OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: r00t (sta_at_woh.rr.com)
Date: Thu Nov 28 2002 - 17:56:00 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I tested this on the newest versions of half life dedicated servers for
    Windows and Linux running the cstrike mod. These servers also run
    adminmod,adminmod is what makes the "say nextmap" feature possible. I was
    booted from both, anti flood protection is another part of adminmod. Perhaps
    an older version of adminmod is vulnerable. I don't know of any servers
    using an older version of adminmod.

    Happy Thanksgiving!
    Cherish the fact you may be around those family members you detest...some
    people are alone and testing DoS exploits ;)
    ----- Original Message -----
    From: "Patrick Webster" <webster_pDeMorgan.com.au>
    To: "SF-Vuln-Dev (E-mail)" <vuln-devsecurityfocus.com>
    Sent: Wednesday, November 27, 2002 7:12 PM
    Subject: CounterStrike (HalfLife?) Server possible DoS attack.

    > Hi Guys,
    >
    > Could someone who actually has CounterStrike on their PC look into this
    for
    > me and see if it still exists?
    > Last I remember, it was possible to crash a CS server and thus disconnect
    > all users by requesting "say nextmap" multiple times.
    > To reproduce this attack, you simply bind any key to ask the server to
    > display the next map - I recall it as 'say nextmap'.
    > So, for example;
    >
    > F6 = 'say nextmap; say nextmap; say nextmap; say nextmap; say nextmap; say
    > nextmap; say nextmap; say nextmap; say nextmap; say nextmap; say nextmap'
    >
    > Connect to a server, and rapidly press F6 until you are disconnected. Try
    > and reconnect - the service should have crashed.
    >
    > Thanks,
    >
    > Patrick Webster,
    > Systems Administrator
    >
    > DeMorgan Information Security Services
    >
    > Freecall: 1800 DE MO RG (33 66 74)
    > Tel: +61299290377
    > Fax: +61299290917
    > Mob: +61403421390
    >
    > Address: Level 2, 41 McLaren St
    > North Sydney, NSW, 2060, Australia
    >
    > Visit us at: www.demorgan.com.au

    ---------------------------------------------------------------------------- 

    ----

    > ----------------------------------------------------
>
>  This correspondence is for the named person's use only.  It may
>  contain confidential or legally privileged information or both.
>  No confidentiality or privilege is waived or lost by any
>  mistransmission.  If you receive this correspondence in error, please
>  immediately delete it from your system and notify the sender.  You
>  must not disclose, copy or rely on any part of this correspondence
>  if you are not the intended recipient.
>
>  Any views expressed in this message are those of the individual sender,
>  except where the sender expressly, and with authority, states them to
>  be the views of DeMorgan Pty Ltd.
>
>  This e-mail has been checked for known Viruses. It is the responsibility
>  of the receiver to check their system for infected files and any such
>  file is deemed not to be the responsibility of DeMorgan.
>
> ---------------------------------------------------------
>