Vulnerability Development mailing list archives
Re: CounterStrike (HalfLife?) Server possible DoS attack.
From: "r00t" <sta () woh rr com>
Date: Thu, 28 Nov 2002 18:56:00 -0500
I tested this on the newest versions of half life dedicated servers for Windows and Linux running the cstrike mod. These servers also run adminmod,adminmod is what makes the "say nextmap" feature possible. I was booted from both, anti flood protection is another part of adminmod. Perhaps an older version of adminmod is vulnerable. I don't know of any servers using an older version of adminmod. Happy Thanksgiving! Cherish the fact you may be around those family members you detest...some people are alone and testing DoS exploits ;) ----- Original Message ----- From: "Patrick Webster" <webster_p () DeMorgan com au> To: "SF-Vuln-Dev (E-mail)" <vuln-dev () securityfocus com> Sent: Wednesday, November 27, 2002 7:12 PM Subject: CounterStrike (HalfLife?) Server possible DoS attack.
Hi Guys, Could someone who actually has CounterStrike on their PC look into this
for
me and see if it still exists? Last I remember, it was possible to crash a CS server and thus disconnect all users by requesting "say nextmap" multiple times. To reproduce this attack, you simply bind any key to ask the server to display the next map - I recall it as 'say nextmap'. So, for example; F6 = 'say nextmap; say nextmap; say nextmap; say nextmap; say nextmap; say nextmap; say nextmap; say nextmap; say nextmap; say nextmap; say nextmap' Connect to a server, and rapidly press F6 until you are disconnected. Try and reconnect - the service should have crashed. Thanks, Patrick Webster, Systems Administrator DeMorgan Information Security Services Freecall: 1800 DE MO RG (33 66 74) Tel: +61299290377 Fax: +61299290917 Mob: +61403421390 Address: Level 2, 41 McLaren St North Sydney, NSW, 2060, Australia Visit us at: www.demorgan.com.au
---------------------------------------------------------------------------- ----
---------------------------------------------------- This correspondence is for the named person's use only. It may contain confidential or legally privileged information or both. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this correspondence in error, please immediately delete it from your system and notify the sender. You must not disclose, copy or rely on any part of this correspondence if you are not the intended recipient. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of DeMorgan Pty Ltd. This e-mail has been checked for known Viruses. It is the responsibility of the receiver to check their system for infected files and any such file is deemed not to be the responsibility of DeMorgan. ---------------------------------------------------------
Current thread:
- CounterStrike (HalfLife?) Server possible DoS attack. Patrick Webster (Nov 28)
- Re: CounterStrike (HalfLife?) Server possible DoS attack. r00t (Nov 29)
- Re: CounterStrike (HalfLife?) Server possible DoS attack. hellNbak (Nov 29)