What I mean is, maybe your server is being crashed by the exploit. If the HL server suffers from a bug that it can crash from queries by a very common monitoring program, wouldn't a LOT more HL server ops have this problem? Just a thought...
Jeroen "ShadowLord" Bogers ----- Original Message ----- From: "Terry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 11, 2003 05:49 Subject: RE: [hlds_apps] HLDS Server Query Protocol > I know I *should* upgrade to the new version (and I will be very soon), but > that doesn't answer the question of whether this *is* the problem I'm having > right now. > > I'm not running the client, I'm running HLDS as a dedicated server. > > When I do upgrade, I'll extend this question to the 4.1.1.1d version. How > will that server handle request packets that are not terminated with a zero > byte? > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Jeroen > "ShadowLord" Bogers > Sent: Sunday, August 10, 2003 10:38 PM > To: [EMAIL PROTECTED] > Subject: Re: [hlds_apps] HLDS Server Query Protocol > > > You should be running 4.1.1.1d, since any previous version of the HL server > has a security hole, that enables other people to freeze you HL, crash your > HL, crash your machine or even take control of your machine! > > Also, running 1.x.x.x as server (which means you are using the client as > server) is a bad idea, since it almost always lags behind in server > versions. Install the full dedicated Windows server instead. > > Jeroen "ShadowLord" Bogers > > ----- Original Message ----- > From: "Terry" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, August 11, 2003 00:12 > Subject: [hlds_apps] HLDS Server Query Protocol > > > > The "server protocl.txt" file that ships with the HL SDK says : > > > > "Messages are sent to the server by sending 4 consecutive bytes of 255 > > (32-bit integer -1) and then the string command followed by a zero byte to > > terminate it" > > > > How does HLDS (Windows) handle packets that are sent to it that are NOT > > terminated with a zero byte. The reason I ask, is my server was crashing > > every few minutes. I thought I might be under some kind of attack so I > ran > > a packet sniffer and noticed a number of packets that were being sent by a > > popular game server monitoring program that were not terminated with a > zero > > byte. It looked as if it had a fixed size send buffer which is getting > > stuffed with "ping", "info" etc, and it was sending the entire buffer with > > trailing garbage and all. > > > > Here's a few examples (showing only the relevant data section of the > > packet): > > > > 0x0020 E0 68 1B DA 69 87 00 13-60 42 FF FF FF FF 70 6C > ah.Ui?..`Byyyypl > > 0x0030 61 79 65 72 73 08 3B 96-62 23 EC 78 ayers.;-b#ix > > > > 0x0020 E0 68 1B DA 69 87 00 12-C0 40 FF FF FF FF 73 74 > [EMAIL PROTECTED] > > 0x0030 61 74 75 73 1D 62 65 61-63 6F 6E 40 atus.beacon@ > > > > 0x0020 E0 68 1B DA 69 87 00 15-D2 E6 FF FF FF FF 67 65 > ah.Ui?..Oayyyyge > > 0x0030 74 73 74 61 74 75 73 10-2E 1D 32 E4 tstatus...2a > > > > 0x0020 E0 68 1B DA 69 87 00 12-3F CF 5C 65 63 68 6F 5C > ah.Ui?..?I\echo\ > > 0x0030 48 4C 53 57 56 F3 2C CB-91 F9 08 D2 HLSWVo,E'u.O > > > > Could these packets be crashing my Windows 1.1.1.0 server? > > > > > > > > _______________________________________________ > > hlds_apps mailing list > > [EMAIL PROTECTED] > > http://list.valvesoftware.com/mailman/listinfo/hlds_apps > > > > > _______________________________________________ > hlds_apps mailing list > [EMAIL PROTECTED] > http://list.valvesoftware.com/mailman/listinfo/hlds_apps > > > _______________________________________________ > hlds_apps mailing list > [EMAIL PROTECTED] > http://list.valvesoftware.com/mailman/listinfo/hlds_apps > > _______________________________________________ hlds_apps mailing list [EMAIL PROTECTED] http://list.valvesoftware.com/mailman/listinfo/hlds_apps
