Re: [hlds_linux] Overflow attack to Source servers

[Alvaro Gutierrez Lorenzo]

Admins can use status as usualy even while the attack (in fact it's our 
best weapon against this, as the main way to identify which of the 
players is making it), so I guess that it was fixed. The purpose of the 
attack is just overflowing the server: players inside experience heavy 
lag issues during the spam, and status is fully available to track 
player's info.

El 13/06/2012 1:31, Joe Brown escribió:
This was used (and may still be) in hacks as a way to stop admins from using 
the status command to see your STEAMID in the client console. Spamming it like 
that blocked all clients connected to the server from being able to use the 
status command, preventing or extending the time it takes to ban someone.
Correct me if I'm wrong but I thought the was fixed in an update.
Date: Wed, 13 Jun 2012 01:23:23 +0200
From: rugnor.maj...@gmail.com
To: hlds_linux@list.valvesoftware.com
Subject: Re: [hlds_linux] Overflow attack to Source servers

That's a critical detail I forgot to mention, so  sorry: RCON is port
closed, so every attempt to access RCON gives a "Time Out".

I'm totally sure it's "status", here I paste an excerpt from the SMAC
log, made just by the same plugin you suggest:

Sat Mar 31 14:56:34 2012: Console<0><Console><Console>  executes: status
Sat Mar 31 14:56:34 2012: Console<0><Console><Console>  executes: status
Sat Mar 31 14:56:34 2012: Console<0><Console><Console>  executes: status
Sat Mar 31 14:56:34 2012: Console<0><Console><Console>  executes: status
Sat Mar 31 14:56:34 2012: Console<0><Console><Console>  executes: status
Sat Mar 31 14:56:34 2012: Console<0><Console><Console>  executes: status
Sat Mar 31 14:56:34 2012: Console<0><Console><Console>  executes: status
Sat Mar 31 14:56:34 2012: Console<0><Console><Console>  executes: status
Sat Mar 31 14:56:34 2012: Console<0><Console><Console>  executes: status
...

(Well an this goes on for thousands and thousands of lines, making
pretty ~1GB files each day XD)

I added status as a SMAC blocked command, still no luck. (used
smac_addcmd as stated in the link you provided, but as you say SMAC wont
block commands coming from the server).

The command can be captured and processed prom a plugin, but in every
teast I made I always got client 0 (console) as the triggerer, (of
course testing from the game, through a clean client account, not from
console). I think the server has never blocked me from executing status,
even reproducing the attack (which is just spamming status from a game's
client console).

The server would block it surely if it was marked as client triggered.
At least where I can personally try (TF2 dedicated, Linux), it's always
executed as from console. Some other server owners are working with me
on this, and this works like this on their's too (CSS and CSGO confirmed
to be vulnerable to this attack too).

Something that comes to my mind is if some "lower" addon like Metamod
is actually always deflecting this command through the console; I need
to try again on a clean install to check it.
                                        
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux


_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux