Raised This Month: $52 Target: $400
 13% 

HLDS Amplification Attacks


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
DJEarthQuake
Senior Member
Join Date: Jan 2014
Location: Midwest
Old 10-27-2019 , 17:25   HLDS Amplification Attacks
Reply With Quote #1

Document explaining some findings.
http://grehack.org/files/2013/talks/...rs-grehack.pdf

Thoughts?
__________________
"It's not the actual programming that's interesting. But it's what you can accomplish with the end results that are important." -Dennis Ritchie
"Mathematics, rightly viewed, possesses not only truth, but supreme beauty — a beauty cold and austere, like that of sculpture..." -Bertrand Russell
DJEarthQuake is offline
^SmileY
Veteran Member
Join Date: Jan 2010
Location: Brazil [<o>]
Old 11-01-2019 , 14:06   Re: HLDS Amplification Attacks
Reply With Quote #2

2013?
__________________
Projects:

- See my Git Hub: https://github.com/SmileYzn
PHP Code:
set_pcvar_num(pCvar,get_pcvar_num(pCvar) ? 1); 
^SmileY is offline
Send a message via MSN to ^SmileY Send a message via Skype™ to ^SmileY
DJEarthQuake
Senior Member
Join Date: Jan 2014
Location: Midwest
Old 11-03-2019 , 08:36   Re: HLDS Amplification Attacks
Reply With Quote #3

That was when this was written. For those who do have the time to read all that PDF it suggests there is a bug clear back from Quake that was congential and will never go away because the game is 20 years old and Source was already being worked on as a replacement. It does not have this issue. For those cracker types out there I do have a fail2ban regex just waiting as well as an e-mail to the ISP. Cider block blacklisting and blackholing.

Show me the post that Valve/Steam acknowledges and fixed this? Didn't they just fix clients from using sv_cheats although the server has it set to 0 without privileged access?

Fixed sv_cheats being settable by players in a multiplayer game (sv_cheats is now controlled by the server)
__________________
"It's not the actual programming that's interesting. But it's what you can accomplish with the end results that are important." -Dennis Ritchie
"Mathematics, rightly viewed, possesses not only truth, but supreme beauty — a beauty cold and austere, like that of sculpture..." -Bertrand Russell
DJEarthQuake is offline
Solokiller
Senior Member
Join Date: Sep 2015
Old 11-11-2019 , 07:35   Re: HLDS Amplification Attacks
Reply With Quote #4

Report exploits on Valve's HackerOne: https://hackerone.com/valve
Solokiller is offline
DJEarthQuake
Senior Member
Join Date: Jan 2014
Location: Midwest
Old 11-11-2019 , 07:59   Re: HLDS Amplification Attacks
Reply With Quote #5

Steam did not act on this informaton.

Quote:
"Valve didn’t worry too much (hey Valve,
giving feedback doesn’t hurt...)"
Quote:
Spanish cert INTECO handled almost
everything (thanks guys, you rock!)
__________________
"It's not the actual programming that's interesting. But it's what you can accomplish with the end results that are important." -Dennis Ritchie
"Mathematics, rightly viewed, possesses not only truth, but supreme beauty — a beauty cold and austere, like that of sculpture..." -Bertrand Russell
DJEarthQuake is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 08:19.


Powered by vBulletin®
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Theme made by Freecode