Exploit on the wild, lagging only certain players on a gameserver is possible

classic Classic list List threaded Threaded
10 messages Options
ics
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Exploit on the wild, lagging only certain players on a gameserver is possible

ics
Hello

Someone has found a way to lag certain players on a gameserver. Not just
ddos the server but only some players on it, while saving their friends
from most of the attack. While this concerns only Valve server for now,
any community server is propably also vulnerable to this action.

I played today a match, on a Valve server less than 30 mins ago. The
server IP in question was 155.133.242.40:27066 (Valve CS:GO EU North
Server (srcds021.187.52))

In this game, our whole team started lagging. The other team recovered
from it mostly on the next round, allowing them to continuously slay us
to our base. Here is a GOTV demo of the match
steam://rungame/730/76561202255233023/+csgo_download_match%20CSGO-DFeLE-OufVt-jEYE2-atvWf-mYb7L
and if you skip to the beginning of the15th round, you will see it
clearly. You can also watch part of in eyes demo from the same match.
http://server2.pelipurkki.fi/~dustin/crap/kidsddos.dem

The main culprit was also aimbotting, and was appearing as:

#  3 2 "Tapio #DERANK" STEAM_1:0:120573925 22:24 275 94 active 80000

His friends were:

#  8 7 "✪_._Ip3rion_._✪" STEAM_1:1:94940856 22:24 221 49 active 80000
# 10 9 "✪ Konto • G #Τσαβ" STEAM_1:1:95047037 22:24 260 49 active 80000
# 12 11 "tonton" STEAM_1:0:167309801 22:24 190 86 active 80000

That being said, I don't think it was this guy who figured it out, he's
not smart enough for it. But someone has and i'm not sure how they
managed to dig information of players but this surely will become an
issue if something is not made for the matter. This may be part of some
cheat software by default. I don't really know.

-ics

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Exploit on the wild, lagging only certain players on a gameserver is possible

hasser css
I got this while playing MM on EU North as well, twice today. Are you sure they are using an exploit? It seems to have been some kind of DDoS today, because I got the same thing too. Maybe their friends weren't affected by it due to different routing or something?

There is still this exploit however: https://www.youtube.com/watch?v=4Sa-wFRe64c
But you would have been kicked with "no Steam-login", not just lagging a lot. (Please fix this Valve ^)

On Wed, Apr 6, 2016 at 9:06 PM, ics <[hidden email]> wrote:
Hello

Someone has found a way to lag certain players on a gameserver. Not just ddos the server but only some players on it, while saving their friends from most of the attack. While this concerns only Valve server for now, any community server is propably also vulnerable to this action.

I played today a match, on a Valve server less than 30 mins ago. The server IP in question was 155.133.242.40:27066 (Valve CS:GO EU North Server (srcds021.187.52))

In this game, our whole team started lagging. The other team recovered from it mostly on the next round, allowing them to continuously slay us to our base. Here is a GOTV demo of the match
steam://rungame/730/76561202255233023/+csgo_download_match%20CSGO-DFeLE-OufVt-jEYE2-atvWf-mYb7L and if you skip to the beginning of the15th round, you will see it clearly. You can also watch part of in eyes demo from the same match. http://server2.pelipurkki.fi/~dustin/crap/kidsddos.dem

The main culprit was also aimbotting, and was appearing as:

#  3 2 "Tapio #DERANK" STEAM_1:0:<a href="tel:120573925%2022" value="+12057392522" target="_blank">120573925 22:24 275 94 active 80000

His friends were:

#  8 7 "✪_._Ip3rion_._✪" STEAM_1:1:<a href="tel:94940856%2022" value="+19494085622" target="_blank">94940856 22:24 221 49 active 80000
# 10 9 "✪ Konto • G #Τσαβ" STEAM_1:1:95047037 22:24 260 49 active 80000
# 12 11 "tonton" STEAM_1:0:167309801 22:24 190 86 active 80000

That being said, I don't think it was this guy who figured it out, he's not smart enough for it. But someone has and i'm not sure how they managed to dig information of players but this surely will become an issue if something is not made for the matter. This may be part of some cheat software by default. I don't really know.

-ics

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
ics
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Exploit on the wild, lagging only certain players on a gameserver is possible

ics
At start, his friends were lagging also, everybody's ping got up. Then
after few rounds they were able to walk and run normally. The reddit
post i made has also brought  up 3 more cases by now of this happening.

-ics

Hasser Css kirjoitti:

> I got this while playing MM on EU North as well, twice today. Are you
> sure they are using an exploit? It seems to have been some kind of
> DDoS today, because I got the same thing too. Maybe their friends
> weren't affected by it due to different routing or something?
>
> There is still this exploit however:
> https://www.youtube.com/watch?v=4Sa-wFRe64c
> But you would have been kicked with "no Steam-login", not just lagging
> a lot. (Please fix this Valve ^)
>
> On Wed, Apr 6, 2016 at 9:06 PM, ics <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Hello
>
>     Someone has found a way to lag certain players on a gameserver.
>     Not just ddos the server but only some players on it, while saving
>     their friends from most of the attack. While this concerns only
>     Valve server for now, any community server is propably also
>     vulnerable to this action.
>
>     I played today a match, on a Valve server less than 30 mins ago.
>     The server IP in question was 155.133.242.40:27066
>     <http://155.133.242.40:27066> (Valve CS:GO EU North Server
>     (srcds021.187.52))
>
>     In this game, our whole team started lagging. The other team
>     recovered from it mostly on the next round, allowing them to
>     continuously slay us to our base. Here is a GOTV demo of the match
>     steam://rungame/730/76561202255233023/+csgo_download_match%20CSGO-DFeLE-OufVt-jEYE2-atvWf-mYb7L
>     and if you skip to the beginning of the15th round, you will see it
>     clearly. You can also watch part of in eyes demo from the same
>     match. http://server2.pelipurkki.fi/~dustin/crap/kidsddos.dem
>     <http://server2.pelipurkki.fi/%7Edustin/crap/kidsddos.dem>
>
>     The main culprit was also aimbotting, and was appearing as:
>
>     #  3 2 "Tapio #DERANK" STEAM_1:0:120573925 22
>     <tel:120573925%2022>:24 275 94 active 80000
>
>     His friends were:
>
>     #  8 7 "✪_._Ip3rion_._✪" STEAM_1:1:94940856 22
>     <tel:94940856%2022>:24 221 49 active 80000
>     # 10 9 "✪ Konto • G #Τσαβ" STEAM_1:1:95047037 22:24 260 49 active
>     80000
>     # 12 11 "tonton" STEAM_1:0:167309801 22:24 190 86 active 80000
>
>     That being said, I don't think it was this guy who figured it out,
>     he's not smart enough for it. But someone has and i'm not sure how
>     they managed to dig information of players but this surely will
>     become an issue if something is not made for the matter. This may
>     be part of some cheat software by default. I don't really know.
>
>     -ics
>
>     _______________________________________________
>     Csgo_servers mailing list
>     [hidden email]
>     <mailto:[hidden email]>
>     https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Exploit on the wild, lagging only certain players on a gameserver is possible

Absurd Minds
In reply to this post by hasser css

I wonder if it's an exploit, too. I've had this happen to me and been the one person who could move, and I certainly wasn't ddosing them.

On Apr 6, 2016 4:02 PM, "Hasser Css" <[hidden email]> wrote:
I got this while playing MM on EU North as well, twice today. Are you sure they are using an exploit? It seems to have been some kind of DDoS today, because I got the same thing too. Maybe their friends weren't affected by it due to different routing or something?

There is still this exploit however: https://www.youtube.com/watch?v=4Sa-wFRe64c
But you would have been kicked with "no Steam-login", not just lagging a lot. (Please fix this Valve ^)

On Wed, Apr 6, 2016 at 9:06 PM, ics <[hidden email]> wrote:
Hello

Someone has found a way to lag certain players on a gameserver. Not just ddos the server but only some players on it, while saving their friends from most of the attack. While this concerns only Valve server for now, any community server is propably also vulnerable to this action.

I played today a match, on a Valve server less than 30 mins ago. The server IP in question was 155.133.242.40:27066 (Valve CS:GO EU North Server (srcds021.187.52))

In this game, our whole team started lagging. The other team recovered from it mostly on the next round, allowing them to continuously slay us to our base. Here is a GOTV demo of the match
steam://rungame/730/76561202255233023/+csgo_download_match%20CSGO-DFeLE-OufVt-jEYE2-atvWf-mYb7L and if you skip to the beginning of the15th round, you will see it clearly. You can also watch part of in eyes demo from the same match. http://server2.pelipurkki.fi/~dustin/crap/kidsddos.dem

The main culprit was also aimbotting, and was appearing as:

#  3 2 "Tapio #DERANK" STEAM_1:0:<a href="tel:120573925%2022" value="+12057392522" target="_blank">120573925 22:24 275 94 active 80000

His friends were:

#  8 7 "✪_._Ip3rion_._✪" STEAM_1:1:<a href="tel:94940856%2022" value="+19494085622" target="_blank">94940856 22:24 221 49 active 80000
# 10 9 "✪ Konto • G #Τσαβ" STEAM_1:1:95047037 22:24 260 49 active 80000
# 12 11 "tonton" STEAM_1:0:167309801 22:24 190 86 active 80000

That being said, I don't think it was this guy who figured it out, he's not smart enough for it. But someone has and i'm not sure how they managed to dig information of players but this surely will become an issue if something is not made for the matter. This may be part of some cheat software by default. I don't really know.

-ics

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Exploit on the wild, lagging only certain players on a gameserver is possible

hasser css
In reply to this post by ics
But it has only started happening today, yes? I still do assume it is DDoS and they just happen to get lucky with their routing. see http://www.netnod.se/ix-stats/14all_ix-packets-public.pl?log=stockholm.geb-packets.642 .. those nice outgoing PPS spikes at around 16 and 18 when I got the lag out for 5 minutes or so. Some people on enemy team could rush fine with SMGs, some couldn't, then it calmed down.

Don't think any server-specific exploit exists other than video I linked, or at least I hope not. Only thing I could think of is something using all the CPU of a particular server..

On Wed, Apr 6, 2016 at 10:06 PM, ics <[hidden email]> wrote:
At start, his friends were lagging also, everybody's ping got up. Then after few rounds they were able to walk and run normally. The reddit post i made has also brought  up 3 more cases by now of this happening.

-ics

Hasser Css kirjoitti:
I got this while playing MM on EU North as well, twice today. Are you sure they are using an exploit? It seems to have been some kind of DDoS today, because I got the same thing too. Maybe their friends weren't affected by it due to different routing or something?

There is still this exploit however: https://www.youtube.com/watch?v=4Sa-wFRe64c
But you would have been kicked with "no Steam-login", not just lagging a lot. (Please fix this Valve ^)

On Wed, Apr 6, 2016 at 9:06 PM, ics <[hidden email] <mailto:[hidden email]>> wrote:

    Hello

    Someone has found a way to lag certain players on a gameserver.
    Not just ddos the server but only some players on it, while saving
    their friends from most of the attack. While this concerns only
    Valve server for now, any community server is propably also
    vulnerable to this action.

    I played today a match, on a Valve server less than 30 mins ago.
    The server IP in question was 155.133.242.40:27066
    <http://155.133.242.40:27066> (Valve CS:GO EU North Server
    (srcds021.187.52))

    In this game, our whole team started lagging. The other team
    recovered from it mostly on the next round, allowing them to
    continuously slay us to our base. Here is a GOTV demo of the match
    steam://rungame/730/76561202255233023/+csgo_download_match%20CSGO-DFeLE-OufVt-jEYE2-atvWf-mYb7L
    and if you skip to the beginning of the15th round, you will see it
    clearly. You can also watch part of in eyes demo from the same
    match. http://server2.pelipurkki.fi/~dustin/crap/kidsddos.dem
    <http://server2.pelipurkki.fi/%7Edustin/crap/kidsddos.dem>

    The main culprit was also aimbotting, and was appearing as:

    #  3 2 "Tapio #DERANK" STEAM_1:0:<a href="tel:120573925%2022" value="+12057392522" target="_blank">120573925 22
    <tel:120573925%2022>:24 275 94 active 80000

    His friends were:

    #  8 7 "✪_._Ip3rion_._✪" STEAM_1:1:<a href="tel:94940856%2022" value="+19494085622" target="_blank">94940856 22
    <tel:94940856%2022>:24 221 49 active 80000
    # 10 9 "✪ Konto • G #Τσαβ" STEAM_1:1:95047037 22:24 260 49 active
    80000
    # 12 11 "tonton" STEAM_1:0:167309801 22:24 190 86 active 80000

    That being said, I don't think it was this guy who figured it out,
    he's not smart enough for it. But someone has and i'm not sure how
    they managed to dig information of players but this surely will
    become an issue if something is not made for the matter. This may
    be part of some cheat software by default. I don't really know.

    -ics

    _______________________________________________
    Csgo_servers mailing list
    [hidden email]
    <mailto:[hidden email]>
    https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers




_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
ics
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Exploit on the wild, lagging only certain players on a gameserver is possible

ics
Lucky with routing? By looking at the names and profiles, i'm basically
in same country with these guys and i still had the lags. I don't know
their ISP's though.

-ics

Hasser Css kirjoitti:

> But it has only started happening today, yes? I still do assume it is
> DDoS and they just happen to get lucky with their routing. see
> http://www.netnod.se/ix-stats/14all_ix-packets-public.pl?log=stockholm.geb-packets.642 
> .. those nice outgoing PPS spikes at around 16 and 18 when I got the
> lag out for 5 minutes or so. Some people on enemy team could rush fine
> with SMGs, some couldn't, then it calmed down.
>
> Don't think any server-specific exploit exists other than video I
> linked, or at least I hope not. Only thing I could think of is
> something using all the CPU of a particular server..
>
> On Wed, Apr 6, 2016 at 10:06 PM, ics <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     At start, his friends were lagging also, everybody's ping got up.
>     Then after few rounds they were able to walk and run normally. The
>     reddit post i made has also brought up 3 more cases by now of this
>     happening.
>
>     -ics
>
>     Hasser Css kirjoitti:
>
>         I got this while playing MM on EU North as well, twice today.
>         Are you sure they are using an exploit? It seems to have been
>         some kind of DDoS today, because I got the same thing too.
>         Maybe their friends weren't affected by it due to different
>         routing or something?
>
>         There is still this exploit however:
>         https://www.youtube.com/watch?v=4Sa-wFRe64c
>         But you would have been kicked with "no Steam-login", not just
>         lagging a lot. (Please fix this Valve ^)
>
>         On Wed, Apr 6, 2016 at 9:06 PM, ics <[hidden email]
>         <mailto:[hidden email]> <mailto:[hidden email]
>         <mailto:[hidden email]>>> wrote:
>
>             Hello
>
>             Someone has found a way to lag certain players on a
>         gameserver.
>             Not just ddos the server but only some players on it,
>         while saving
>             their friends from most of the attack. While this concerns
>         only
>             Valve server for now, any community server is propably also
>             vulnerable to this action.
>
>             I played today a match, on a Valve server less than 30
>         mins ago.
>             The server IP in question was 155.133.242.40:27066
>         <http://155.133.242.40:27066>
>             <http://155.133.242.40:27066> (Valve CS:GO EU North Server
>             (srcds021.187.52))
>
>             In this game, our whole team started lagging. The other team
>             recovered from it mostly on the next round, allowing them to
>             continuously slay us to our base. Here is a GOTV demo of
>         the match
>         steam://rungame/730/76561202255233023/+csgo_download_match%20CSGO-DFeLE-OufVt-jEYE2-atvWf-mYb7L
>             and if you skip to the beginning of the15th round, you
>         will see it
>             clearly. You can also watch part of in eyes demo from the same
>             match.
>         http://server2.pelipurkki.fi/~dustin/crap/kidsddos.dem
>         <http://server2.pelipurkki.fi/%7Edustin/crap/kidsddos.dem>
>             <http://server2.pelipurkki.fi/%7Edustin/crap/kidsddos.dem>
>
>             The main culprit was also aimbotting, and was appearing as:
>
>             #  3 2 "Tapio #DERANK" STEAM_1:0:120573925 22
>         <tel:120573925%2022>
>             <tel:120573925%2022>:24 275 94 active 80000
>
>             His friends were:
>
>             #  8 7 "✪_._Ip3rion_._✪" STEAM_1:1:94940856 22
>         <tel:94940856%2022>
>             <tel:94940856%2022>:24 221 49 active 80000
>             # 10 9 "✪ Konto • G #Τσαβ" STEAM_1:1:95047037 22:24 260 49
>         active
>             80000
>             # 12 11 "tonton" STEAM_1:0:167309801 22:24 190 86 active 80000
>
>             That being said, I don't think it was this guy who figured
>         it out,
>             he's not smart enough for it. But someone has and i'm not
>         sure how
>             they managed to dig information of players but this surely
>         will
>             become an issue if something is not made for the matter.
>         This may
>             be part of some cheat software by default. I don't really
>         know.
>
>             -ics
>
>             _______________________________________________
>             Csgo_servers mailing list
>         [hidden email]
>         <mailto:[hidden email]>
>             <mailto:[hidden email]
>         <mailto:[hidden email]>>
>         https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
>
>         _______________________________________________
>         Csgo_servers mailing list
>         [hidden email]
>         <mailto:[hidden email]>
>         https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
>     _______________________________________________
>     Csgo_servers mailing list
>     [hidden email]
>     <mailto:[hidden email]>
>     https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Exploit on the wild, lagging only certain players on a gameserver is possible

Matthias "InstantMuffin" Kollek
Routing can be a bitch, with a premium traffic mafia screwing us all.
This is interesting though.

On 06.04.2016 22:28, ics wrote:

