 at 10:06 PM, Kyle Sanderson <[email protected]> > wrote: >> http://forums.alliedmods.net/showthread.php?p=1139769 >> <http://forums.alliedmods.net/showthread.php?p=1139769> >> http://forums.alliedmods.net/showthread.php?p=841590 >> <http://forums.alliedmods.net/showthread.php?p=841590> >> http://forums.alliedmods.net/forumdisplay.php?f=133 >> >> <http://forums.alliedmods.net/forumdisplay.php?f=133>No acknowledgement >> from >> Valve yet, as usual. >> Kyle >> >> On Mon, Apr 26, 2010 at 7:03 PM, AzuiSleet <[email protected]> wrote: >> >>> This particular exploit is a buffer overflow in the event message >>> where the client can specify a disconnect message, and the server will >>> serialize an event containing that message. There is an issue with the >>> function that serializes the game event that causes a buffer overflow >>> in the net message, and so it has to potential to crash other clients >>> or make them receive commands from another player relayed through the >>> server. >>> >>> On Mon, Apr 26, 2010 at 7:57 PM, Matt Lyons <[email protected]> >>> wrote: >>> > Ok after a bit more googling its a hack: >>> > >>> > http://www.youtube.com/watch?v=xsC8GtSWuyU >>> > >>> > If you parse or stream your log files for monitoring you should >>> > probably >>> add a watch/event for these long disconnect messages as they are using a >>> 3rd >>> party program to do so. >>> > >>> > >>> > ML. >>> > >>> > >>> > On 27/04/2010, at 11:16 AM, Matt Lyons wrote: >>> > >>> >> Over the last few days I've had a couple of my servers experience >>> >> weird >>> behaviour, pausing, restarting or outright crashing. >>> >> >>> >> Notes: >>> >> - Servers are using the beta update from a few days ago. >>> >> - Servers are using latest version of SM/Meta Mod running kac and >>> rcon_lock >>> >> - rcon TCP port is blocked and rcon password is secure (32 digits of >>> random letters/numbers) >>> >> - No crash dump >>> >> - Log file cuts out mid stream. >>> >> - Nothing obvious in the log files except for disconnect messages >>> >> like >>> the following: >>> >> >>> >> L 04/26/2010 - 16:30:28: "Player >>> Name]<1260><STEAM_0:X:XXXXXXX><TERRORIST>" disconnected (reason >>> "SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS") >>> >> >>> >> (Player name and steam ID removed to protect the guilty.) >>> >> >>> >> When such a log entry appears there are lots of comments straight >>> >> after >>> of server weirdness. I was just in one of my servers then when it >>> restarted >>> after the above message. >>> >> >>> >> Anyone else seen this? >>> > >>> > -- >>> > Matt Lyons >>> > Content Administrator, games.on.net >>> > Email: [email protected] >>> > Web: http://games.on.net >>> > "In theory, there is no difference between theory and practice; In >>> practice, there is." >>> > >>> > >>> > >>> > _______________________________________________ >>> > To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> > http://list.valvesoftware.com/mailman/listinfo/hlds >>> > >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
