Luigi Auriemma

Can I crash steam servers ?

yeah i really want to do that too :) but i couldn't find any

Steam servers are all updated so don't exist public vulnerabilities as far as I know

i was testing with my friend ... he hosted a ded server and i tested stuff in it...and i managed to cause a crash somehow.
game was CSS. i was just messing around with packet editor and memory editor, but im not sure what caused it.

if u still mean steam game server .. or u mean steam master servers ?

Usually when you receive an unexpected crash attach Olly to it (I hope you have the debugger attached as option) and take note of the offset in which the crash happens since could be useful for a later check.
Then click on the K command of Olly and take note of those addressesm they are the functions which called the one which crashed.
Depending by the type of crash (for example a format string is often easy to see in Olly) later you can set the needed breakpoints on those calls to know their purpose and, if a new crash happens, what caused it

Naturally these are only generic steps.

kind a old topic but ... friend who hosted it closed the error msg ..so blah. Well i was inside server so it wouldnt be external crash anyways...and once they ban you...there is nothing you can do.

There is a strange problem in Steam which can't be defined a security bug or a real problem at all, that's why I post it here:

steam://subscriptioninstall/0
or
steam://subscriptioninstall/what_you_wa ... ame_number

The effect is the freeze of Steam with CPU at 100%
in my opinion it's totally useless but probably could be useful to someone.

Today an user reported a Denial of Service which affected his server/configuration, anyway I doubt it works on all the servers (for example on Windows has no effect) or work at all.
In my opinion it can be a problem only in some specific conditions like the usage of certain type of terminals/console or the usage of screen, anyway the following is the proof-of-concept:

udpsz -l 10 127.0.0.1 27015 4010

On your server should appear many messages like the following:

"NET_QueuePacket: Oversize packet from 127.0.0.1:xxxxx"

So check your servers to see if this attack can be a problem.

And remaining in theme of udpsz, I have seen online many people talking about a type of Denial of Service versus Counter Strike using a packet of 55555 bytes like the following command:

udpsz -l 0 127.0.0.1 27015 55555

I have not verified if 55555 is a specific size (like in my previous post where 4010 is the needed packet size for causing the error message) or is just used as a big packet for flooding

udpsz ? ..not following. what is that ?

udpsz is a tool I wrote some time ago for playing easily with UDP packets:

http://aluigi.org/testz.htm

downloaded it. im sure it will come in handy somewhere.

55555 is not a specific size. It just worked when i tested udpsz

just a tought but ... is it possible to crash steam server/s with a valid user ? if i have cd-key and stuff...
or cd-keys.
not sure how .. but if i can get in server then it can be remade somehow ?
or maybe the simple login/logout flood will do it ?! ..or at least it should lag the crap out of the server.
if im correct you cant really ban player if its logging in and out really quickly.

luigi if you do udpsz pack sender for 158KiloByte, all hlds servers can crash.... And I tested this...

do not be limit 65535 byte pls... can you do it 158kb ?

sure, I can break the limit of 64 kilobyte per packet of the TCP/IP protocol and I can also create material from nothing breaking the rule that the material can't be created or destroyed but only modified... blah

I can generate black holes whenever I want.

udpsz have really crashed my sv.
Very nice.

well..
Ive tested in nonsteam server. Not steam yet.

you can do a server overflow using rcon

hlds crash server with hlshield ?

i try udpsz but only send 65500 byte not 158000 bytes ?

how can you do that ?

how can we protect hlds against this type of dos ? any fix/patch ?

[quote]i try udpsz but only send 65500 byte not 158000 bytes ? [/quote] Max udp packet size is 65500 bytes ;)

[quote]how can we protect hlds against this type of dos ? any fix/patch ?[/quote] Look above. This attack type is impossible ;o ?

"NET_QueuePacket: Oversize packet from 127.0.0.1:xxxxx"

so ? imposible u say ai ?

crashes?!
in HL x.1.1.1e that message is showed only as log (as I wrote in a previous post) without the handling of the packet or other results like a crash or a termination.

what exact version of HL are you using?
on what platform?
what mods?
and what security patches/work-arounds/solutions?
is it a crash or a termination of the server?
if it's a crash attach gdb at the process and let me know where the exception happens

in console apears this messege "NET_QueuePacket: Oversize packet from my ip:xxxxx" i gues is overflooding console because it apears many times and the hlds console gets time out and the server has no ping, i`m using hlds 4.1.1.1e mod cstrike,on windows. when i stop flooding server he recovers almost instantly.

mah, if you want to make a test change the byte at offset 0x4d331 of swds.dll from 0xaa to 0xa9 and retest the server.
and don't use -l 0 on local addresses because they are handled differently (faster packets which saturate everything, moreover 127.0.0.1 which is a virtual interface)