> Lucky with routing? By looking at the names and profiles, i'm
> basically in same country with these guys and i still had the lags. I
> don't know their ISP's though.
>
> -ics
>
> Hasser Css kirjoitti:
>> But it has only started happening today, yes? I still do assume it is
>> DDoS and they just happen to get lucky with their routing. see
>> http://www.netnod.se/ix-stats/14all_ix-packets-public.pl?log=stockholm.geb-packets.642 
>> .. those nice outgoing PPS spikes at around 16 and 18 when I got the
>> lag out for 5 minutes or so. Some people on enemy team could rush
>> fine with SMGs, some couldn't, then it calmed down.
>>
>> Don't think any server-specific exploit exists other than video I
>> linked, or at least I hope not. Only thing I could think of is
>> something using all the CPU of a particular server..
>>
>> On Wed, Apr 6, 2016 at 10:06 PM, ics <[hidden email]
>> <mailto:[hidden email]>> wrote:
>>
>>     At start, his friends were lagging also, everybody's ping got up.
>>     Then after few rounds they were able to walk and run normally. The
>>     reddit post i made has also brought up 3 more cases by now of this
>>     happening.
>>
>>     -ics
>>
>>     Hasser Css kirjoitti:
>>
>>         I got this while playing MM on EU North as well, twice today.
>>         Are you sure they are using an exploit? It seems to have been
>>         some kind of DDoS today, because I got the same thing too.
>>         Maybe their friends weren't affected by it due to different
>>         routing or something?
>>
>>         There is still this exploit however:
>>         https://www.youtube.com/watch?v=4Sa-wFRe64c
>>         But you would have been kicked with "no Steam-login", not just
>>         lagging a lot. (Please fix this Valve ^)
>>
>>         On Wed, Apr 6, 2016 at 9:06 PM, ics <[hidden email]
>>         <mailto:[hidden email]> <mailto:[hidden email]
>>         <mailto:[hidden email]>>> wrote:
>>
>>             Hello
>>
>>             Someone has found a way to lag certain players on a
>>         gameserver.
>>             Not just ddos the server but only some players on it,
>>         while saving
>>             their friends from most of the attack. While this concerns
>>         only
>>             Valve server for now, any community server is propably also
>>             vulnerable to this action.
>>
>>             I played today a match, on a Valve server less than 30
>>         mins ago.
>>             The server IP in question was 155.133.242.40:27066
>>         <http://155.133.242.40:27066>
>>             <http://155.133.242.40:27066> (Valve CS:GO EU North Server
>>             (srcds021.187.52))
>>
>>             In this game, our whole team started lagging. The other team
>>             recovered from it mostly on the next round, allowing them to
>>             continuously slay us to our base. Here is a GOTV demo of
>>         the match
>> steam://rungame/730/76561202255233023/+csgo_download_match%20CSGO-DFeLE-OufVt-jEYE2-atvWf-mYb7L
>>             and if you skip to the beginning of the15th round, you
>>         will see it
>>             clearly. You can also watch part of in eyes demo from the
>> same
>>             match.
>>         http://server2.pelipurkki.fi/~dustin/crap/kidsddos.dem
>> <http://server2.pelipurkki.fi/%7Edustin/crap/kidsddos.dem>
>> <http://server2.pelipurkki.fi/%7Edustin/crap/kidsddos.dem>
>>
>>             The main culprit was also aimbotting, and was appearing as:
>>
>>             #  3 2 "Tapio #DERANK" STEAM_1:0:120573925 22
>>         <tel:120573925%2022>
>>             <tel:120573925%2022>:24 275 94 active 80000
>>
>>             His friends were:
>>
>>             #  8 7 "✪_._Ip3rion_._✪" STEAM_1:1:94940856 22
>>         <tel:94940856%2022>
>>             <tel:94940856%2022>:24 221 49 active 80000
>>             # 10 9 "✪ Konto • G #Τσαβ" STEAM_1:1:95047037 22:24 260 49
>>         active
>>             80000
>>             # 12 11 "tonton" STEAM_1:0:167309801 22:24 190 86 active
>> 80000
>>
>>             That being said, I don't think it was this guy who figured
>>         it out,
>>             he's not smart enough for it. But someone has and i'm not
>>         sure how
>>             they managed to dig information of players but this surely
>>         will
>>             become an issue if something is not made for the matter.
>>         This may
>>             be part of some cheat software by default. I don't really
>>         know.
>>
>>             -ics
>>
>>             _______________________________________________
>>             Csgo_servers mailing list
>>         [hidden email]
>>         <mailto:[hidden email]>
>>             <mailto:[hidden email]
>>         <mailto:[hidden email]>>
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>>
>>
>>
>>         _______________________________________________
>>         Csgo_servers mailing list
>>         [hidden email]
>>         <mailto:[hidden email]>
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>>
>>
>>     _______________________________________________
>>     Csgo_servers mailing list
>>     [hidden email]
>>     <mailto:[hidden email]>
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>>
>>
>>
>> _______________________________________________
>> Csgo_servers mailing list
>> [hidden email]
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Exploit on the wild, lagging only certain players on a gameserver is possible

Robin Groppe

I can not imagine how that would be done. How would you seperate people from friends and victims when all are connected to the same server port, and the servers address os the only public info?

Am 07.04.2016 05:04 schrieb "Matthias "InstantMuffin" Kollek" <[hidden email]>:
Routing can be a bitch, with a premium traffic mafia screwing us all.
This is interesting though.


On 06.04.2016 22:28, ics wrote:
Lucky with routing? By looking at the names and profiles, i'm basically in same country with these guys and i still had the lags. I don't know their ISP's though.

-ics

Hasser Css kirjoitti:
But it has only started happening today, yes? I still do assume it is DDoS and they just happen to get lucky with their routing. see http://www.netnod.se/ix-stats/14all_ix-packets-public.pl?log=stockholm.geb-packets.642 .. those nice outgoing PPS spikes at around 16 and 18 when I got the lag out for 5 minutes or so. Some people on enemy team could rush fine with SMGs, some couldn't, then it calmed down.

Don't think any server-specific exploit exists other than video I linked, or at least I hope not. Only thing I could think of is something using all the CPU of a particular server..

On Wed, Apr 6, 2016 at 10:06 PM, ics <[hidden email] <mailto:[hidden email]>> wrote:

    At start, his friends were lagging also, everybody's ping got up.
    Then after few rounds they were able to walk and run normally. The
    reddit post i made has also brought up 3 more cases by now of this
    happening.

    -ics

    Hasser Css kirjoitti:

        I got this while playing MM on EU North as well, twice today.
        Are you sure they are using an exploit? It seems to have been
        some kind of DDoS today, because I got the same thing too.
        Maybe their friends weren't affected by it due to different
        routing or something?

        There is still this exploit however:
        https://www.youtube.com/watch?v=4Sa-wFRe64c
        But you would have been kicked with "no Steam-login", not just
        lagging a lot. (Please fix this Valve ^)

        On Wed, Apr 6, 2016 at 9:06 PM, ics <[hidden email]
        <mailto:[hidden email]> <mailto:[hidden email]
        <mailto:[hidden email]>>> wrote:

            Hello

            Someone has found a way to lag certain players on a
        gameserver.
            Not just ddos the server but only some players on it,
        while saving
            their friends from most of the attack. While this concerns
        only
            Valve server for now, any community server is propably also
            vulnerable to this action.

