Right, they both require a challenge. -----Original Message----- From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Saul Rennison Sent: Saturday, August 04, 2012 11:03 AM To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] New 1.6 Exploit very dangerous!
Don't A2S_RULES and A2S_PLAYERS require a challenge? That completely breaks spoofed IP attacks. Kind regards, *Saul Rennison* On 4 August 2012 18:41, Oskar Levin <os...@dataviruset.com> wrote: > I'm not sure this is fixed. It's still possible to get the convars of the > server, right? Then it must still be possible to craft a UDP packet with a > spoofed sender and that way make the server send a reply to the spoofed IP > address? > > Best regards > Oskar Levin > os...@dataviruset.com > > -----Ursprungligt meddelande----- > Från: hlds_linux-boun...@list.valvesoftware.com > [mailto:hlds_linux-boun...@list.valvesoftware.com] För John > Skickat: den 4 augusti 2012 19:05 > Till: hlds_linux@list.valvesoftware.com > Ämne: Re: [hlds_linux] New 1.6 Exploit very dangerous! > > On 8/3/2012 7:50 PM, LocalStrike | Live your game! wrote: > > i read this from a forum and at this time we have the same situation > here! > > please we need a fix asap! > > Valve fixed this attack in the most recent Goldsrc engine release (July > 31): > > "... This update fixes a potential vulnerability in the challenge/response > protocol uses for out of band queries (in particular A2S_RULES and > A2S_PLAYERS responses)... " > > Since it's not a required release, many server operators are not running it > yet. > > In terms of what you can do to block the reflected attack on your end > without waiting for others to update, you could use string-based rules that > look for common cvars that will show in most output, or you could have a > script that generates a list of IPs to block from tcpdump output and pushes > that list into an "ipset" set, to be blocked with a single iptables rule. > > -John > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
