Re: [hlds_linux] New 1.6 Exploit very dangerous!
Right, they both require a challenge. -Original Message- From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Saul Rennison Sent: Saturday, August 04, 2012 11:03 AM To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] New 1.6 Exploit very dangerous! Don't A2S_RULES and A2S_PLAYERS require a challenge? That completely breaks spoofed IP attacks. Kind regards, *Saul Rennison* On 4 August 2012 18:41, Oskar Levin os...@dataviruset.com wrote: I'm not sure this is fixed. It's still possible to get the convars of the server, right? Then it must still be possible to craft a UDP packet with a spoofed sender and that way make the server send a reply to the spoofed IP address? Best regards Oskar Levin os...@dataviruset.com -Ursprungligt meddelande- Från: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] För John Skickat: den 4 augusti 2012 19:05 Till: hlds_linux@list.valvesoftware.com Ämne: Re: [hlds_linux] New 1.6 Exploit very dangerous! On 8/3/2012 7:50 PM, LocalStrike | Live your game! wrote: i read this from a forum and at this time we have the same situation here! please we need a fix asap! Valve fixed this attack in the most recent Goldsrc engine release (July 31): ... This update fixes a potential vulnerability in the challenge/response protocol uses for out of band queries (in particular A2S_RULES and A2S_PLAYERS responses)... Since it's not a required release, many server operators are not running it yet. In terms of what you can do to block the reflected attack on your end without waiting for others to update, you could use string-based rules that look for common cvars that will show in most output, or you could have a script that generates a list of IPs to block from tcpdump output and pushes that list into an ipset set, to be blocked with a single iptables rule. -John ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
[hlds_linux] Red Tape Recorder - still crashing?
So I'm wondering if I should keep the new sapper disabled on my servers or whether it's safe to re-enable it again, anyone know?. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
Re: [hlds_linux] Red Tape Recorder - still crashing?
From what I have heard the issue is still there, but I have no idea. My servers haven't crashed at all. On 8/6/2012 1:56 PM, Michael Johansen wrote: So I'm wondering if I should keep the new sapper disabled on my servers or whether it's safe to re-enable it again, anyone know?. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
Re: [hlds_linux] Red Tape Recorder - still crashing?
I'm blocking it on my servers still - there was an attempt at fixing it on that last patch but saw a few more crashes related to it. -Original Message- From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Michael Johansen Sent: Monday, August 06, 2012 4:57 PM To: hlds_linux@list.valvesoftware.com Subject: [hlds_linux] Red Tape Recorder - still crashing? So I'm wondering if I should keep the new sapper disabled on my servers or whether it's safe to re-enable it again, anyone know?. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
Re: [hlds_linux] New 1.6 Exploit very dangerous!
I dug into a user report of this, they were running a plugin that lets people from stolen versions of the game play on servers (dproto), that software has (at least one) bug that means you can be attacked. So yeah, be careful the 3rd party software you use on a server, and if its job is to let people steal the game - Alfred -Original Message- From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Alfred Reynolds Sent: Monday, August 06, 2012 9:41 AM To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] New 1.6 Exploit very dangerous! Right, they both require a challenge. -Original Message- From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Saul Rennison Sent: Saturday, August 04, 2012 11:03 AM To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] New 1.6 Exploit very dangerous! Don't A2S_RULES and A2S_PLAYERS require a challenge? That completely breaks spoofed IP attacks. Kind regards, *Saul Rennison* On 4 August 2012 18:41, Oskar Levin os...@dataviruset.com wrote: I'm not sure this is fixed. It's still possible to get the convars of the server, right? Then it must still be possible to craft a UDP packet with a spoofed sender and that way make the server send a reply to the spoofed IP address? Best regards Oskar Levin os...@dataviruset.com -Ursprungligt meddelande- Från: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] För John Skickat: den 4 augusti 2012 19:05 Till: hlds_linux@list.valvesoftware.com Ämne: Re: [hlds_linux] New 1.6 Exploit very dangerous! On 8/3/2012 7:50 PM, LocalStrike | Live your game! wrote: i read this from a forum and at this time we have the same situation here! please we need a fix asap! Valve fixed this attack in the most recent Goldsrc engine release (July 31): ... This update fixes a potential vulnerability in the challenge/response protocol uses for out of band queries (in particular A2S_RULES and A2S_PLAYERS responses)... Since it's not a required release, many server operators are not running it yet. In terms of what you can do to block the reflected attack on your end without waiting for others to update, you could use string-based rules that look for common cvars that will show in most output, or you could have a script that generates a list of IPs to block from tcpdump output and pushes that list into an ipset set, to be blocked with a single iptables rule. -John ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
Re: [hlds_linux] Red Tape Recorder - still crashing?
I haven't banned it on my server but nobody has attempted it - I know there are always those bands of roving jerks who will try it on every sever they can but from what I have seen it's not some rampant problem (yet). On Mon, Aug 6, 2012 at 2:22 PM, Frank ad...@gamerscrib.net wrote: I'm blocking it on my servers still - there was an attempt at fixing it on that last patch but saw a few more crashes related to it. -Original Message- From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Michael Johansen Sent: Monday, August 06, 2012 4:57 PM To: hlds_linux@list.valvesoftware.com Subject: [hlds_linux] Red Tape Recorder - still crashing? So I'm wondering if I should keep the new sapper disabled on my servers or whether it's safe to re-enable it again, anyone know?. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux