Exploit that spams/lags clients

classic Classic list List threaded Threaded
63 messages Options
1234
Reply | Threaded
Open this post in threaded view
|

Exploit that spams/lags clients

iNilo
A player on my server was able to spam all the clients with a script he later linked ( https://hastebin.com/fufarowuba.cpp )

its causing massive console spams.


Someone has a fix for this?

- iNilo.


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

Nathaniel Theis
hook recvmsg and kick if you get more than one signon message on a
given cnetchan (might need to check the server count though, not sure
if you get another signon message from legit clients at map
change...)?

(normal connection throttling should stop the obvious workaround (just
reconnecting)

On Tue, Apr 17, 2018 at 1:22 PM, iNilo <[hidden email]> wrote:

> A player on my server was able to spam all the clients with a script he
> later linked ( https://hastebin.com/fufarowuba.cpp )
>
> its causing massive console spams.
>
> https://i.imgur.com/nOWLkeq.png
>
> Someone has a fix for this?
>
> - iNilo.
>
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

Stealth Mode
Think about this carefully. This client is able to inject scripts through the server to all clients. I warned this list months ago about how unsecure these servers really are. That can easily be a different script through a spoofed steamid that randomly changes. Image injections. Packet injections. Script injections. I'd be more worried about what he can use the server to inject into the OS cmd shell/powershell.

These servers are really vulnerable from a network security standpoint. Be glad your client isn't malicious. Or your server and all of those clients could be remote hijacked.

-Stealthmode

On Wed, Apr 18, 2018, 17:42 Nathaniel Theis <[hidden email]> wrote:
hook recvmsg and kick if you get more than one signon message on a
given cnetchan (might need to check the server count though, not sure
if you get another signon message from legit clients at map
change...)?

(normal connection throttling should stop the obvious workaround (just
reconnecting)

On Tue, Apr 17, 2018 at 1:22 PM, iNilo <[hidden email]> wrote:
> A player on my server was able to spam all the clients with a script he
> later linked ( https://hastebin.com/fufarowuba.cpp )
>
> its causing massive console spams.
>
> https://i.imgur.com/nOWLkeq.png
>
> Someone has a fix for this?
>
> - iNilo.
>
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

Stealth Mode
In reply to this post by iNilo
Thanks God for sandbox virtual machine environments to run servers in. That's all I will say.

On Wed, Apr 18, 2018, 20:35 Stealth Mode <[hidden email]> wrote:
Think about this carefully. This client is able to inject scripts through the server to all clients. I warned this list months ago about how unsecure these servers really are. That can easily be a different script through a spoofed steamid that randomly changes. Image injections. Packet injections. Script injections. I'd be more worried about what he can use the server to inject into the OS cmd shell/powershell.

These servers are really vulnerable from a network security standpoint. Be glad your client isn't malicious. Or your server and all of those clients could be remote hijacked.

-Stealthmode

On Wed, Apr 18, 2018, 17:42 Nathaniel Theis <[hidden email]> wrote:
hook recvmsg and kick if you get more than one signon message on a
given cnetchan (might need to check the server count though, not sure
if you get another signon message from legit clients at map
change...)?

(normal connection throttling should stop the obvious workaround (just
reconnecting)

On Tue, Apr 17, 2018 at 1:22 PM, iNilo <[hidden email]> wrote:
> A player on my server was able to spam all the clients with a script he
> later linked ( https://hastebin.com/fufarowuba.cpp )
>
> its causing massive console spams.
>
> https://i.imgur.com/nOWLkeq.png
>
> Someone has a fix for this?
>
> - iNilo.
>
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

Stealth Mode
The top part of that is calling to a memory address location in hexidecimal where null.wav is stored. Without null.wav on the server it eats up cycles to search for it in memory.

Can create a bash script to look for keywords in this script and automatically ban the MAC ADDRESS. Not the IP address (takes some translation from decimal to hexidecimal).

Cough Valve AntiCheat/Alfred hope you see this.

-Stealthmode

On Wed, Apr 18, 2018, 20:37 Stealth Mode <[hidden email]> wrote:
Thanks God for sandbox virtual machine environments to run servers in. That's all I will say.

On Wed, Apr 18, 2018, 20:35 Stealth Mode <[hidden email]> wrote:
Think about this carefully. This client is able to inject scripts through the server to all clients. I warned this list months ago about how unsecure these servers really are. That can easily be a different script through a spoofed steamid that randomly changes. Image injections. Packet injections. Script injections. I'd be more worried about what he can use the server to inject into the OS cmd shell/powershell.

These servers are really vulnerable from a network security standpoint. Be glad your client isn't malicious. Or your server and all of those clients could be remote hijacked.

-Stealthmode

On Wed, Apr 18, 2018, 17:42 Nathaniel Theis <[hidden email]> wrote:
hook recvmsg and kick if you get more than one signon message on a
given cnetchan (might need to check the server count though, not sure
if you get another signon message from legit clients at map
change...)?

(normal connection throttling should stop the obvious workaround (just
reconnecting)

On Tue, Apr 17, 2018 at 1:22 PM, iNilo <[hidden email]> wrote:
> A player on my server was able to spam all the clients with a script he
> later linked ( https://hastebin.com/fufarowuba.cpp )
>
> its causing massive console spams.
>
> https://i.imgur.com/nOWLkeq.png
>
> Someone has a fix for this?
>
> - iNilo.
>
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

Stealth Mode
In reply to this post by Stealth Mode
Just be glad he hasn't figured out how to abuse allow upload using spray paint images/custom spray paints or packet injections to place null.wav named binary into your physical hardware.

On Wed, Apr 18, 2018, 20:46 Stealth Mode <[hidden email]> wrote:
The top part of that is calling to a memory address location in hexidecimal where null.wav is stored. Without null.wav on the server it eats up cycles to search for it in memory.

Can create a bash script to look for keywords in this script and automatically ban the MAC ADDRESS. Not the IP address (takes some translation from decimal to hexidecimal).

Cough Valve AntiCheat/Alfred hope you see this.

-Stealthmode

On Wed, Apr 18, 2018, 20:37 Stealth Mode <[hidden email]> wrote:
Thanks God for sandbox virtual machine environments to run servers in. That's all I will say.

On Wed, Apr 18, 2018, 20:35 Stealth Mode <[hidden email]> wrote:
Think about this carefully. This client is able to inject scripts through the server to all clients. I warned this list months ago about how unsecure these servers really are. That can easily be a different script through a spoofed steamid that randomly changes. Image injections. Packet injections. Script injections. I'd be more worried about what he can use the server to inject into the OS cmd shell/powershell.

These servers are really vulnerable from a network security standpoint. Be glad your client isn't malicious. Or your server and all of those clients could be remote hijacked.

-Stealthmode

On Wed, Apr 18, 2018, 17:42 Nathaniel Theis <[hidden email]> wrote:
hook recvmsg and kick if you get more than one signon message on a
given cnetchan (might need to check the server count though, not sure
if you get another signon message from legit clients at map
change...)?

(normal connection throttling should stop the obvious workaround (just
reconnecting)

On Tue, Apr 17, 2018 at 1:22 PM, iNilo <[hidden email]> wrote:
> A player on my server was able to spam all the clients with a script he
> later linked ( https://hastebin.com/fufarowuba.cpp )
>
> its causing massive console spams.
>
> https://i.imgur.com/nOWLkeq.png
>
> Someone has a fix for this?
>
> - iNilo.
>
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

Nomaan Ahmad
In reply to this post by Stealth Mode
What do you mean by MAC Address? I don't think that is available to the server.

On 19 April 2018 at 01:46, Stealth Mode <[hidden email]> wrote:
The top part of that is calling to a memory address location in hexidecimal where null.wav is stored. Without null.wav on the server it eats up cycles to search for it in memory.

Can create a bash script to look for keywords in this script and automatically ban the MAC ADDRESS. Not the IP address (takes some translation from decimal to hexidecimal).