            I played today a match, on a Valve server less than 30
        mins ago.
            The server IP in question was 155.133.242.40:27066
        <http://155.133.242.40:27066>
            <http://155.133.242.40:27066> (Valve CS:GO EU North Server
            (srcds021.187.52))

            In this game, our whole team started lagging. The other team
            recovered from it mostly on the next round, allowing them to
            continuously slay us to our base. Here is a GOTV demo of
        the match
steam://rungame/730/76561202255233023/+csgo_download_match%20CSGO-DFeLE-OufVt-jEYE2-atvWf-mYb7L
            and if you skip to the beginning of the15th round, you
        will see it
            clearly. You can also watch part of in eyes demo from the same
            match.
        http://server2.pelipurkki.fi/~dustin/crap/kidsddos.dem
<http://server2.pelipurkki.fi/%7Edustin/crap/kidsddos.dem>
<http://server2.pelipurkki.fi/%7Edustin/crap/kidsddos.dem>

            The main culprit was also aimbotting, and was appearing as:

            #  3 2 "Tapio #DERANK" STEAM_1:0:<a href="tel:120573925%2022" value="+12057392522" target="_blank">120573925 22
        <tel:120573925%2022>
            <tel:120573925%2022>:24 275 94 active 80000

            His friends were:

            #  8 7 "✪_._Ip3rion_._✪" STEAM_1:1:<a href="tel:94940856%2022" value="+19494085622" target="_blank">94940856 22
        <tel:94940856%2022>
            <tel:94940856%2022>:24 221 49 active 80000
            # 10 9 "✪ Konto • G #Τσαβ" STEAM_1:1:95047037 22:24 260 49
        active
            80000
            # 12 11 "tonton" STEAM_1:0:167309801 22:24 190 86 active 80000

            That being said, I don't think it was this guy who figured
        it out,
            he's not smart enough for it. But someone has and i'm not
        sure how
            they managed to dig information of players but this surely
        will
            become an issue if something is not made for the matter.
        This may
            be part of some cheat software by default. I don't really
        know.

            -ics

            _______________________________________________
            Csgo_servers mailing list
        [hidden email]
        <mailto:[hidden email]>
            <mailto:[hidden email]
        <mailto:[hidden email]>>
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers




        _______________________________________________
        Csgo_servers mailing list
        [hidden email]
        <mailto:[hidden email]>
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers



    _______________________________________________
    Csgo_servers mailing list
    [hidden email]
    <mailto:[hidden email]>
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers




_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Exploit on the wild, lagging only certain players on a gameserver is possible

Matthias "InstantMuffin" Kollek
idk, I wrote this before I watched one of the demos.
All I saw was everybody lagging.
One team did get wrecked though for whatever reasons. Two of the opponents had a buttload of "-rep", supposedly for cheating, on their profile, but I didn't re-watch the demos from their perspective. The losing team might as well have been busy complaining.
Healthy skepticism?

On 07.04.2016 06:40, Robin Groppe wrote:

I can not imagine how that would be done. How would you seperate people from friends and victims when all are connected to the same server port, and the servers address os the only public info?

Am 07.04.2016 05:04 schrieb "Matthias "InstantMuffin" Kollek" <[hidden email]>:
Routing can be a bitch, with a premium traffic mafia screwing us all.
This is interesting though.


On 06.04.2016 22:28, ics wrote:
Lucky with routing? By looking at the names and profiles, i'm basically in same country with these guys and i still had the lags. I don't know their ISP's though.

-ics

Hasser Css kirjoitti:
But it has only started happening today, yes? I still do assume it is DDoS and they just happen to get lucky with their routing. see http://www.netnod.se/ix-stats/14all_ix-packets-public.pl?log=stockholm.geb-packets.642 .. those nice outgoing PPS spikes at around 16 and 18 when I got the lag out for 5 minutes or so. Some people on enemy team could rush fine with SMGs, some couldn't, then it calmed down.

Don't think any server-specific exploit exists other than video I linked, or at least I hope not. Only thing I could think of is something using all the CPU of a particular server..

On Wed, Apr 6, 2016 at 10:06 PM, ics <[hidden email] <mailto:[hidden email]>> wrote:

    At start, his friends were lagging also, everybody's ping got up.
    Then after few rounds they were able to walk and run normally. The
    reddit post i made has also brought up 3 more cases by now of this
    happening.

    -ics

    Hasser Css kirjoitti:

        I got this while playing MM on EU North as well, twice today.
        Are you sure they are using an exploit? It seems to have been
        some kind of DDoS today, because I got the same thing too.
        Maybe their friends weren't affected by it due to different
        routing or something?

        There is still this exploit however:
        https://www.youtube.com/watch?v=4Sa-wFRe64c
        But you would have been kicked with "no Steam-login", not just
        lagging a lot. (Please fix this Valve ^)

        On Wed, Apr 6, 2016 at 9:06 PM, ics <[hidden email]
        <mailto:[hidden email]> <mailto:[hidden email]
        <mailto:[hidden email]>>> wrote:

            Hello

            Someone has found a way to lag certain players on a
        gameserver.
            Not just ddos the server but only some players on it,
        while saving
            their friends from most of the attack. While this concerns
        only
            Valve server for now, any community server is propably also
            vulnerable to this action.

