On 8/3/2012 7:50 PM, LocalStrike | Live your game! wrote:
i read this from a forum and at this time we have the same situation here!
please we need a fix asap!
Valve fixed this attack in the most recent Goldsrc engine release (July 31):
"... This update fixes a potential vulnerability in the
challenge/response protocol uses for out of band queries (in particular
A2S_RULES and A2S_PLAYERS responses)... "
Since it's not a required release, many server operators are not running
it yet.
In terms of what you can do to block the reflected attack on your end
without waiting for others to update, you could use string-based rules
that look for common cvars that will show in most output, or you could
have a script that generates a list of IPs to block from tcpdump output
and pushes that list into an "ipset" set, to be blocked with a single
iptables rule.
-John
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