Cough Valve AntiCheat/Alfred hope you see this.

-Stealthmode

On Wed, Apr 18, 2018, 20:37 Stealth Mode <[hidden email]> wrote:
Thanks God for sandbox virtual machine environments to run servers in. That's all I will say.

On Wed, Apr 18, 2018, 20:35 Stealth Mode <[hidden email]> wrote:
Think about this carefully. This client is able to inject scripts through the server to all clients. I warned this list months ago about how unsecure these servers really are. That can easily be a different script through a spoofed steamid that randomly changes. Image injections. Packet injections. Script injections. I'd be more worried about what he can use the server to inject into the OS cmd shell/powershell.

These servers are really vulnerable from a network security standpoint. Be glad your client isn't malicious. Or your server and all of those clients could be remote hijacked.

-Stealthmode

On Wed, Apr 18, 2018, 17:42 Nathaniel Theis <[hidden email]> wrote:
hook recvmsg and kick if you get more than one signon message on a
given cnetchan (might need to check the server count though, not sure
if you get another signon message from legit clients at map
change...)?

(normal connection throttling should stop the obvious workaround (just
reconnecting)

On Tue, Apr 17, 2018 at 1:22 PM, iNilo <[hidden email]> wrote:
> A player on my server was able to spam all the clients with a script he
> later linked ( https://hastebin.com/fufarowuba.cpp )
>
> its causing massive console spams.
>
> https://i.imgur.com/nOWLkeq.png
>
> Someone has a fix for this?
>
> - iNilo.
>
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

narry
Ignore him. He's a fearmongerer who doesn't know what he's talking about. If you're ever in for a laugh, read the archives of this mailing list (might have been HLDS?) and look at the absolute giant thread caused by him claiming the existence of remote upload exploits while making an absolute fool of himself.

On Wed, Apr 18, 2018 at 8:52 PM, Nomaan Ahmad <[hidden email]> wrote:
What do you mean by MAC Address? I don't think that is available to the server.

On 19 April 2018 at 01:46, Stealth Mode <[hidden email]> wrote:
The top part of that is calling to a memory address location in hexidecimal where null.wav is stored. Without null.wav on the server it eats up cycles to search for it in memory.

Can create a bash script to look for keywords in this script and automatically ban the MAC ADDRESS. Not the IP address (takes some translation from decimal to hexidecimal).

Cough Valve AntiCheat/Alfred hope you see this.

-Stealthmode

On Wed, Apr 18, 2018, 20:37 Stealth Mode <[hidden email]> wrote:
Thanks God for sandbox virtual machine environments to run servers in. That's all I will say.

On Wed, Apr 18, 2018, 20:35 Stealth Mode <[hidden email]> wrote:
Think about this carefully. This client is able to inject scripts through the server to all clients. I warned this list months ago about how unsecure these servers really are. That can easily be a different script through a spoofed steamid that randomly changes. Image injections. Packet injections. Script injections. I'd be more worried about what he can use the server to inject into the OS cmd shell/powershell.

These servers are really vulnerable from a network security standpoint. Be glad your client isn't malicious. Or your server and all of those clients could be remote hijacked.

-Stealthmode

On Wed, Apr 18, 2018, 17:42 Nathaniel Theis <[hidden email]> wrote:
hook recvmsg and kick if you get more than one signon message on a
given cnetchan (might need to check the server count though, not sure
if you get another signon message from legit clients at map
change...)?

(normal connection throttling should stop the obvious workaround (just
reconnecting)

On Tue, Apr 17, 2018 at 1:22 PM, iNilo <[hidden email]> wrote:
> A player on my server was able to spam all the clients with a script he
> later linked ( https://hastebin.com/fufarowuba.cpp )
>
> its causing massive console spams.
>
> https://i.imgur.com/nOWLkeq.png
>
> Someone has a fix for this?
>
> - iNilo.
>
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

wickedplayer494 .
In reply to this post by iNilo
Just to keep everyone on the list in the loop, McJohn said that a fix for servers crashing (which I can only assume is a result of this) is being worked on: https://www.reddit.com/r/GlobalOffensive/comments/8d7hkr/3kliksphilips_interview_with_a_cheater/dxljl53/?context=3

On 4/17/2018 3:22 PM, iNilo wrote:
A player on my server was able to spam all the clients with a script he later linked ( https://hastebin.com/fufarowuba.cpp )

its causing massive console spams.


Someone has a fix for this?

- iNilo.



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

Stealth Mode
In reply to this post by narry
A fearmonger? LMAO. Let me tell you what can really be done. Using binary electronics components programming someone can launch a DDOS attack from vulnerable servers like this. Happens ALL of the time. Ignore the warnings. Leave your servers wide open. Disrespect me again, and I'll make sure to gnore you.

I have more server admin/owner experience than half of you script kiddies playing around with network security that you have no CLUE about.

So yes, ignore me out of hand. Be that ignorant in your lack of I.T. Security that you would ignore one of the only ccie/ccde on this list.

Have a nice day, amateur.

On Wed, Apr 18, 2018, 20:59 Dan B (Narry) <[hidden email]> wrote:
Ignore him. He's a fearmongerer who doesn't know what he's talking about. If you're ever in for a laugh, read the archives of this mailing list (might have been HLDS?) and look at the absolute giant thread caused by him claiming the existence of remote upload exploits while making an absolute fool of himself.

On Wed, Apr 18, 2018 at 8:52 PM, Nomaan Ahmad <[hidden email]> wrote:
What do you mean by MAC Address? I don't think that is available to the server.

On 19 April 2018 at 01:46, Stealth Mode <[hidden email]> wrote:
The top part of that is calling to a memory address location in hexidecimal where null.wav is stored. Without null.wav on the server it eats up cycles to search for it in memory.

Can create a bash script to look for keywords in this script and automatically ban the MAC ADDRESS. Not the IP address (takes some translation from decimal to hexidecimal).

Cough Valve AntiCheat/Alfred hope you see this.

-Stealthmode

On Wed, Apr 18, 2018, 20:37 Stealth Mode <[hidden email]> wrote:
Thanks God for sandbox virtual machine environments to run servers in. That's all I will say.

On Wed, Apr 18, 2018, 20:35 Stealth Mode <[hidden email]> wrote:
Think about this carefully. This client is able to inject scripts through the server to all clients. I warned this list months ago about how unsecure these servers really are. That can easily be a different script through a spoofed steamid that randomly changes. Image injections. Packet injections. Script injections. I'd be more worried about what he can use the server to inject into the OS cmd shell/powershell.

These servers are really vulnerable from a network security standpoint. Be glad your client isn't malicious. Or your server and all of those clients could be remote hijacked.

-Stealthmode

On Wed, Apr 18, 2018, 17:42 Nathaniel Theis <[hidden email]> wrote:
hook recvmsg and kick if you get more than one signon message on a
given cnetchan (might need to check the server count though, not sure
if you get another signon message from legit clients at map
change...)?

(normal connection throttling should stop the obvious workaround (just
reconnecting)

On Tue, Apr 17, 2018 at 1:22 PM, iNilo <[hidden email]> wrote:
> A player on my server was able to spam all the clients with a script he
> later linked ( https://hastebin.com/fufarowuba.cpp )
>
> its causing massive console spams.
>
> https://i.imgur.com/nOWLkeq.png
>
> Someone has a fix for this?
>
> - iNilo.
>
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

Stealth Mode
In reply to this post by wickedplayer494 .
The fix is to create a bash script that looks for that in the server log (the repietitive call to null.wav), and automatically ban. If you push the IP through a ip/decimal conversion tool you can make it a Mac address ban right in the hardware packet/transport layer.

End of message.

