Hiya,
I just wanted to give you guys heads-up that recently discovered exploit in CSGO might be abused in TF2 aswell at the moment.
The VoiceData one:
https://forums.alliedmods.net/showthread.php?t=280545
My community probably have just been attacked by it
Basically a specific player, their profile here:
https://steamcommunity.com/profiles/76561198368497255/
As soon as he finished joining, voice netchannel was flooded, server choking.
Also there was this message spammed in server's console:
Code:
Netchannel: failed reading message clc_VoiceData from 100.16.124.112:27005.
Netchannel: failed reading message clc_VoiceData from 100.16.124.112:27005.
Netchannel: failed reading message clc_VoiceData from 100.16.124.112:27005.
Netchannel: failed reading message clc_VoiceData from 100.16.124.112:27005.
Netchannel: failed reading message clc_VoiceData from 100.16.124.112:27005.
Netchannel: failed reading message clc_VoiceData from 100.16.124.112:27005.
Netchannel: failed reading message clc_VoiceData from 100.16.124.112:27005.
Netchannel: failed reading message clc_VoiceData from 100.16.124.112:27005.
Netchannel: failed reading message clc_VoiceData from 100.16.124.112:27005.
Netchannel: failed reading message clc_VoiceData from 100.16.124.112:27005.
Netchannel: failed reading message clc_VoiceData from 100.16.124.112:27005.
Netchannel: failed reading message clc_VoiceData from 100.16.124.112:27005.
As soon as staff muted this player the issue was gone. And once they were unmuted the issue was back. sv_voiceenable set to 0 seemed to do the trick aswell.
I plan making lazy fix because I can't be bothered to write sm extension atm:
Simplest but not really optimal solution is setting sv_voiceenable to 0
Second one would be hooking console print and setting sv_voiceenable to 0 for x amount of minutes when " failed reading message clc_VoiceData" spam reaches specific threshold
Third one would be hooking console print and banning player & their ip if their clc_VoiceData spam reaches specific threshold.
Fourth one would either need to be sm extension or metamod plugin but I don't have ambuild setup atm so nah.
As for why I think it's attack rather than engine/client bug. It's first time this kind of stuff happened. Second one of this player's who lagged the server past nicknames was "failed reading message svc_Voice", too much coincidence eh?
I've attached aswell two pics in my post, first showing their profile, second net_graph while server was flooded
Im kinda busy these days so I don't know whether I'il be able to write exploit fix myself, so I wanted to let you guys know just in case
- Cheers