            I played today a match, on a Valve server less than 30
        mins ago.
            The server IP in question was 155.133.242.40:27066
        <http://155.133.242.40:27066>
            <http://155.133.242.40:27066> (Valve CS:GO EU North Server
            (srcds021.187.52))

            In this game, our whole team started lagging. The other team
            recovered from it mostly on the next round, allowing them to
            continuously slay us to our base. Here is a GOTV demo of
        the match
<a class="moz-txt-link-freetext" href="steam://rungame/730/76561202255233023/+csgo_download_match%20CSGO-DFeLE-OufVt-jEYE2-atvWf-mYb7L">steam://rungame/730/76561202255233023/+csgo_download_match%20CSGO-DFeLE-OufVt-jEYE2-atvWf-mYb7L
            and if you skip to the beginning of the15th round, you
        will see it
            clearly. You can also watch part of in eyes demo from the same
            match.
        http://server2.pelipurkki.fi/~dustin/crap/kidsddos.dem
<http://server2.pelipurkki.fi/%7Edustin/crap/kidsddos.dem>
<http://server2.pelipurkki.fi/%7Edustin/crap/kidsddos.dem>

            The main culprit was also aimbotting, and was appearing as:

            #  3 2 "Tapio #DERANK" STEAM_1:0:<a moz-do-not-send="true" href="tel:120573925%2022" value="+12057392522" target="_blank">120573925 22
        <tel:120573925%2022>
            <tel:120573925%2022>:24 275 94 active 80000

            His friends were:

            #  8 7 "✪_._Ip3rion_._✪" STEAM_1:1:<a moz-do-not-send="true" href="tel:94940856%2022" value="+19494085622" target="_blank">94940856 22
        <tel:94940856%2022>
            <tel:94940856%2022>:24 221 49 active 80000
            # 10 9 "✪ Konto • G #Τσαβ" STEAM_1:1:95047037 22:24 260 49
        active
            80000
            # 12 11 "tonton" STEAM_1:0:167309801 22:24 190 86 active 80000

            That being said, I don't think it was this guy who figured
        it out,
            he's not smart enough for it. But someone has and i'm not
        sure how
            they managed to dig information of players but this surely
        will
            become an issue if something is not made for the matter.
        This may
            be part of some cheat software by default. I don't really
        know.

            -ics

            _______________________________________________
            Csgo_servers mailing list
        [hidden email]
        <mailto:[hidden email]>
            <mailto:[hidden email]
        <mailto:[hidden email]>>
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers




        _______________________________________________
        Csgo_servers mailing list
        [hidden email]
        <mailto:[hidden email]>
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers



    _______________________________________________
    Csgo_servers mailing list
    [hidden email]
    <mailto:[hidden email]>
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers




_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
ics
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Exploit on the wild, lagging only certain players on a gameserver is possible

ics
In reply to this post by Robin Groppe
I would go by listening traffic to that port and see which IP's generate
it. Then i'd do country filtering for the IP's and target only the ones
that aren't familiar. I bet it's not a cheat software alone, but
something else. There can also be a bug in the srcds software that
allows this. I'm only guessing.

As for what Matthias said, i was there, i experienced it. I can
guarantee nobody in our team was lag free. One of the enemies seemed
lagging but 2 others had little no none for several rounds.

-ics

Robin Groppe kirjoitti:

