Raised This Month: $12 Target: $400
 3% 

[IMPORTANT] A new HLDS engine exploit !!!


Post New Thread Reply   
 
Thread Tools Display Modes
Brian-__-
Member
Join Date: Jan 2010
Old 07-20-2012 , 15:14   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #21

This is UDP Flood DDOS not exploit. (I think)
Brian-__- is offline
Gam3ronE
SourceMod Donor
Join Date: Aug 2010
Old 07-21-2012 , 07:13   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #22

Configure your firewall.
Gam3ronE is offline
lickshot
Junior Member
Join Date: Jul 2012
Old 07-21-2012 , 10:46   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #23

Quote:
Originally Posted by YamiKaitou View Post
Not sure why you are attacking Zephyrus with something unrelated to his post...

Unless you can prove they are exploiting something in HLDS, then this just looks like a normal UDP packet spam attack. There is an A2S_INFO exploit out there for Source (might have been fixed for Source 2009, not sure), not entirely sure if the same exploit affects GoldSrc. This exploit has been addressed on this site already, just search for it (again, it might only be for Source)
It is not unrelated - check his first posts in the topic. I didn't want to be rude, just explained why what he says cannot be done. I have checked the exploit for Source servers, but there the server is flooded with requests for the information. In my case there is a database with tons of servers which is used by script or sth to request and redirect the answer to a chosen predefined destination - my IP adress.

Quote:
Originally Posted by Zephyrus View Post
http://en.wikipedia.org/wiki/Denial-...Spoofed_attack

have you even looked into this kind of stuff like... ever? UDP packets can spoofed. Go read about it or keep blaming valve for something that could be done with ANY program that uses UDP packets. I dont care
I didn't say that IP spoofing is impossible. I will not argue with you anymore. You are free to explain the things for yourself as you want. I was just saying that the internet protocol isn't so vurnarable so that everybody can "use" what ip they want or even to send requests from it..


Quote:
Originally Posted by Gam3ronE View Post
Configure your firewall.
We've tried number of things to prevent this attack. We can drop the packets (by length or string), but we can't "free" our chanels - they are always filled. As I also said the attack reaches 1 gigabyte so I don't think there are many cs servers which are hosted on an internet connection as this. In BG there are some, but they also have difficulty handling the attack.

For all people who didn't want to believe that there is something wrong with the engine I received an answer from Valve in which they said that they find interesting some packets that shouldn't be able to be spoofed. They said that they are looking into these packets and will stop them if they find that they can be spoofed.

We think that this attack can be realised with HLSW with many servers added and redirection rules for the traffic of the program.
lickshot is offline
YamiKaitou
Has a lovely bunch of coconuts
Join Date: Apr 2006
Location: Texas
Old 07-21-2012 , 10:57   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #24

Quote:
Originally Posted by lickshot View Post
I was just saying that the internet protocol isn't so vurnarable so that everybody can "use" what ip they want or even to send requests from it..
UDP is more vulnerable than you may think
__________________
ProjectYami Laboratories

I do not browse the forums regularly anymore. If you need me for anything (asking questions or anything else), then PM me (be descriptive in your PM, message containing only a link to a thread will be ignored).
YamiKaitou is offline
Zephyrus
Cool Pig B)
Join Date: Jun 2010
Location: Hungary
Old 07-21-2012 , 17:43   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #25

Quote:
Originally Posted by lickshot View Post
It is not unrelated - check his first posts in the topic. I didn't want to be rude, just explained why what he says cannot be done. I have checked the exploit for Source servers, but there the server is flooded with requests for the information. In my case there is a database with tons of servers which is used by script or sth to request and redirect the answer to a chosen predefined destination - my IP adress.


I didn't say that IP spoofing is impossible. I will not argue with you anymore. You are free to explain the things for yourself as you want. I was just saying that the internet protocol isn't so vurnarable so that everybody can "use" what ip they want or even to send requests from it..



We've tried number of things to prevent this attack. We can drop the packets (by length or string), but we can't "free" our chanels - they are always filled. As I also said the attack reaches 1 gigabyte so I don't think there are many cs servers which are hosted on an internet connection as this. In BG there are some, but they also have difficulty handling the attack.

For all people who didn't want to believe that there is something wrong with the engine I received an answer from Valve in which they said that they find interesting some packets that shouldn't be able to be spoofed. They said that they are looking into these packets and will stop them if they find that they can be spoofed.

