Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CounterStrike (HalfLife?) Server possible DoS attack.

From: hellNbak <hellnbak () nmrc org>
Date: Thu, 28 Nov 2002 23:32:01 -0600 (CST)
Dude don't mess with my fraggin counterstrike.  :-)

Tested on latest version with all patches and it doesn't work.  But if I
remember correctly the patch was on the server side so mileage may vary.

On Thu, 28 Nov 2002, Patrick Webster wrote:


Date: Thu, 28 Nov 2002 11:12:24 +1100
From: Patrick Webster <webster_p () DeMorgan com au>
To: "SF-Vuln-Dev (E-mail)" <vuln-dev () securityfocus com>
Subject: CounterStrike (HalfLife?) Server possible DoS attack.

Hi Guys,

Could someone who actually has CounterStrike on their PC look into this for
me and see if it still exists?
Last I remember, it was possible to crash a CS server and thus disconnect
all users by requesting "say nextmap" multiple times.
To reproduce this attack, you simply bind any key to ask the server to
display the next map - I recall it as 'say nextmap'.
So, for example;

F6 = 'say nextmap; say nextmap; say nextmap; say nextmap; say nextmap; say
nextmap; say nextmap; say nextmap; say nextmap; say nextmap; say nextmap'

Connect to a server, and rapidly press F6 until you are disconnected. Try
and reconnect - the service should have crashed.

Thanks,

Patrick Webster,
Systems Administrator

DeMorgan Information Security Services

Freecall: 1800 DE MO RG (33 66 74)
Tel: +61299290377
Fax: +61299290917
Mob: +61403421390

Address: Level 2, 41 McLaren St
North Sydney, NSW, 2060, Australia

Visit us at: www.demorgan.com.au


-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak () nmrc org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Previous By Date Next
Previous By Thread Next

Current thread: