I have had this same problem, but on Windows SRCDS. Too bad SRCDS for Windows doesn't write to log until the map changes as the only chance for logging this attacks would be remotely vis HLSW, or perhaps HLStats, etc.
----- Original Message ----- From: "hondaman" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, February 03, 2005 02:23 AM Subject: Re: [hlds_linux] (no subject) > Its a known bug amongst us who run the servers, but Alfred wont fix it > until someone can duplicate it. If a person is banned, the server can > be crashed at will by these kids by repeated rejoin attempts. > > Chris Jones wrote: > >>My server segfaults nearly every day (srcds_i486, 2.4.28-gentoo-r5 SMP >>kernel, glibc-2.3.4.20040808-r1). I don't see these connection attempt >>spams though.. >> >>It's becoming really frustrating. The pub is 32 players and pretty >>popular. It really ruins the experience when it crashes 2-3 times a >>night. >> >>I've heard reports of this exploit, but have never seen it happen around >>a join DoS. I have over 400 people in my ban file, too, and I've seen >>some of them try to rejoin immediately, but no server crash happened.. >> >>Anyone else get random crashes with srcds_i486? Or, even better, does >>anyone run this without any problems who could say what kernel and libc >>they are using? >> >> >> >>Original message from jules (aka Buddha-Pest): >> >> >> >>>you guys may want to ban the following steamid: STEAM_0:1:5291510 >>> >>>this guy was on my CS:S server, was banned for TK'ing player (by a >>>script), and proceeded to launch a simple DOS attack which managed to >>>crash the CS:S server. he continued his attack (looked like connect >>>attempts in the log) for several minutes, bringing the server down 3 >>>times until a firewall rule kicked in and blocked his ip at that level. >>> >>>unfortunately the ip came from a comcast address: 24.4.140.131 so it'll >>>prolly change in a few days or, if he's got any ganglia in his brain, >>>perhaps he'll think of rebooting his modem... >>> >>>anyway, I emailed the abuse dept at comcast about the incident and >>>included the logs so hopefully they'll be able to trace who owned the ip >>>at the time and [hopefully] take some sort of action. >>> >>>would be nice if VAC would detect these kinds of attacks and permanently >>>ban the users across the entire network. as it is, y'all just have to >>>take my word for it. >>> >>>here's a tail bit from the logs just before the server crashed the first >>>time (note how strange the log is, he was connecting multiple times >>>somehow): >>> >>>L 02/02/2005 - 18:32:36: "Govna<19510><STEAM_ID_PENDING><>" connected, >>>address "24.4.140.131:27005" >>>L 02/02/2005 - 18:32:37: "Hermy the Steamy >>>Pile<19467><STEAM_0:1:346811><CT>" say "teach me how to use that gun" >>>L 02/02/2005 - 18:32:37: "peter >>>bogdonavich<19473><STEAM_0:1:5244098><TERRORIST>" say "damn" >>>L 02/02/2005 - 18:32:37: "Govna<19510><STEAM_0:1:5291510><>" >>>disconnected (reason "STEAM UserID STEAM_0:1:5291510 is banned") >>>L 02/02/2005 - 18:32:38: "Govna<19511><STEAM_ID_PENDING><>" connected, >>>address "24.4.140.131:27005" >>>L 02/02/2005 - 18:32:39: "Govna<19511><STEAM_0:1:5291510><>" >>>disconnected (reason "STEAM UserID STEAM_0:1:5291510 is banned") >>>L 02/02/2005 - 18:32:40: "Govna<19512><STEAM_ID_PENDING><>" connected, >>>address "24.4.140.131:27005" >>>L 02/02/2005 - 18:32:40: "Govna<19512><STEAM_0:1:5291510><>" >>>disconnected (reason "STEAM UserID STEAM_0:1:5291510 is banned") >>>L 02/02/2005 - 18:32:41: "Govna<19513><STEAM_ID_PENDING><>" connected, >>>address "24.4.140.131:27005" >>>L 02/02/2005 - 18:32:41: "Hermy the Steamy >>>Pile<19467><STEAM_0:1:346811><CT>" say "youre so good" >>>L 02/02/2005 - 18:32:41: World triggered "Round_Start" >>>L 02/02/2005 - 18:32:42: "Govna<19513><STEAM_0:1:5291510><>" >>>disconnected (reason "STEAM UserID STEAM_0:1:5291510 is banned") >>>L 02/02/2005 - 18:32:43: "Govna<19514><STEAM_ID_PENDING><>" connected, >>>address "24.4.140.131:27005" >>>L 02/02/2005 - 18:32:43: "Govna<19514><STEAM_0:1:5291510><>" >>>disconnected (reason "STEAM UserID STEAM_0:1:5291510 is banned") >>>L 02/02/2005 - 18:32:44: "Govna<19515><STEAM_ID_PENDING><>" connected, >>>address "24.4.140.131:27005" >>>L 02/02/2005 - 18:32:45: "Govna<19515><STEAM_0:1:5291510><>" >>>disconnected (reason "STEAM UserID STEAM_0:1:5291510 is banned") >>>L 02/02/2005 - 18:32:45: "Slim the Slimest >>>Slimjim<19477><STEAM_0:1:4424317><TERRORIST>" say_team "i k" >>>L 02/02/2005 - 18:32:46: "Govna<19517><STEAM_ID_PENDING><>" connected, >>>address "24.4.140.131:27005" >>>L 02/02/2005 - 18:32:47: "Govna<19517><STEAM_0:1:5291510><>" >>>disconnected (reason "STEAM UserID STEAM_0:1:5291510 is banned") >>>L 02/02/2 >>> >>> >>>^^^^ this is where the server segfaulted >>> >>>I don't see a core dump anywhere >>> >>>~j >>> >>> >>>_______________________________________________ >>>To unsubscribe, edit your list preferences, or view the list archives, >>>please visit: >>>http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>> >>> >> >>-- >>Chris _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
