Raised This Month: $12 Target: $400
 3% 

Solved Is it possible to ban hackers who spoof their steam IDs?


Post New Thread Reply   
 
Thread Tools Display Modes
Visual77
Veteran Member
Join Date: Jan 2009
Old 03-27-2018 , 10:10   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #11

Yes, I know about the return value and all. But I'm still confused. The person was saying console reported STOP_IGNORING_RETVALS (I'm assuming he was using the status command to verify that person's steamid?)
Visual77 is offline
psychonic

BAFFLED
Join Date: May 2008
Old 03-27-2018 , 14:20   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #12

Quote:
Originally Posted by Visual77 View Post
Yes, I know about the return value and all. But I'm still confused. The person was saying console reported STOP_IGNORING_RETVALS (I'm assuming he was using the status command to verify that person's steamid?)
It will never appear in the result of the status command unless a plugin is overriding the status command.

That string exists solely in SM to tell scripters that they should never see that string itself. The contents of that buffer should never be used if the function returns false, because the user does not have any validated steam id. "RETVALS" in this case, means the return value of the function used to populate the buffer.

It might as well contain garbage, or nothing. The only reason it has the contents it does is that it previously didn't write anything, so if you used decl to create the buffer, you got uninitialized memory, which it was possible to contain the Steam ID of a different user, or just about anything else.
psychonic is offline
stickz
Senior Member
Join Date: Oct 2012
Location: Ontario, Canada
Old 03-30-2018 , 22:00   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #13

Quote:
Originally Posted by Crasher_3637 View Post
Yeah I was worried about that part. Unfortunately, these hackers also seem to bypass the IP bans. SB can't even seem to detect the IP nor Steam ID of the hacker on any of the servers owned by the community I am a part of.
People often trick their ISP into assigning a new IP address, by spoofing the mac address on their router. I can do this three times before the lease period is up. Then use anther steam account.

ISPs only have a limited number of IP address blocks for a given area. If the first three numbers in the IP address string are the same, this should be a red flag right away. If not, the country, city and ISP could potentially match up, when running the information through a GeoIP database like IP Tracker.

The problem is SB doesn't have a module capable of automatically detecting these things, to warn admins.

Last edited by stickz; 03-30-2018 at 22:02.
stickz is offline
DarkDeviL
SourceMod Moderator
Join Date: Apr 2012
Old 03-30-2018 , 22:19   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #14

Quote:
Originally Posted by stickz View Post
People often trick their ISP into assigning a new IP address, by spoofing the mac address on their router. I can do this three times before the lease period is up. Then use anther steam account.

ISPs only have a limited number of IP address blocks for a given area. If the first three numbers in the IP address string are the same, this should be a red flag right away. If not, the country, city and ISP could potentially match up, when running the information through a GeoIP database like IP Tracker.
It may work for some providers, but there are also a lot that it doesn't work for.

Yet there are (well: used to be, at least) providers where you get a new address each 24 hour, you could at least say hi to the German "Deutsche Telekom" here.

What works for one provider is very different from another one... But previously I could take out 10 IP addresses from one of my providers, which they claim to have reduced to 2, which is the latest thing I heard.

Recently I could span over three different ranges, from the exact same physical location:

- A /20 subnet (e.g. 192.168.144.0/20 (192.168.144.0 - 192.168.159.255))
- A /23 subnet (e.g. 10.156.218.0/23 (10.156.218.0 - 10.156.219.255))
- A /24 subnet (e.g. 10.156.253.0/24 (10.156.253.0 - 10.156.253.255))
(NB: Random private RFC19188 ranges provided for the purpose of demonstration)

So your advertised way of comparing the first few octets of an IP address will be very vague, and cannot be recommended for a foolproof solution.


Quote:
Originally Posted by stickz View Post
The problem is SB doesn't have a module capable of automatically doing these things, to warn admins.
And how exactly would you automate doing things, when you are completely unable to find 100% foolproof and accurate information automatically?

There is no foolproof solution to the issue, you can do a lot, but you can also "waste a lot of time" in the journey, with little to no gain at all, and you're also playing around with a huge risk of a lot of "false positives".
__________________
Mostly known as "DarkDeviL".

Dropbox FastDL: Public folder will no longer work after March 15, 2017!
For more info, see the [SRCDS Thread], or the [HLDS Thread].
DarkDeviL is offline
TheXeon
Member
Join Date: May 2016
Old 04-01-2018 , 00:10   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #15

Hey, my plugin was mentioned! I integrated that patchy thing (along with other patchy things) into a central plugin that I'll throw in here (it updates and everything, so cool).

https://github.com/NGSNetwork/sm-plu.../ngs_fixes.smx
https://github.com/NGSNetwork/sm-plu...g/ngs_fixes.sp

arne is a god absolutely correct that, in essence, Sourcebans(++) doesn't properly ban clients who have joined under the offline steam glitch.

A lot of what I'm thinking would involve using the Connect extension to do a quick query on SB's database to check for an existing ban, then return false to prevent connection. The issue is this couldn't possibly be threaded in this way; it would lock up your server while the query runs. You'd have to start a threaded query then kick them later, making them take up a slot for those x number of seconds during the lookup. Worth it? Maybe. This relies on a ban already existing though.

If a ban doesn't exist and we want to make it, we run into another issue of SB++ not having an inbuilt method for banning through SteamID or other combination of identifiers. I'm thinking we'll have to keep track of their SteamID, IP, and maybe Name from the Connect forward through some weird way and assign it to a client ID when the time is right (this is not what Connect is really meant for), and use those saved values when banning.

Side rant, SB++ really needs more natives to ban people using different identifiers.
TheXeon is offline
haZh
Member
Join Date: May 2017
Location: Sri Lanka
Old 04-01-2018 , 01:40   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #16

Quote:
Originally Posted by stickz View Post
People often trick their ISP...
Not all ISPs assign statip IP addresses for their clients. Even my current ISP have a dynamic IP system which gets renewed on each connect/disconnect, now it even changes randomly without even disconnecting. I'm talking about an actual ISP, not even about a VPN. I actually have to pay an extra to get a static IP address assigned for my internet connection if I want to. Most probably ISPs do it because it's easier for them, so when some customer complains I can't connect to this and that, all ISP have to say is "yeah, just reconnect" and all sorted.

Even if an ISP assign static IPs, there are VPNs that could serve plenty of IPs for ban evading. Not even harware MAC address bans would help since it can be also spoofed, seeing these hackers spoofing even Steam IDs, one could question what could be done to really stop them. Yes, you could check an IP address blocks but really, who knows who connected, that might be someone else or maybe just a coincidence. So I think it still comes down to constant administration and keeping up with what's going on in your server.
__________________
haZh is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 23:55.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode