Re: [hlds_linux] HL2 engine new exploit (empty UDP query)?

Joseph Laws Fri, 16 Oct 2009 10:05:35 -0700

I have lots of this type of activity that is visible in DMESG.  It used 
to crash out the servers but now it just seems to limit the ability to 
connect for periods of time.  There are always multiple IP sources so 
banning the IPs in firewall will only work for so long.  There is an 
obvious patch requirement.


J.Miribel wrote:
> Hello,
>
> It seems there is a new exploit allowing people to spam a HL2 server is 
> out.. In fact it spams the serveur with empty UDP queries..
> It does not crash the server but if you look at the server with HLSW the 
> ping skyrockets to 1000 (instead of.. 10). Impossible to connect to the 
> server neither.
>
> We just added his IP in our ACL to fix my issue, but not everyone has L3 
> switches out there..
>
> Any one faced that problem before ? Is there a workaround other than 
> filtering the attacker's IP ?
>
> Oh and yeah I left the guy's IP public.. ;)
>
> Here are my tcpdump:
> 18:45:56.661173 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.662657 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.663906 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.665371 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.666848 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.668084 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.669294 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.670544 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.672015 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.673282 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.674463 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.675939 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.677175 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.678408 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.679886 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.681135 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.682617 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.683843 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.685315 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.686565 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.687801 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.689245 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.690471 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.691715 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.693198 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.694425 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.695662 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.696898 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.698630 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.699870 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.701090 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.702568 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.703805 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.705042 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.706513 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.707756 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.708980 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.710258 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.711696 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.712892 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.714203 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.715881 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.717085 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.718396 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.719806 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.721030 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.722343 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
> 18:45:56.723501 IP ANancy-157-1-14-14.w86-204.abo.wanadoo.fr.1473 > 
> XXX.XXX.XXX.XXX.27015: UDP, length 0
>
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com 
> Version: 8.5.421 / Virus Database: 270.14.20/2440 - Release Date: 10/16/09 
> 06:32:00
>
>   
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] HL2 engine new exploit (empty UDP query)?

Reply via email to