----- Original Message -----
From: "Christian Celler" <[EMAIL PROTECTED]>
> Steven Hartland wrote:
>> That's not the spec, if its responding it shouldn't as that opens up the
>> server to being the source of a DoDS attack, which is why the challenge
>> was introduced in the first place.
>
> From
> http://developer.valvesoftware.com/wiki/Source_Server_Query_Protocol
>
> "
> Request format
>
> Challenge values are required for A2S_PLAYER and A2S_RULES requests,
> you can use this request to get one.
>
> Note: You can also send A2S_PLAYER and A2S_RULES queries with a
> challenge value of -1 (0xFF FF FF FF) and they will respond with a
> challenge value to use (using the reply format below).
> "
>
> Asking for a serial with the player- or rules-character as mentioned
> in the "Note" works for me - and it is within the spec :)
That's not what Ronny said though. He indicated you could just do a request for
the rules and player packets without a valid challenge by simply using 00 00 00
00.
What your highlighting there seems to just be an alternative way of doing
the challenge. The key word being "also" so the standard method should still
work if it doesn't I'd still consider that bug that needs fixing.
Regards
Steve
================================================
This e.mail is private and confidential between Multiplay (UK) Ltd. and the
person or entity to whom it is addressed. In the event of misdirection, the
recipient is prohibited from using, copying, printing or otherwise
disseminating it or any information contained in it.
In the event of misdirection, illegible or incomplete transmission please
telephone +44 845 868 1337
or return the E.mail to [EMAIL PROTECTED]
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
