Since I believe someone already sent an email to Valve, I'll reveal what this particular exploit is. I'll reference the particular line in my module to help explain it.
http://code.google.com/p/gmodmodules/source/browse/trunk/serverplugin_serversecure2/validation.cpp#38 In the 'k' packet which the client sends to the server, they can specify an auth protocol version (0 invalid, 1 cdkey, 2 authcert, 3 steam ticket). The engine normally only accepts 3 but someone accidentally disabled a certain authentication check in the builds being pushed out. Just setting the authproto version to 2 will give you a steamid of 0. To address the "Serenity" issue, Alfred has been contacted a couple times about the issue, and I have no idea what steps they've taken to rectify ticket stealing (since they can detect it but don't explicitly stop it). On Sun, Aug 15, 2010 at 11:07 AM, Guy Watkins <[email protected]> wrote: > Actually, I think better routing protocols saved the day. The major problem > was that they were assigning /8 blocks to people that needed more than a /16 > block. Routing was not based on a mask. The A, B, C class was determined > by the IP address, not a mask. Better routing protocols allowed variable > size blocks, so a /anything could be assigned. > > } -----Original Message----- > } From: [email protected] [mailto:hlds_linux- > } [email protected]] On Behalf Of Carl > } Sent: Saturday, August 14, 2010 10:04 PM > } To: Half-Life dedicated Linux server mailing list > } Subject: Re: [hlds_linux] STEAM_0:0:1 > } > } You're thinking of NAT. > } > } Sent from my telnet. > } > } > } Guy Watkins wrote: > } > If not for dhcp, we would have run out of IP addresses over 10 years > } ago! > } > > } > } -----Original Message----- > } > } From: [email protected] [mailto:hlds_linux- > } > } [email protected]] On Behalf Of Harry Strongburg > } > } Sent: Saturday, August 14, 2010 1:04 PM > } > } To: Half-Life dedicated Linux server mailing list > } > } Subject: Re: [hlds_linux] STEAM_0:0:1 > } > } > } > } On Sat, Aug 14, 2010 at 07:54:39PM +0300, Bajdechi Nightbox Alexandru > } > } wrote: > } > } > Imo Dynamic IPs should be banned. Who had this terrible idea to > } invent > } > } them > } > } > } > } ISPs who do not want their customers to run static servers. It's also > } > } easier to manage for them (just using DHCP to assign IPs to customers > } is > } > } easier than giving static ones). > } > } > } > } _______________________________________________ > } > } To unsubscribe, edit your list preferences, or view the list archives, > } > } please visit: > } > } http://list.valvesoftware.com/mailman/listinfo/hlds_linux > } > > } > > } > _______________________________________________ > } > To unsubscribe, edit your list preferences, or view the list archives, > } please visit: > } > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > } > > } > } > } _______________________________________________ > } To unsubscribe, edit your list preferences, or view the list archives, > } please visit: > } http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