>
> I can not imagine how that would be done. How would you seperate
> people from friends and victims when all are connected to the same
> server port, and the servers address os the only public info?
>
> Am 07.04.2016 05:04 schrieb "Matthias "InstantMuffin" Kollek"
> <[hidden email] <mailto:[hidden email]>>:
>
>     Routing can be a bitch, with a premium traffic mafia screwing us all.
>     This is interesting though.
>
>
>     On 06.04.2016 22:28, ics wrote:
>
>         Lucky with routing? By looking at the names and profiles, i'm
>         basically in same country with these guys and i still had the
>         lags. I don't know their ISP's though.
>
>         -ics
>
>         Hasser Css kirjoitti:
>
>             But it has only started happening today, yes? I still do
>             assume it is DDoS and they just happen to get lucky with
>             their routing. see
>             http://www.netnod.se/ix-stats/14all_ix-packets-public.pl?log=stockholm.geb-packets.642
>             .. those nice outgoing PPS spikes at around 16 and 18 when
>             I got the lag out for 5 minutes or so. Some people on
>             enemy team could rush fine with SMGs, some couldn't, then
>             it calmed down.
>
>             Don't think any server-specific exploit exists other than
>             video I linked, or at least I hope not. Only thing I could
>             think of is something using all the CPU of a particular
>             server..
>
>             On Wed, Apr 6, 2016 at 10:06 PM, ics <[hidden email]
>             <mailto:[hidden email]> <mailto:[hidden email]
>             <mailto:[hidden email]>>> wrote:
>
>                 At start, his friends were lagging also, everybody's
>             ping got up.
>                 Then after few rounds they were able to walk and run
>             normally. The
>                 reddit post i made has also brought up 3 more cases by
>             now of this
>                 happening.
>
>                 -ics
>
>                 Hasser Css kirjoitti:
>
>                     I got this while playing MM on EU North as well,
>             twice today.
>                     Are you sure they are using an exploit? It seems
>             to have been
>                     some kind of DDoS today, because I got the same
>             thing too.
>                     Maybe their friends weren't affected by it due to
>             different
>                     routing or something?
>
>                     There is still this exploit however:
>             https://www.youtube.com/watch?v=4Sa-wFRe64c
>                     But you would have been kicked with "no
>             Steam-login", not just
>                     lagging a lot. (Please fix this Valve ^)
>
>                     On Wed, Apr 6, 2016 at 9:06 PM, ics
>             <[hidden email] <mailto:[hidden email]>
>                     <mailto:[hidden email]
>             <mailto:[hidden email]>> <mailto:[hidden email]
>             <mailto:[hidden email]>
>                     <mailto:[hidden email]
>             <mailto:[hidden email]>>>> wrote:
>
>                         Hello
>
>                         Someone has found a way to lag certain players
>             on a
>                     gameserver.
>                         Not just ddos the server but only some players
>             on it,
>                     while saving
>                         their friends from most of the attack. While
>             this concerns
>                     only
>                         Valve server for now, any community server is
>             propably also
>                         vulnerable to this action.
>
>                         I played today a match, on a Valve server less
>             than 30
>                     mins ago.
>                         The server IP in question was
>             155.133.242.40:27066 <http://155.133.242.40:27066>
>                     <http://155.133.242.40:27066>
>                         <http://155.133.242.40:27066> (Valve CS:GO EU
>             North Server
>                         (srcds021.187.52))
>
>                         In this game, our whole team started lagging.
>             The other team
>                         recovered from it mostly on the next round,
>             allowing them to
>                         continuously slay us to our base. Here is a
>             GOTV demo of
>                     the match
>             steam://rungame/730/76561202255233023/+csgo_download_match%20CSGO-DFeLE-OufVt-jEYE2-atvWf-mYb7L
>                         and if you skip to the beginning of the15th
>             round, you
>                     will see it
>                         clearly. You can also watch part of in eyes
>             demo from the same
>                         match.
>             http://server2.pelipurkki.fi/~dustin/crap/kidsddos.dem
>             <http://server2.pelipurkki.fi/%7Edustin/crap/kidsddos.dem>
>             <http://server2.pelipurkki.fi/%7Edustin/crap/kidsddos.dem>
>             <http://server2.pelipurkki.fi/%7Edustin/crap/kidsddos.dem>
>
>                         The main culprit was also aimbotting, and was
>             appearing as:
>
>                         #  3 2 "Tapio #DERANK" STEAM_1:0:120573925 22
>             <tel:120573925%2022>
>                     <tel:120573925%2022>
>                         <tel:120573925%2022>:24 275 94 active 80000
>
>                         His friends were:
>
>                         #  8 7 "✪_._Ip3rion_._✪" STEAM_1:1:94940856 22
>             <tel:94940856%2022>
>                     <tel:94940856%2022>
>                         <tel:94940856%2022>:24 221 49 active 80000
>                         # 10 9 "✪ Konto • G #Τσαβ" STEAM_1:1:95047037
>             22:24 260 49
>                     active
>                         80000
>                         # 12 11 "tonton" STEAM_1:0:167309801 22:24 190
>             86 active 80000
>
>                         That being said, I don't think it was this guy
>             who figured
>                     it out,
>                         he's not smart enough for it. But someone has
>             and i'm not
>                     sure how
>                         they managed to dig information of players but
>             this surely
>                     will
>                         become an issue if something is not made for
>             the matter.
>                     This may
>                         be part of some cheat software by default. I
>             don't really
>                     know.
>
>                         -ics
>
>             _______________________________________________
>                         Csgo_servers mailing list
>             [hidden email]
>             <mailto:[hidden email]>
>                     <mailto:[hidden email]
>             <mailto:[hidden email]>>
>                         <mailto:[hidden email]
>             <mailto:[hidden email]>
>                     <mailto:[hidden email]
>             <mailto:[hidden email]>>>
>             https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
>
>                     _______________________________________________
>                     Csgo_servers mailing list
>             [hidden email]
>             <mailto:[hidden email]>
>                     <mailto:[hidden email]
>             <mailto:[hidden email]>>
>             https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
>                 _______________________________________________
>                 Csgo_servers mailing list
>             [hidden email]
>             <mailto:[hidden email]>
>                 <mailto:[hidden email]
>             <mailto:[hidden email]>>
>             https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
>
>             _______________________________________________
>             Csgo_servers mailing list
>             [hidden email]
>             <mailto:[hidden email]>
>             https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
>         _______________________________________________
>         Csgo_servers mailing list
>         [hidden email]
>         <mailto:[hidden email]>
>         https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
>     _______________________________________________
>     Csgo_servers mailing list
>     [hidden email]
>     <mailto:[hidden email]>
>     https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Loading...