I tested this on the newest versions of half life dedicated servers for Windows and Linux running the cstrike mod. These servers also run adminmod,adminmod is what makes the "say nextmap" feature possible. I was booted from both, anti flood protection is another part of adminmod. Perhaps an older version of adminmod is vulnerable. I don't know of any servers using an older version of adminmod. Happy Thanksgiving! Cherish the fact you may be around those family members you detest...some people are alone and testing DoS exploits ;) ----- Original Message ----- From: "Patrick Webster" <webster_pat_private> To: "SF-Vuln-Dev (E-mail)" <vuln-devat_private> Sent: Wednesday, November 27, 2002 7:12 PM Subject: CounterStrike (HalfLife?) Server possible DoS attack. > Hi Guys, > > Could someone who actually has CounterStrike on their PC look into this for > me and see if it still exists? > Last I remember, it was possible to crash a CS server and thus disconnect > all users by requesting "say nextmap" multiple times. > To reproduce this attack, you simply bind any key to ask the server to > display the next map - I recall it as 'say nextmap'. > So, for example; > > F6 = 'say nextmap; say nextmap; say nextmap; say nextmap; say nextmap; say > nextmap; say nextmap; say nextmap; say nextmap; say nextmap; say nextmap' > > Connect to a server, and rapidly press F6 until you are disconnected. Try > and reconnect - the service should have crashed. > > Thanks, > > Patrick Webster, > Systems Administrator > > DeMorgan Information Security Services > > Freecall: 1800 DE MO RG (33 66 74) > Tel: +61299290377 > Fax: +61299290917 > Mob: +61403421390 > > Address: Level 2, 41 McLaren St > North Sydney, NSW, 2060, Australia > > Visit us at: www.demorgan.com.au ---------------------------------------------------------------------------- ---- > ---------------------------------------------------- > > This correspondence is for the named person's use only. It may > contain confidential or legally privileged information or both. > No confidentiality or privilege is waived or lost by any > mistransmission. If you receive this correspondence in error, please > immediately delete it from your system and notify the sender. You > must not disclose, copy or rely on any part of this correspondence > if you are not the intended recipient. > > Any views expressed in this message are those of the individual sender, > except where the sender expressly, and with authority, states them to > be the views of DeMorgan Pty Ltd. > > This e-mail has been checked for known Viruses. It is the responsibility > of the receiver to check their system for infected files and any such > file is deemed not to be the responsibility of DeMorgan. > > --------------------------------------------------------- >
This archive was generated by hypermail 2b30 : Sat Nov 30 2002 - 12:40:03 PST