Drop packets from his ip with iptables. See if he can do any crashing
after that.
-ics
Mitchell Huang kirjoitti:
Late Saturday night (2014-03-02), AKARaccoon (
http://steamcommunity.com/id/AKARaccoon,
http://www.reddit.com/user/AKARacooon, IP 70.192.16.230) joined our server
on alts and started aimbotting. After we banned a couple of his accounts,
he said, at 01:07:41 EDT:
"Hey faggot, I don't like being kicked. Server goes down for you now. <3"
The server then immediately crashed and was unreachable. Initially, we
assumed it was a DDoS, however the network logs showed nothing out of the
ordinary.
Server network graph (times are in PDT): http://i.imgur.com/Otip5JW.png
Very normal network logs for a TF2 server... no more than 5Mbit traffic the
entire time.
There is also nothing unusual in the SRCDS logs. No RCON login attempts or
anything out of the ordinary.
After the first crash, he reconnects as "BAN ME NOW FAGGOT"
(STEAM_0:1:84052152) and says:
"CRSAH"
"I crashed the server."
"Faggot admins wanna try and ban me."
"Lol, no."
"I always win."
"Faggots."
We then kicked and banned him again at 01:11:10 EDT, and the server again
crashed within a couple of minutes of his ban. After shutting down all
connections to the server and looking through our logs, we found suspicious
segfaults coinciding with the server crashes:
Mar 2 01:08:09 ny kernel: [593389.393517] srcds_linux[19195]: segfault at
5b ip 00000000ed2b8b4a sp 00000000ffcb85c0 error 4 in
server_srv.so[eccab000+65c000]
Mar 2 01:09:30 ny kernel: [593470.670819] srcds_linux[20799]: segfault at
3ed ip 00000000ed2e3b4a sp 00000000ff822540 error 4 in
server_srv.so[eccd6000+65c000]
Mar 2 01:12:26 ny kernel: [593646.211683] srcds_linux[20828]: segfault at
60 ip 00000000ed21fb4a sp 00000000ff862270 error 4 in
server_srv.so[ecc12000+65c000]
It looks as if he exploited something in server_srv.so to make the server
crash. We run SRCDS on Linux (Debian stable). We are not sure if windows
servers are also affected.
We also found a similar post related to him on the Lotus Clan forums dated
Feb 18 where players mentioned that he crashed the server after aimbotting.
However, we doubt it's related to the achievement manager spam the first
poster mentions:
http://forums.gamingterritory.com/topic/28821-ban-request-akaraccoon-server-crashing-god/
Thoughts?
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
