I did few tests using a TF2 Linux server: a) The anti-spam protection from engine works: a client receives back only one response every few seconds. b) The source for "status" command, at least from SourceMod's point of view, is always the server (client's index is always 0).
I connected two clients to a server and one executed a script with 457 status commands. The server and the second client were ok, but the one who executed the script died with "send reliable stream overflow" error. For a script with 456 status commands the client receives back one reply and doesn't die. Probably you have something that disables engine's protection. Try to remove all plugins (metamod, sourcemod etc...) and see if the server is still vulnerable. Then add back the plugins, one by one... -----Original Message----- From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Alvaro Gutierrez Lorenzo Sent: Wednesday, June 13, 2012 2:50 AM To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] Overflow attack to Source servers Sorry for the "double mail", I just though that if the fix for that removed the cooldown time for status, there would be no protection over this command, making possible this attack. Invalid Protocol mentionned this protection on an earlier mail. Is it a silly idea? I've never experienced such cooldown protection, that would explain why. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
