search

ValveSoftware / Source-1-Games

Source 1 based games such as TF2 and Counter-Strike: Source
660 stars 76 forks source link

[L4D2/ALL] Lag/DDoS/DoS exploit on L4D2/SRCDS servers #5493

Open freedomdiverr opened 9 months ago

freedomdiverr commented 9 months ago

Recently there has been a more common occurence of what looks to be an unpatched server exploit. I am unsure of one person is doing this, or it is a serious bug in SRCDS, but randomly throughout the day especially when a server gets players, it will lag extremely hard and in the console this will be spammed like 100 times a second. Invalid split packet length 4

This only happens for about 4-5 minutes, after which it stops after most people have left or lagged out so this looks like an exploit which someone is using to lag servers Valve released an update here : Added protections against malformed network packets.

I am not sure if they are aware of this problem or attempted to fix it here, but it has not been fixed at all and it seems to have made the issue worse as since this update this exploit has been happening more frequently.

This exploit does not seem to be listed here, but this exploit has been happening for a while now (a few months).

Anyone else have the same experience? This has been happening on numerous servers but seems to be more common on Linux servers but I have seen it on Windows too.

Wadmodder commented 2 months ago

In fact, Valve's inability to adapt to the feedback about bugs and security issues on their Source engine GitHub pages is pretty much a modern day repeat of many modder's failures to adapt to criticism and feedback to their custom works, including FakeFactory's failure of feedback for the HL2 Cinematic Mod, the developers of Build 2046/Der Schwarze Nebel failure to adapt to criticism and feedback to their work, Royal Rudius Entertainment's Hunt Down The Freeman refusal to acknowledge the use of stolen assets, and the developers of the HL2 Overcharged mod failure to adapt to criticism and feedback to their work.

Not only that, but if any of these DDOS attacks on Valve VAC servers that involved swatting results in a Steam user's death (which as of now hasn't happened), then it would result in the SIIA, BSA & ESA to informally ban any Valve employees (including Gabe Newell) from entering into any gaming or electronic expos that those organizations regulate every year.