On Thu, Apr 19, 2018, 20:04 wickedplayer494 <[hidden email]> wrote:
Just to keep everyone on the list in the loop, McJohn said that a fix for servers crashing (which I can only assume is a result of this) is being worked on: https://www.reddit.com/r/GlobalOffensive/comments/8d7hkr/3kliksphilips_interview_with_a_cheater/dxljl53/?context=3

On 4/17/2018 3:22 PM, iNilo wrote:
A player on my server was able to spam all the clients with a script he later linked ( https://hastebin.com/fufarowuba.cpp )

its causing massive console spams.


Someone has a fix for this?

- iNilo.



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

Stealth Mode
In reply to this post by wickedplayer494 .
Also, Alfred. This Samantha Smith bot extracting email addresses from this list is getting annoying. And the Kathy Lisa porn spam is very disheartening. The list needs purged cause a boy is parsing these emails. For email addresses that third party porn bots are being loaded with. And fake csgo_server emails are containing pornography.

On Thu, Apr 19, 2018, 20:04 wickedplayer494 <[hidden email]> wrote:
Just to keep everyone on the list in the loop, McJohn said that a fix for servers crashing (which I can only assume is a result of this) is being worked on: https://www.reddit.com/r/GlobalOffensive/comments/8d7hkr/3kliksphilips_interview_with_a_cheater/dxljl53/?context=3

On 4/17/2018 3:22 PM, iNilo wrote:
A player on my server was able to spam all the clients with a script he later linked ( https://hastebin.com/fufarowuba.cpp )

its causing massive console spams.


Someone has a fix for this?

- iNilo.



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

Nathaniel Theis
In reply to this post by Stealth Mode
I've heard that some advanced hackers are circumventing Mac address bans by using PCs, so you should ban by IP.

On Sat, Apr 21, 2018, 8:07 PM Stealth Mode <[hidden email]> wrote:
The fix is to create a bash script that looks for that in the server log (the repietitive call to null.wav), and automatically ban. If you push the IP through a ip/decimal conversion tool you can make it a Mac address ban right in the hardware packet/transport layer.

End of message.

On Thu, Apr 19, 2018, 20:04 wickedplayer494 <[hidden email]> wrote:
Just to keep everyone on the list in the loop, McJohn said that a fix for servers crashing (which I can only assume is a result of this) is being worked on: https://www.reddit.com/r/GlobalOffensive/comments/8d7hkr/3kliksphilips_interview_with_a_cheater/dxljl53/?context=3

On 4/17/2018 3:22 PM, iNilo wrote:
A player on my server was able to spam all the clients with a script he later linked ( https://hastebin.com/fufarowuba.cpp )

its causing massive console spams.


Someone has a fix for this?

- iNilo.



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

Stealth Mode
LoL. Mac addressing is for any device or computer that is on a network. The network card/WiFi card/cellular modem is what generates the Mac address. IP can be changed/altered randomly. That's why most people don't ban IP addresses. Because it is a waste of time when a client can just go in and release the network IP lease, and force a new IP.

Seriously, study networking before you ever attempt to manage a server.

On Sat, Apr 21, 2018, 23:10 Nathaniel Theis <[hidden email]> wrote:
I've heard that some advanced hackers are circumventing Mac address bans by using PCs, so you should ban by IP.

On Sat, Apr 21, 2018, 8:07 PM Stealth Mode <[hidden email]> wrote:
The fix is to create a bash script that looks for that in the server log (the repietitive call to null.wav), and automatically ban. If you push the IP through a ip/decimal conversion tool you can make it a Mac address ban right in the hardware packet/transport layer.

End of message.

On Thu, Apr 19, 2018, 20:04 wickedplayer494 <[hidden email]> wrote:
Just to keep everyone on the list in the loop, McJohn said that a fix for servers crashing (which I can only assume is a result of this) is being worked on: https://www.reddit.com/r/GlobalOffensive/comments/8d7hkr/3kliksphilips_interview_with_a_cheater/dxljl53/?context=3

On 4/17/2018 3:22 PM, iNilo wrote:
A player on my server was able to spam all the clients with a script he later linked ( https://hastebin.com/fufarowuba.cpp )

its causing massive console spams.


