<snip> Now this exploit is a little more public (was posted on PHL? Or am I thinking of another exploit?) it won't be long before the script kiddies appear and begin causing trouble on servers that they get banned from. <snap>
Well, this vulnerability is known for a long time now (... at least I'm aware of it since I wrote my first rcon-thingy). I'm not sure why this discussion lately came up again. In fact you could always cause a DoS this way. It's not only a vulnerability of HLDS but of many gameservers out there. Ifaik, GameSpy someday began to unify the different rcon-protocols, so that server-browsers could more easily support all those games. Have a look at UT, BF942 etc ... the differences are rather minor. In the end, there has never been a "DoS massacre" in the gameservers-world. If we'd silently ignore the latest discussions, the problem will be forgotten. It is up to the community to decide, if something has to be done about this. (Or wait until TF2 ? ;) Jan ----- Original Message ----- From: "Detritus" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, January 25, 2003 2:25 AM Subject: RE: [hlds_apps] preventing DDoS > > > Supposed, UA would provide libs (c, delphi, vb, perl etc) for this new > > protocol the shock for all those 3rd party developers wouldn't be that > big > > if there'd be a change. They wouldn't be forced to learn the new > > protocol-specifications which would obviously be a bit more complex > than > > the original protocol. > > What about a solution like this ? > > Since most popular query programs usually have some form of an rcon > feature in, I'm pretty sure most developers won't have too much trouble > understanding this protocol so giving UA extra work isn't really > required. Also from the look of things, UA do enough for the community > as it is and probably have enough things to sort without writing > examples in 10 different languages. > If anything, just point people to rcon tutorials, the proposed idea here > is pretty much the same but if people are desperate for example code I > would happily write a PHP script for people to learn from if Valve > decides to change anything. :) > > As for my opinion on making a new protocol. My vote is definitely yes! > :) > I would rather spend an hour or 2 updating all my code than have another > thing to add to my worry list. Developers can probably get there > software updated fairly fast if they are confident/experienced in using > that language but there is also the public. If they are not checking for > updates on their preferred software, they may just find that one day it > for some reason it stops working and will confuse a few of the more > simpler minded players. :P > So maybe adding the new protocol and making the old one optional is the > way to go. That way some programs will carry on working for a while and > people who depend on servers being safe can have that option, for > example leagues and of course that popular publics that have their share > of enemies. Then when the next hlds is released by Valve just remove the > old protocol if the new one is working smoothly. > Now this exploit is a little more public (was posted on PHL? Or am I > thinking of another exploit?) it won't be long before the script kiddies > appear and begin causing trouble on servers that they get banned from. > Since the l33t r4g1ng myg0ts have a new toy that they are left anonymous > when using, I'm sure a few public servers will get troubles soon. What > exploit have these lot not tried to use? > > Yay my first post on this list! Hello everyone! :D > > _______________________________________________ > hlds_apps mailing list > [EMAIL PROTECTED] > http://list.valvesoftware.com/mailman/listinfo/hlds_apps > _______________________________________________ hlds_apps mailing list [EMAIL PROTECTED] http://list.valvesoftware.com/mailman/listinfo/hlds_apps
