[mabaclu]

It also works in HL1, check the orangebox version. It should (if you are being attacked please test it) prevent your server from crashing, because of the way it generates and sends the A2S_INFO packet.
If this works, the next step is to find out why was this botnet created, which may not be easy. My servers aren't in the attackers list, so I can't make tests.

Anyway, if your server is a victim of these attacks, please test the module (ob version).
https://forums.alliedmods.net/showthread.php?t=135543

[YamiKaitou]

Metamod:Source modules CANNOT load on Metamod. If you are going to suggest a module, make sure it is for Metamod and not Metamod:Source

[mabaclu]

You're right, I thought orangebox was something else. But the module is open-source, maybe there's some way to convert it for metamod? It basically limits the creation of the server info to once in every 5 seconds, so that the server doesn't flood.

[Zephyrus]

why cant just ppl accept that this is not an exploit and you cant do anything against it...

[YamiKaitou]

Quote:

Originally Posted by Zephyrus why cant just ppl accept that this is not an exploit and you cant do anything against it...

Because they are dumb and don't want to listen to reason

[mohsen9010]

zip your file xD

[lickshot]

Quote:

Originally Posted by Zephyrus why cant just ppl accept that this is not an exploit and you cant do anything against it...

Oh.. I'll tell you why your assumption about the attack is WRONG. First of all to spoof means not to "hide" your ip with a chosen one - it means to use an IP from networks that are not in use (there are many). Otherwise the routers are just going to deny them. Read about ip spoofing. If you still think you are right, I will give you my IP adress to try send a packet from it .

Quote:

Originally Posted by YamiKaitou Because they are dumb and don't want to listen to reason

You are not helping. If you think that it isn't an exploit you have to state your arguments.

We are working on solving the problem hardly, and today we have noticed something very interesting that for now cannot be shown to the public.

I am really looking forward to hearing more thoughts!

[YamiKaitou]

Not sure why you are attacking Zephyrus with something unrelated to his post...

Unless you can prove they are exploiting something in HLDS, then this just looks like a normal UDP packet spam attack. There is an A2S_INFO exploit out there for Source (might have been fixed for Source 2009, not sure), not entirely sure if the same exploit affects GoldSrc. This exploit has been addressed on this site already, just search for it (again, it might only be for Source)

[mabaclu]

It would be a normal spam attack if it wasn't a botnet, how can you explain the fact that the hacker managed to force a server to send its information to another?

[Zephyrus]

Quote:

Originally Posted by lickshot Oh.. I'll tell you why your assumption about the attack is WRONG. First of all to spoof means not to "hide" your ip with a chosen one - it means to use an IP from networks that are not in use (there are many). Otherwise the routers are just going to deny them. Read about ip spoofing. If you still think you are right, I will give you my IP adress to try send a packet from it . You are not helping. If you think that it isn't an exploit you have to state your arguments. We are working on solving the problem hardly, and today we have noticed something very interesting that for now cannot be shown to the public. I am really looking forward to hearing more thoughts!

http://en.wikipedia.org/wiki/Denial-...Spoofed_attack

have you even looked into this kind of stuff like... ever? UDP packets can spoofed. Go read about it or keep blaming valve for something that could be done with ANY program that uses UDP packets. I dont care