Someone has a fix for this?

- iNilo.



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

narry

On Sat, Apr 21, 2018 at 11:35 PM, Stealth Mode <[hidden email]> wrote:
LoL. Mac addressing is for any device or computer that is on a network. The network card/WiFi card/cellular modem is what generates the Mac address. IP can be changed/altered randomly. That's why most people don't ban IP addresses. Because it is a waste of time when a client can just go in and release the network IP lease, and force a new IP.

Seriously, study networking before you ever attempt to manage a server.

On Sat, Apr 21, 2018, 23:10 Nathaniel Theis <[hidden email]> wrote:
I've heard that some advanced hackers are circumventing Mac address bans by using PCs, so you should ban by IP.

On Sat, Apr 21, 2018, 8:07 PM Stealth Mode <[hidden email]> wrote:
The fix is to create a bash script that looks for that in the server log (the repietitive call to null.wav), and automatically ban. If you push the IP through a ip/decimal conversion tool you can make it a Mac address ban right in the hardware packet/transport layer.

End of message.

On Thu, Apr 19, 2018, 20:04 wickedplayer494 <[hidden email]> wrote:
Just to keep everyone on the list in the loop, McJohn said that a fix for servers crashing (which I can only assume is a result of this) is being worked on: https://www.reddit.com/r/GlobalOffensive/comments/8d7hkr/3kliksphilips_interview_with_a_cheater/dxljl53/?context=3

On 4/17/2018 3:22 PM, iNilo wrote:
A player on my server was able to spam all the clients with a script he later linked ( https://hastebin.com/fufarowuba.cpp )

its causing massive console spams.


Someone has a fix for this?

- iNilo.



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

Nomaan Ahmad
In reply to this post by Stealth Mode
Where can I find this IP/decimal to Mac converter you speak of? Could you give an example? You speak highly of yourself, here is your chance to prove it.

On Sun, 22 Apr 2018, 4:07 am Stealth Mode, <[hidden email]> wrote:
The fix is to create a bash script that looks for that in the server log (the repietitive call to null.wav), and automatically ban. If you push the IP through a ip/decimal conversion tool you can make it a Mac address ban right in the hardware packet/transport layer.

End of message.

On Thu, Apr 19, 2018, 20:04 wickedplayer494 <[hidden email]> wrote:
Just to keep everyone on the list in the loop, McJohn said that a fix for servers crashing (which I can only assume is a result of this) is being worked on: https://www.reddit.com/r/GlobalOffensive/comments/8d7hkr/3kliksphilips_interview_with_a_cheater/dxljl53/?context=3

On 4/17/2018 3:22 PM, iNilo wrote:
A player on my server was able to spam all the clients with a script he later linked ( https://hastebin.com/fufarowuba.cpp )

its causing massive console spams.


Someone has a fix for this?

- iNilo.



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

mukunda
I'm pretty sure mac addresses aren't even exposed to the server; this topic is getting pretty derailed isn't it?

On Sat, Apr 21, 2018 at 8:48 PM, Nomaan Ahmad <[hidden email]> wrote:
Where can I find this IP/decimal to Mac converter you speak of? Could you give an example? You speak highly of yourself, here is your chance to prove it.

On Sun, 22 Apr 2018, 4:07 am Stealth Mode, <[hidden email]> wrote:
The fix is to create a bash script that looks for that in the server log (the repietitive call to null.wav), and automatically ban. If you push the IP through a ip/decimal conversion tool you can make it a Mac address ban right in the hardware packet/transport layer.

End of message.

On Thu, Apr 19, 2018, 20:04 wickedplayer494 <[hidden email]> wrote:
Just to keep everyone on the list in the loop, McJohn said that a fix for servers crashing (which I can only assume is a result of this) is being worked on: https://www.reddit.com/r/GlobalOffensive/comments/8d7hkr/3kliksphilips_interview_with_a_cheater/dxljl53/?context=3

On 4/17/2018 3:22 PM, iNilo wrote:
A player on my server was able to spam all the clients with a script he later linked ( https://hastebin.com/fufarowuba.cpp )

its causing massive console spams.


