The 'nextmap' chat command is an Admin-Mod command and not a built-in Counter-Strike or Half-life command. Furthermore, if an anti-flood plugin is installed, such as the one that comes with Admin-Mod it must be the first plugin listed in Admin-Mod's plugins.ini or else the other plugins will interpret what is sent first rendering the anti-flood plugin useless. There was a bug in Half-Life Dedicated Server (HLDS) which would cause the service to crash if certain commands were flooded to the server. This bug was fixed in HLDS 3.1.1.0b and 4.1.1.0b beta builds of HLDS available at files.valve-erc.com (password required, you can find it in hlds hlds_linux mailling list archives.) This beta update came out May 11, 2002 so its been out there a long time and most servers are using it. So for clarification: 1) This issue is not new, it has been discussed on the HLDS and HLDS_LINUX ML. 2) A patch has been available since early May. 3) Even without the patch, if a proper anti-flood plugin is installed correctly its not an issue. 4) There have been exploit scripts available for these bugs (including this one) for over a year. 5) The reporter of this bug ought to be banned from HL for using scripts for the purpose of causing denial-of-service attacks (he most likely learned of the attack from the many websites that describe or from cheat software that have such exploits built-in. -Stan Bubrouski On Thu, 28 Nov 2002, hellNbak wrote: > Dude don't mess with my fraggin counterstrike. :-) > > Tested on latest version with all patches and it doesn't work. But if I > remember correctly the patch was on the server side so mileage may vary. > > On Thu, 28 Nov 2002, Patrick Webster wrote: > > > Date: Thu, 28 Nov 2002 11:12:24 +1100 > > From: Patrick Webster <webster_pat_private> > > To: "SF-Vuln-Dev (E-mail)" <vuln-devat_private> > > Subject: CounterStrike (HalfLife?) Server possible DoS attack. > > > > Hi Guys, > > > > Could someone who actually has CounterStrike on their PC look into this for > > me and see if it still exists? > > Last I remember, it was possible to crash a CS server and thus disconnect > > all users by requesting "say nextmap" multiple times. > > To reproduce this attack, you simply bind any key to ask the server to > > display the next map - I recall it as 'say nextmap'. > > So, for example; > > > > F6 = 'say nextmap; say nextmap; say nextmap; say nextmap; say nextmap; say > > nextmap; say nextmap; say nextmap; say nextmap; say nextmap; say nextmap' > > > > Connect to a server, and rapidly press F6 until you are disconnected. Try > > and reconnect - the service should have crashed. > > > > Thanks, > > > > Patrick Webster, > > Systems Administrator > > > > DeMorgan Information Security Services > > > > Freecall: 1800 DE MO RG (33 66 74) > > Tel: +61299290377 > > Fax: +61299290917 > > Mob: +61403421390 > > > > Address: Level 2, 41 McLaren St > > North Sydney, NSW, 2060, Australia > > > > Visit us at: www.demorgan.com.au > > -- > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > "I don't intend to offend, I offend with my intent" > > hellNbakat_private > http://www.nmrc.org/~hellnbak > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- >
This archive was generated by hypermail 2b30 : Sun Dec 01 2002 - 12:42:26 PST