The behavior you described about IP binding is correct: Steam will
always use the IP bound to the Steam socket as the "public IP"
regardless of the IP that the game server is bound to.
I'm not familiar with any sort of UDP spoofing attack either disguised
as the gameserver or Steam. I would assume such an attack would require
you know the client port number, connection ids of one endpoint, and a
sequence number inside the window. If you have any packet captures of
the attack that would be helpful to know.
I would suggest using TCP to prevent such an attack, but the TCP
connection is disabled in server builds because of the "public IP"
problem you mentioned (because the TCP connection will not bind to the
game server IP).
If the client port is the same as the game port (I think there's a
socket sharing cvar somewhere?) that might explain part of the
effectiveness of the spoof attack, in which case I would investigate
whether -steamport helps you.
On 10/22/2014 3:24 PM, Rodrigo Peña wrote:
Hello,
"Hackers" are able to bring down the servers' steam connection by
spoofing steam server IPs, as they know what IP address is being used by
the gameserver to make the connection to steam backend (used for master
list and item connection).
Please implement a way to choose the source IP to use to connect to the
steam servers so we can make it harder to hackers to make the server
dissapear from the list and disconnect it from item server.
Currently if you do some tricks like changing source-ip with iptables or
a custom plugin to force the steam connection ip binding to a certain
IP, the server will get a wrong Public IP, and then it will advertise it
to the master list, resulting in refreshing players favorite server
entry with the wrong public IP (where the gameserver won't accept
connections), and also if you connect to the IP where the server is
listening, you will show the wrong public IP at friends.
Any words on this?
Thanks!
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
