Luigi Auriemma

When you change the sensivity value in the game

for ex:
sensivity 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
the game freezes and all my computer get stuck
so if I got and admin and do execall (typing commands on the server clients console)
all the computers of them get stuck

as I read, its call the teleport bug.

and aluigi how I can send udp packet to counter strike source server?

for using:

A2C_PRINT Spam (The Bell Bug that you talking about (I think))
SRCDS does not do any sort of authentication on A2C_PRINT messages. This means that anyone can print messages to the servers console, simply by sending UDP packets. It seems this is a legacy feature, and is not actually used by anything. Valve has been notified, and doesn't see this as a problem.

A2S_INFO Spam
If large numbers of A2S_INFO packets are sent at the server, the FPS will severely drop, making the server essentially unplayable. Since these packets can be spoofed, rate limiting one IP is fairly useless

ah but you see this has already been turned into several malicious tools, for example:

oopscrasher
german crasher
deviance crasher

the fix is simple and located here:

https://forums.alliedmods.net/showthread.php?t=95312

the packets that don't require other packets before them to work (so no auth/login/challenge-response/handshake) can be sent simply with my udpsz tool:
http://aluigi.org/testz.htm#udpsz

example for A2C_PRINT (shows "aaa"):
udpsz -C ffffffff6c616161 SERVER 27016 -1
udpsz -b a -C ffffffff6c SERVER 27016 1000

example for A2A_ACK:
udpsz -C ffffffff6a SERVER 27016 -1

add the -l 10 option for testing the sending of one packet each 10 milliseconds, and you will see that the server automatically bans the IP of the client that is causing the problem.

If you're going to copy and paste text off my page, you could at least include the fixes.. http://code.devicenull.org/index.php?ti ... 2_Exploits

I wrote a little poc of this myself, also i tryed udpsz -l 1 -b a -C ffffffff6c SERVER PORT -1
It sure fills the serverconsole with a2c_print stuff, but i dont see it lagging the server or even crashing it.

Any news on this one? Is it fixed or do i have to protect my servers?

-------
Edit:

I got my hands on this Oopscrasher sabados mentioned, but i dont see this one "exploiting" the a2c_print flaw.
It sure laggs the Server as hell, but to be honest i cant tell why.
Heres one of the packets it sends



So it basicly just spammes the server with


Regarding to http://developer.valvesoftware.com/wiki/Server_queries
any packet to a source server should start with \xff\xff\xff\xff
So this one clearly does not.
You will also notice its written for SAMP (A GTA San Andreas Multiplayer MOD).

Is it just the pure ammount of traffic to the server that laggs it?
That would mean you basicly just have to generate alot of traffic to the server, no matter whats in the packets.

as expected the endless sending of that "3BE!ody6SAMPBE!dii" string has no effect (untouched cpu and ram usage) versus my local css and tf2 server because that one is not a packet handled by the game.
remember also that the only way to test the effect of "something" is from another client and not the same pc from which you are sending the packets.

That's what i thought should happen, but...

http://85.131.170.109/neo/logs.jpg

This is a CSpromod server (basicly CS:S) running on a linux debian root.
I might test it with as CS:S server when i got the time to set one up, but im pretty sure the effect will be the same.

My friend in Teamspeak verified that the Server was lagging.
Also heres the source of Oopscrasher i found in the wild.



I noticed the String in the source is "qw(I,]E'c@3OC+3BE!ody6SAMPBE!dii)" i dont know why in the Wireshark capture only "3BE!ody6SAMPBE!dii)" showed up...

If you want to test it for yourself heres the copy of Oopscrasher i used: http://85.131.170.109/neo/OopsCrasher.zip

in that case it means it's just CSS that can't handle too much consecutive packets, which is enough strange for a similar type of game but it's in line with the words of various people that used my udpsz tool for causing this type of lag (search udpsz 55555 on google).
really weird.

You think there's any chance of blocking something like this, maybe some iptable rule on linux?
As far as i know these sourcemod anti dos plugins only blocking a2c_print and a2s_info correct me if im wrong.

it's enough problematic to filter a flooding of packets, first because they can be spoofed (although only skilled people can do it) and then because the only way is building a per-IP check which means tracking each IP... definitely a boring thing that consumes enough resources.
for example I was thinking to a work-around like checking only the amount of packets from the last IP and the elapsed times, something like if you receive more than 5 packets from the last IP within 100 ms then ban it via iptables, anyway are only random thoughts

By "skilled" you talking about using raw sockets to change the packets header? Well, in that case i know some skilled people ;)
I hoped there where some magic linux iptable command to ban an ip if it send more then, 5packets within 100ms.
Looks like we have to hope for the best...

Thanks for your thoughts and see you around.

with "skilled" I mean that one and obviously the practical possibility of doing it, because nowadays with routers and NATs it's no longer as in the past (the good old computer with public IP address ih ih ih).
anyway could exist something linux specific to avoid a similar flooding of packets, but I don't have something to suggest.