> thousands of srcds servers What are you talking about 😂 There's millions of other boxes. The genesis for all of this was SNMP +- NTP, which came after and was 50x worse per academia. NTP, SNMP, and CoD were the basic reflection staples of 2010.
There's MTU hacks that break other queries which further destroy the ecosystem regarding statistics. Breaking outside of the hacked STB ecosystem (and oh my lord is there a lot) this is not really a hot market anymore. There's boxes that can actually saturate the entire link now that don't have to spoof. My single port server receiving on 27015 killing an entire datacentre (which hit many other folks - to the point of pings on IRC) from getting a simple reflection attack is long gone. Basically, it's great that you've found the entire Valve + self-hosted ecosystem at its peak. But this is a decade old issue that no longer impacts real carriers, Kyle. On Mon, Nov 16, 2020 at 6:43 PM Calvin Judy - calvin at swiftnode.net (via csgo_servers list) <[email protected]> wrote: > > Kyle, > > SRCDS doesn't need to be a "majority stakeholder" to receive patches to known > security vulnerabilities. There's tens of thousands of srcds servers, nearly > all of which can be sent a spoofed query and will respond to a victim address > with server information. "Only 8x" is still enough to cause plenty of people > issues, when this can be resolved by a patch like Fletcher is suggesting. We > still see dozens of these attacks per month. Patching this won't have the > same impact as patching the memcached reflection, but it will still result in > a decrease in attacks, and allow a simplified mitigation solution. > > To break down how 8x can still overwhelm plenty of providers: > > Five servers/zombies on providers non-compliant with BCP38/RFC2827, each with > 1000mbit uplinks, send spoofed source engine queries to 5,000 srcds servers. > At 8x average amplification, the victim address will theoretically receive > 40Gbps worth of responses from those 5,000 srcds instances. > > Also, if I'm not mistaken, they did try to patch this previously a couple > years ago on CSGO, with the addition of the sv_max_queries_sec. But > unfortunately there's tens of thousands of srcds servers malicious actors can > cycle through, so those commands aren't very effective at their default > values. > > > I think where I'm going with this is why on gods green earth are we > doing this when SRCDS is just not a majority stakeholder on the > internet anymore. I'm confuzzled: and now I'm confused. > > Kyle. > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/ _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/
