Open Luuzzi opened 1 year ago
A small suggestion, if it's appropriate. Please check the topics I've sent, find the match IDs, and examine the profiles of the players who participated in those matches. If you have logs, you'll understand the specific action used to attack the Steam clients of the victims.
I would also advise blocking the entire botnet network that the perpetrators currently have because it's unclear what else they could do with it.
And please ensure that there are no similar mechanisms for attacking regular PC users because this botnet could eventually become public, leading to chaos. I still believe it would be sensible to impose limits on the number of packets sent within a specific time frame for each profile. This mechanism must be implemented in Steam backend, and I believe there's no need to explain why.
@kisak-valve it's not dota 2 problem, it's steam backend problem. We have not received a response for an extended period of time. Please take note of this issue. The attack also works in other games; it's impossible to play any multiplayer games like Dota 2, Counter-Strike, etc.
@TobyFlendersonFromHR
They simply lack a proper hierarchy within the company, and problems emerge with a delay of five years or more. I remember getting burned by the issue where you could just forward a trade offer confirmation with a link, and someone else could confirm it on your behalf. I'm afraid to imagine how many people lost their valuable items (and money) as a result.
If this exploit were to become public, it would indeed spell doomsday for all multiplayer games on Steam. Right now, preventive measures are urgently needed. The situation is truly dire, and this problem needs to be brought to the maximum attention right away.
@Luuzzi Imagine they didn't even bother to read the issue and moved it to another repository
It will be evident within the next few days; I'm not sure about their working schedule as today are the weekend. Perhaps, on Monday, someone will take notice. However, I have a second theory that they simply move all the issues (those they don't want to solve) to the Dota 2 repository, where they are subsequently ignored. Let's hope I'm wrong, and they will take some action.
Status: no one cares.
xd
Hello, my message is not directly related to steam-for-linux; it concerns the entire architecture of the Steam backend. Unfortunately, there isn't a specific tracker where I can publish my message, so I'm posting it here.
I believe a group of individuals has assembled a sort of botnet, which they are using to carry out attacks on Steam clients of streamers or professional gamers. I cannot debug the packets to pinpoint the issue and determine the exact tools they are using because it hasn't affected me, and unfortunately, I cannot contact those who have been affected by it.
However, I have a few assumptions. I'm not familiar with the steam-client architecture, but it seems that malicious actors are exploiting a vulnerability and sending a flood of garbage packets. I can't specify the exact nature of these packets, but it's clear that this is happening through Steam servers because the victims' internet connections remain unaffected; they just can't play online games via the Steam platform. Perhaps it's some kind of "invisible" packet, such as a notification that you've been added to a blacklist or something similar. There are hundreds of such mechanisms. Because a large number of clients have turned into a botnet, the malicious actor(s) simply send these requests in thousands to specific streamers/professional players' accounts. The packet processing queue starts to slow down all other mechanisms, causing issues with the client.
I think a reasonable solution would be to limit the sending of such packets to one user profile. For example, when the Steam backend detects that a multitude of similar packets are being sent to a specific profile, it could start restricting the sending to stop the spam and normalize the queue.
I wouldn't want to see this malicious software at the upcoming TI, as Valve could suffer reputation damage. By the way, this bug has been around for about six months, but no one seems to be reacting to it. I hope for your understanding.
Best regards.
https://github.com/ValveSoftware/Dota2-Gameplay/issues/9529 https://github.com/ValveSoftware/Dota2-Gameplay/issues/11944 https://github.com/ValveSoftware/Dota2-Gameplay/issues/12022