Someone has a fix for this?

- iNilo.



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reflex Gamers --- 24/7 Office : 74.201.57.168 [and several other servers] --- www.reflex-gamers.com
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

lay295
In reply to this post by Stealth Mode
I really don't understand. You keep going on and on and on and on about how
easy it is to exploit these servers, why don't you make a proof of concept
attack and show it off?

If there are as many attack vectors as you say there are, and you're such an
expert, shouldn't be that hard then no?

Also you're saying that in this attack clients were able to send arbitrary
code/scripts to other clients to play null.wav, but it was hard coded in the
client hence no arbitrary code was executed.

https://imgur.com/ziLyW6v



--
Sent from: http://csgo-servers.1073505.n5.nabble.com/

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

Zaretti Steve
In reply to this post by mukunda
you are right. You can only see the mac of the nearest switch/router.
Stealth Mode is just spamming some random word.

2018-04-22 6:42 GMT+02:00 Mukunda Johnson <[hidden email]>:

> I'm pretty sure mac addresses aren't even exposed to the server; this topic
> is getting pretty derailed isn't it?
>
> On Sat, Apr 21, 2018 at 8:48 PM, Nomaan Ahmad <[hidden email]> wrote:
>>
>> Where can I find this IP/decimal to Mac converter you speak of? Could you
>> give an example? You speak highly of yourself, here is your chance to prove
>> it.
>>
>> On Sun, 22 Apr 2018, 4:07 am Stealth Mode, <[hidden email]>
>> wrote:
>>>
>>> The fix is to create a bash script that looks for that in the server log
>>> (the repietitive call to null.wav), and automatically ban. If you push the
>>> IP through a ip/decimal conversion tool you can make it a Mac address ban
>>> right in the hardware packet/transport layer.
>>>
>>> End of message.
>>>
>>> On Thu, Apr 19, 2018, 20:04 wickedplayer494 <[hidden email]>
>>> wrote:
>>>>
>>>> Just to keep everyone on the list in the loop, McJohn said that a fix
>>>> for servers crashing (which I can only assume is a result of this) is being
>>>> worked on:
>>>> https://www.reddit.com/r/GlobalOffensive/comments/8d7hkr/3kliksphilips_interview_with_a_cheater/dxljl53/?context=3
>>>>
>>>> On 4/17/2018 3:22 PM, iNilo wrote:
>>>>
>>>> A player on my server was able to spam all the clients with a script he
>>>> later linked ( https://hastebin.com/fufarowuba.cpp )
>>>>
>>>> its causing massive console spams.
>>>>
>>>> https://i.imgur.com/nOWLkeq.png
>>>>
>>>> Someone has a fix for this?
>>>>
>>>> - iNilo.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Csgo_servers mailing list
>>>> [hidden email]
>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>>
>>>> _______________________________________________
>>>> Csgo_servers mailing list
>>>> [hidden email]
>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>> _______________________________________________
>>> Csgo_servers mailing list
>>> [hidden email]
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>>
>> _______________________________________________
>> Csgo_servers mailing list
>> [hidden email]
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Exploit that spams/lags clients

Stealth Mode
In reply to this post by lay295
Because it has already had a P.O.C. over 2 decades ago.

On Sun, Apr 22, 2018, 01:22 lay295 <[hidden email]> wrote:
I really don't understand. You keep going on and on and on and on about how
easy it is to exploit these servers, why don't you make a proof of concept
attack and show it off?

If there are as many attack vectors as you say there are, and you're such an
expert, shouldn't be that hard then no?

Also you're saying that in this attack clients were able to send arbitrary
code/scripts to other clients to play null.wav, but it was hard coded in the
client hence no arbitrary code was executed.

https://imgur.com/ziLyW6v



--
Sent from: http://csgo-servers.1073505.n5.nabble.com/

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
1234