Raised This Month: $71 Target: $400
 17% 

[IMPORTANT] A new HLDS engine exploit !!!


Post New Thread Reply   
 
Thread Tools Display Modes
mabaclu
Senior Member
Join Date: Jun 2010
Location: Portugal
Old 07-20-2012 , 07:48   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #11

It also works in HL1, check the orangebox version. It should (if you are being attacked please test it) prevent your server from crashing, because of the way it generates and sends the A2S_INFO packet.
If this works, the next step is to find out why was this botnet created, which may not be easy. My servers aren't in the attackers list, so I can't make tests.

Anyway, if your server is a victim of these attacks, please test the module (ob version).
https://forums.alliedmods.net/showthread.php?t=135543
__________________

Last edited by mabaclu; 07-20-2012 at 07:48.
mabaclu is offline
YamiKaitou
Has a lovely bunch of coconuts
Join Date: Apr 2006
Location: Texas
Old 07-20-2012 , 07:56   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #12

Metamod:Source modules CANNOT load on Metamod. If you are going to suggest a module, make sure it is for Metamod and not Metamod:Source
__________________
ProjectYami Laboratories

I do not browse the forums regularly anymore. If you need me for anything (intervening in a thread, asking questions or anything else), then PM me (be descriptive in your PM, message containing only a link to a thread will be ignored).
YamiKaitou is offline
mabaclu
Senior Member
Join Date: Jun 2010
Location: Portugal
Old 07-20-2012 , 08:05   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #13

You're right, I thought orangebox was something else. But the module is open-source, maybe there's some way to convert it for metamod? It basically limits the creation of the server info to once in every 5 seconds, so that the server doesn't flood.
__________________
mabaclu is offline
Zephyrus
Cool Pig B)
Join Date: Jun 2010
Location: Hungary
Old 07-20-2012 , 09:57   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #14

why cant just ppl accept that this is not an exploit and you cant do anything against it...
__________________
Taking private C++/PHP/SourcePawn requests, PM me.
Zephyrus is offline
YamiKaitou
Has a lovely bunch of coconuts
Join Date: Apr 2006
Location: Texas
Old 07-20-2012 , 09:58   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #15

Quote:
Originally Posted by Zephyrus View Post
why cant just ppl accept that this is not an exploit and you cant do anything against it...
Because they are dumb and don't want to listen to reason
__________________
ProjectYami Laboratories

I do not browse the forums regularly anymore. If you need me for anything (intervening in a thread, asking questions or anything else), then PM me (be descriptive in your PM, message containing only a link to a thread will be ignored).
YamiKaitou is offline
mohsen9010
Senior Member
Join Date: Jun 2011
Location: Iran
Old 07-20-2012 , 11:01   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #16

zip your file xD
__________________
Iman in Allah
mohsen9010 is offline
Send a message via Yahoo to mohsen9010 Send a message via Skype™ to mohsen9010
lickshot
Junior Member
Join Date: Jul 2012
Old 07-20-2012 , 11:51   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #17

Quote:
Originally Posted by Zephyrus View Post
why cant just ppl accept that this is not an exploit and you cant do anything against it...
Oh.. I'll tell you why your assumption about the attack is WRONG. First of all to spoof means not to "hide" your ip with a chosen one - it means to use an IP from networks that are not in use (there are many). Otherwise the routers are just going to deny them. Read about ip spoofing. If you still think you are right, I will give you my IP adress to try send a packet from it .

Quote:
Originally Posted by YamiKaitou View Post
Because they are dumb and don't want to listen to reason
You are not helping. If you think that it isn't an exploit you have to state your arguments.

We are working on solving the problem hardly, and today we have noticed something very interesting that for now cannot be shown to the public.

I am really looking forward to hearing more thoughts!
lickshot is offline
YamiKaitou
Has a lovely bunch of coconuts
Join Date: Apr 2006
Location: Texas
Old 07-20-2012 , 12:26   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #18

Not sure why you are attacking Zephyrus with something unrelated to his post...

Unless you can prove they are exploiting something in HLDS, then this just looks like a normal UDP packet spam attack. There is an A2S_INFO exploit out there for Source (might have been fixed for Source 2009, not sure), not entirely sure if the same exploit affects GoldSrc. This exploit has been addressed on this site already, just search for it (again, it might only be for Source)
__________________
ProjectYami Laboratories

I do not browse the forums regularly anymore. If you need me for anything (intervening in a thread, asking questions or anything else), then PM me (be descriptive in your PM, message containing only a link to a thread will be ignored).
YamiKaitou is offline
mabaclu
Senior Member
Join Date: Jun 2010
Location: Portugal
Old 07-20-2012 , 12:33   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #19

It would be a normal spam attack if it wasn't a botnet, how can you explain the fact that the hacker managed to force a server to send its information to another?
__________________
mabaclu is offline
Zephyrus
Cool Pig B)
Join Date: Jun 2010
Location: Hungary
Old 07-20-2012 , 12:39   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #20

Quote:
Originally Posted by lickshot View Post
Oh.. I'll tell you why your assumption about the attack is WRONG. First of all to spoof means not to "hide" your ip with a chosen one - it means to use an IP from networks that are not in use (there are many). Otherwise the routers are just going to deny them. Read about ip spoofing. If you still think you are right, I will give you my IP adress to try send a packet from it .


You are not helping. If you think that it isn't an exploit you have to state your arguments.

We are working on solving the problem hardly, and today we have noticed something very interesting that for now cannot be shown to the public.

I am really looking forward to hearing more thoughts!
http://en.wikipedia.org/wiki/Denial-...Spoofed_attack

have you even looked into this kind of stuff like... ever? UDP packets can spoofed. Go read about it or keep blaming valve for something that could be done with ANY program that uses UDP packets. I dont care
__________________
Taking private C++/PHP/SourcePawn requests, PM me.
Zephyrus is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 04:25.


Powered by vBulletin®
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Theme made by Freecode