We think that this attack can be realised with HLSW with many servers added and redirection rules for the traffic of the program.
__________________
Taking private C++/PHP/SourcePawn requests, PM me.
Zephyrus is offline
Fr33m@n
Veteran Member
Join Date: May 2008
Location: France Marne
Old 07-21-2012 , 18:39   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #26

So many useless speech about this ddos problem.

Just anwser these questions : So, currently, if someone really want to ddos my server everytime he want, is there a simple way to stop him ? or do i need to wait him to stop ?

We banned some people, a team, because they were sharing illegal information on mumble or teamspeak about players location.

I got my server flooded one time after theses ban, confirmed by my server host.
But i don't what kind of flood it was...

Is the cmd_dlfile exploit still alive on a updated steam server non hlbeta ?

Last edited by Fr33m@n; 07-21-2012 at 18:39.
Fr33m@n is offline
S0m3Th1nG_AwFul
Member
Join Date: Sep 2011
Location: is not known.
Old 07-21-2012 , 20:35   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #27

Quote:
Originally Posted by Fr33m@n View Post
Is the cmd_dlfile exploit still alive on a updated steam server non hlbeta ?
It is fixed since build 5408.
S0m3Th1nG_AwFul is offline
hyphen
Senior Member
Join Date: Aug 2011
Old 07-22-2012 , 08:13   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #28

latest linux engine 5447.

Any known exploits ?
hyphen is offline
lickshot
Junior Member
Join Date: Jul 2012
Old 07-22-2012 , 13:47   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #29

Quote:
Originally Posted by YamiKaitou View Post
UDP is more vulnerable than you may think
Quote:
Originally Posted by Zephyrus View Post
some image..
Hmm.. Zephyrus, you are so funny from others' point of view. You can't imagine how you are making the fun of the ISP's system admins with your 0% knowledge of network security.

Since the topic was redirected to very experienced people with network security here is what they said about your assumptions: "the udp packets can't be just 'spoofed', every ISP has security 'laws' which have to be followed and one of them is handling with the spoofed packets. Cisco routers for example automatically block these kind of packets. It is possible that there are ISPs that don't have this kind of security, but the ip spoofing is forbidden with law in almost every country, so if you catch the ip of the flooder (which is impossible in your case) you can always sue them."

Last edited by lickshot; 07-22-2012 at 17:25.
lickshot is offline
Zephyrus
Cool Pig B)
Join Date: Jun 2010
Location: Hungary
Old 07-22-2012 , 17:14   Re: [IMPORTANT] A new HLDS engine exploit !!!
Reply With Quote #30

Quote:
Originally Posted by lickshot View Post
Hmm.. Zephyrus, you are so funny from others' point of view. You can't image how you are making the fun of the ISP's system admins with your 0% knowledge of network security.

Since the topic was redirected to very experienced people with network security here is what they said about your assumptions: "the udp packets can't be just 'spoofed', every ISP has security 'laws' which have to be followed and one of them is handling with the spoofed packets. Cisco routers for example automatically block these kind of packets. It is possible that there are ISPs that don't have this kind of security, but the ip spoofing is forbidden with law in almost every country, so if you catch the ip of the flooder (which is impossible in your case) you can always sue them."
omg are you freakin serious? DDOS is illegal too, altho there are shitload of botnets, pirating games is illegal too altho 90% of the people on the internet do it, sending out spam email is illegal too, shall i go on? in this whole topic its YOU who doesnt know a single thing about networking, also do you think every single hacker is behind an $500+ CISCO router? if you think that your network admins are so smart why did you even ask here? also you can check this thread out too, its almost the same problem but with srcds

https://forums.alliedmods.net/showthread.php?t=188745

response from Asherkin

Quote:
UDP packet source addresses can be spoofed, which is what you're seeing here.

I'm not going to lock this thread for now, but please do not continue to harass people perceived to be involved. Both the source addresses and steam tickets being used are spoofed/stolen.
response from Valve in the latest CSS update

Quote:
Fixed a problem that allowed spoofed IP addresses to make connections to the game server
So just saying that its illegal by the law is a bad and shitty excuse. And if one wants to find an ISP without spoofed IP regulation he can easily do so. Even your ISP buddies told you its possible. Also, if the machine with the IP that was spoofed is under the same subnet/gateway, ingress and egress filtering (which I assume you know shit about) wont have any use

edit: also

Quote:
the topic was redirected to very experienced people with network security
noone gives a single f about your problems and if someone tries to help you, you dont go rage like a schoolgirl without ANY kind of knowledge about this stuff and tell others they know shit because xy said else
__________________
Taking private C++/PHP/SourcePawn requests, PM me.

Last edited by Zephyrus; 07-22-2012 at 17:32.
Zephyrus is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 08:20.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode