When hlds's logging is enabled, you get a line for each attempted overflow attack:
L 08/16/2003 - 11:13:17: boffix: Possible overflow attack from 192.168.0.144 Simply grep your serverlogs for the string "boffix" and you should be fine. Kind regards, Dominic On Sat, 16 Aug 2003, JGava wrote: > how does this new patch logs the attacks? in some separate file? > > Thanks > > J.Gava > ----- Original Message ----- > From: "Patrick Lane" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, August 15, 2003 10:52 PM > Subject: RE: [hlds_linux] boffix v3 - added ip-logging for suspicious > connect msgs > > > > Here's another mirror: > > > > http://www.operationhavoc.net/files/boffix_v3.tar.gz > > > > --Patrick > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Virtual > > Master > > Sent: Friday, August 15, 2003 5:27 PM > > To: [EMAIL PROTECTED] > > Subject: [hlds_linux] boffix v3 - added ip-logging for suspicious > > connect msgs > > > > Hi, > > > > after I saw some posts on this list asking for a way of logging the ip's > > trying to exploit the buffer-overflow in hlds <= 3.1.1.1c, i added this > > as > > a feature to my patch. > > > > You can grab it at http://mmd.ath.cx/boffix_v3.tar.gz, and like always > > if > > there's someone with webspace and enough time to put the file up, I'd > > appreciate if you host the file (Miklos? ;)) > > > > There's no change besides the added logging, so if you don't want to see > > who's trying to crash your server you can stay with the v2 version. > > > > Please keep in mind that a packet that triggers my patch is not > > necessarily an attempt to crash your server - of course it's very > > likely, > > because a "normal" half-life client won't produce such a connect msg. > > > > This patch is for an _old_ version of hlds, that isn't supported by > > valve > > anymore. You use it at your own risk, and without any warranty. Of > > course > > there shouldn't be any real problems with the patch, and in all my tests > > it worked just as expected, but the software is provided as is, and > > you'll > > have to live with that. > > > > Kind regards, > > > > Dominic (Virtual Master) > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
