Spammer around Excessive Plus

29 replies [Last post]
24. February 2005 - 0:26
easy
Developer
easy's picture
Offline
Joined: Sep 2003
Posts:

Well guys, it seems we have some idiots using an exploit to crash our servers. If your server keeps crashing with the error message

ERROR: Info_SetValueForKey: oversize infostring

then your server is being attacked as well.

IP of that idiot: 84.149.231.52 (p5495E734.dip.t-dialin.net)

What can you do?

Wait until id software releases a new point release or download and apply this fix.

http://aluigi.altervista.org/patches/q3infofix.zip

Or block them with a firewall:
iptables -I INPUT 1 -p udp -m mport --dports 27960 -m string --string "\xff\xff\xff\xffgetstatus" -m length --length 50:inf -j DROP
iptables -I INPUT 1 -p udp -m mport --dports 27960 -m string --string "\xff\xff\xff\xffgetinfo" -m length --length 50:inf -j DROP

Top
24. February 2005 - 1:20
#1
[MR.]^SlipStream
Johny's picture
Offline
Joined: Aug 2004
Posts:
Spammer around Excessive Plus

Thanks easy I added the ip to the ban list how exaclty is he crashing the servers without rcon?

CLEMSON TIGERS ARE #1
**RETIRED**1st E+ forum whore Muhahaha :mrgreen:
*2nd highest NON-CHEATED post count***RETIRED**

Top
24. February 2005 - 1:24
#2
Anonymous
Spammer around Excessive Plus

Exploit slip, dont need rcon just a crafty codeman : /

Top
24. February 2005 - 1:34
#3
[MR.]GibletGrinder
z-monster's picture
Offline
Joined: Aug 2004
Posts:
Spammer around Excessive Plus

He can crash servers with an old school packet dump...similiar to crashing/booting yahoo, msn, & other chat clients but on a larger scale.

Send enough packets and you can crash a network or even restart the victims' computer. Winking

Purest evil... :twisted:

I used neotrace of this IP, located in Nürnberg.

"Samo sloga Srbina spasava"

Top
24. February 2005 - 11:42
#4
EVOL.GLUON
gluon's picture
Offline
Joined: Mar 2004
Posts:
Spammer around Excessive Plus

man Evil what a dick head Love struck

Top
24. February 2005 - 14:00
#5
$G*O*Q$ Dragon
MTM-Dragon's picture
Offline
Joined: Aug 2004
Posts:
Spammer around Excessive Plus

INFO

Quote:
84.149.231.52 (p5495E734.dip.t-dialin.net)

hmmm.... this IP is a Germyn IP from T-Online.

i think its a Dynamic IP.

Top
24. February 2005 - 15:02
#6
parasight [E+]
parasight's picture
Offline
Joined: Sep 2004
Posts:
Spammer around Excessive Plus
[MR.]GibletGrinder wrote:

Send enough packets and you can crash a network or even restart the victims' computer.

So this is basically a DOS attack?

parasight://infesting.your.senses

Top
24. February 2005 - 16:01
#7
[MR.]^SlipStream
Johny's picture
Offline
Joined: Aug 2004
Posts:
Spammer around Excessive Plus

oh so he is just changing his packets to a higher amount which crashes the server? oh i got it now if thats what it is.

CLEMSON TIGERS ARE #1
**RETIRED**1st E+ forum whore Muhahaha :mrgreen:
*2nd highest NON-CHEATED post count***RETIRED**

Top
24. February 2005 - 17:36
#8
[MR.]GibletGrinder
z-monster's picture
Offline
Joined: Aug 2004
Posts:
Spammer around Excessive Plus
parasight [E+] wrote:

So this is basically a DOS attack?

Not sure if that is what he is doing, but this is one possibility.

:-k

"Samo sloga Srbina spasava"

Top
24. February 2005 - 22:28
#9
{D*R*T} FAITH
Faith's picture
Offline
Joined: Dec 2004
Posts:
Spammer around Excessive Plus

i dont understand punks that think its ok, nice, and funny to hack servers, IMHO i wouldnt even call u a hacker arshole, ur are a scriptkidde who had a hard childhood

Top
31. August 2005 - 18:08
#10
GOKUlol.o.SSJ6
GOKUSSJ6's picture
Offline
Joined: May 2005
Posts:
Spammer around Excessive Plus

Hmmm why he want to crash servers for this nice MOD Thinking

EXCESSIVE PLUS IS THE BEST!!!!!!!
Gadu-Gadu: 1247344
Tlen.PL:

Watch my gallery http://gokussj6.deviantart.com

click here to get a nice kick ass E+ newest version!

Top