Somebody earlier in the their asked about what "drop" message was being generated. Unfortunately, it doesn't appear to show-up in my logs on the server for some reason.
On Tue, Mar 17, 2015 at 6:39 PM, Bottiger <bottige...@gmail.com> wrote: > This doesn't look like valid tickets being reused to me. > > Client 3160 [I:16:229567929] connected to universe 16, but game server > [G:1:809] is running in universe 1 > S3: Client connected with invalid ticket: UserID: c58 > S3: Client connected with invalid ticket: UserID: c53 > S3: Client connected with invalid ticket: UserID: c53 > S3: Client connected with invalid ticket: UserID: c53 > S3: Client connected with invalid ticket: UserID: c53 > S3: Client connected with invalid ticket: UserID: c53 > S3: Client connected with invalid ticket: UserID: c53 > Client 3155 [I:0:1191841122] connected to universe 0, but game server > [G:1:809] is running in universe 1 > S3: Client connected with invalid ticket: UserID: c53 > Client "Wololo" connected (72.69.41.145:27005). > STEAMAUTH: Client Wololo received failure code 8 > Dropped Wololo from server (Invalid STEAM UserID Ticket > ) > > On Tue, Mar 17, 2015 at 6:30 PM, Ryan Stecker <voidedwea...@gmail.com> > wrote: > >>As you deduced, it is possible to spoof any SteamID you want and play > > for a couple of minutes before the server kicks you. > > > > No, it isn't. Steam authentication tickets are signed by Valve's servers. > > You cannot craft a ticket containing any SteamID you want. > > > > You can, however, subject the server to a replay attack by reusing > another > > user's authentication ticket. This allows users to play on your server > with > > whatever SteamID they borrowed for approximately 1-2 minutes until the > > Steam server rejects them and the game server kicks them. > > > > On the original topic, there's nothing invalid about that SteamID in the > > OPs post: > > > > 08:29:18°pm (@VoiDeD) !sid [U:1:96295245] > > 08:29:45°pm (idler2) VoiDeD: STEAM_0:1:48147622 / [U:1:96295245] (UInt64 > = > > 76561198056560973, IsValid = True, Universe = Public, Instance = desktop > > (1), Type = Individual, AccountID = 96295245) > > 08:29:45°pm (idler2) VoiDeD: †( > > http://steamcommunity.com/profiles/76561198056560973/) (Last Online = > > 3/18/2015 1:11:21 AM, Last Offline = 3/18/2015 1:11:39 AM) > > > > > > On Tue, Mar 17, 2015 at 8:12 PM, Bottiger <bottige...@gmail.com> wrote: > > > >> We experienced this several months ago and reported it to Eric Smith > >> but have not heard anything from him for a long time so we stopped > >> sending him exploits like this. > >> > >> As you deduced, it is possible to spoof any SteamID you want and play > >> for a couple of minutes before the server kicks you. > >> > >> We tried kicking or freezing people that didn't get verified within 30 > >> seconds but unfortunately this also happens frequently to normal > >> players. > >> > >> > >> > >> On Tue, Mar 17, 2015 at 5:59 PM, Weasels Lair <wea...@weaselslair.com> > >> wrote: > >> > Wondering if any other admin's have seen this. > >> > > >> > Today I had a player join with a SteamID that I was unable to ban by > ID. > >> > From SourceMod I kept getting a message about waiting another 30 > seconds > >> > and trying again, because that SteamID was not verified (yet)? > >> > > >> > In the end, I resorted to fire-walling-off his source IP address for > now. > >> > > >> > When I punched his SteamID3 (which was showing as "[U:1:96295245]") > into > >> > SteamIDConverter.com, it kept showing "unknown" for their SteamID64, > >> > "[U:1:0]" for their SteamID3, and blank for their plain SteamID? > >> > > >> > So, I am thinking it is a completely bogus/fake/spoofed SteamID. > >> > > >> > He seemed to be able to play only for a few minutes at a time, before > he > >> > would get dropped from the server for having an invalid SteamID. > >> > Basically, he was in-game long enough to hack (aimbot) and disrupt the > >> game > >> > (repeatedly). He was able to just do that over and over, until I just > >> > blocked his source IP address all-together. > >> > _______________________________________________ > >> > To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > >> > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
