%n

yadalogo

yadalogo

Newbie
Joined
Feb 22, 2004
Messages
333
Reaction score
0
anyone know if valve is going to stop the retard nubs from doign the %n server crash thing!
 
Of course Valve is going to fix it, what kind of a dumbass question is that?

And by the way posting exploits is really not a good idea, think about it.
 
you have like a 20 sec window to leave--when you see "shithead has changed his name to %n" run the **** away
 
"Is a certin "usergroup" crashing your server? Feel like you can't do anything to stop or strike back? Think again. The recently discovered exploit that can cause all connected users to crash back to their desktop is nothing short of a Denial of Service. In some cases, this can force you to restart your srcds service. If you live in the United States and the attack originates within the US, this is illegal. Is it a major cybercrime? Obviously not however it's against every AUP published by every ISP. At a minimum, you can get the offenders internet access turned off. Depending on the state and how far you want to take things, this can become a federal offense (crosses state lines, electronic attack, denial of service, knowlingly causing a disruption, etc etc etc) but don't get your hopes up on the latter.

So, what can you do? If you know how the attack occurs, there is a certin "change" you can search for in your server logs. Find out who made that change and then look for their connection string to your server. When they connect, your server records their IP address. It is their real IP address and cannot be spoofed due to the bi-directional communication that is required in CS:S. The string you are looking for looks like this (edited for obvious reasons):

L 10/16/2004 - 22:35:23: "<attacker name>" connected, address "<address>:27005"

1. Take the <address> field and go to http://www.arin.net
2. Click on WHOIS Search
3. Enter the IP address and hit the search button
4. This will show the ISP and owner of the IP address space
5. In some cases you'll have to click again on a specific IP address block.
6. There will be contact info, usually an abuse email address.
7. Structure your email like the following (will vary by ISP):

date - 10/16/2004
time - 11:05:19
timezone - Central
source IP address - <attacker IP>
destination IP address - <your server IP>
sending port - 27005
receiving port - 27015
type of protocol - UDP
frequency - once
specifics of the attack if applicable - The username is question is <attacker name> connecting from IP address <address> which is leased from Classic Net Communications (verified via ARIN). The user initiates the attack by <attack details, removed for obvious reasons>. The user in question knows that what they are doing will cause users to be "owned" because this is an active attack meaning the user has to issue a series of commands. The user also says (which shows intent and knowledge): "man, this server is full" and "perhaps we should clear it out". The attack then causes all attached user machines to crash and the server itself to "lag out" requiring a restart of the daemon. The user reconnected approximately 40 minutes later and repeated this exploit. Logs available on request. Thank you for your immediate attention to this matter.

<insert your contact info here>

I've done this 17 times in the past 36 hours. I've had 12 replies stating that the offenders internet access has been disabled. Most of are kids I'm sure and they'll have to explain to their parents why the cable + internet was turned off. I have also been on the phone w/ 5 of the ISPs. They have asked for server logs as further proof and have indicated that they will take this further than just turning off ISP access. It takes time but word will get out among the hacker/script kiddie community and this should trail off. In a post 9/11 world, this activity is very sensitive and quite illegal. Is it as bad as crashing a bank's system or DDoS'ing Yahoo/Google? No but the legal line between the two is extremely thin.

Enjoy."
 
Sunlight said:
"Is a certin "usergroup" crashing your server? Feel like you can't do anything to stop or strike back? Think again. The recently discovered exploit that can cause all connected users to crash back to their desktop is nothing short of a Denial of Service. In some cases, this can force you to restart your srcds service. If you live in the United States and the attack originates within the US, this is illegal. Is it a major cybercrime? Obviously not however it's against every AUP published by every ISP. At a minimum, you can get the offenders internet access turned off. Depending on the state and how far you want to take things, this can become a federal offense (crosses state lines, electronic attack, denial of service, knowlingly causing a disruption, etc etc etc) but don't get your hopes up on the latter.

So, what can you do? If you know how the attack occurs, there is a certin "change" you can search for in your server logs. Find out who made that change and then look for their connection string to your server. When they connect, your server records their IP address. It is their real IP address and cannot be spoofed due to the bi-directional communication that is required in CS:S. The string you are looking for looks like this (edited for obvious reasons):

L 10/16/2004 - 22:35:23: "<attacker name>" connected, address "<address>:27005"

1. Take the <address> field and go to http://www.arin.net
2. Click on WHOIS Search
3. Enter the IP address and hit the search button
4. This will show the ISP and owner of the IP address space
5. In some cases you'll have to click again on a specific IP address block.
6. There will be contact info, usually an abuse email address.
7. Structure your email like the following (will vary by ISP):

date - 10/16/2004
time - 11:05:19
timezone - Central
source IP address - <attacker IP>
destination IP address - <your server IP>
sending port - 27005
receiving port - 27015
type of protocol - UDP
frequency - once
specifics of the attack if applicable - The username is question is <attacker name> connecting from IP address <address> which is leased from Classic Net Communications (verified via ARIN). The user initiates the attack by <attack details, removed for obvious reasons>. The user in question knows that what they are doing will cause users to be "owned" because this is an active attack meaning the user has to issue a series of commands. The user also says (which shows intent and knowledge): "man, this server is full" and "perhaps we should clear it out". The attack then causes all attached user machines to crash and the server itself to "lag out" requiring a restart of the daemon. The user reconnected approximately 40 minutes later and repeated this exploit. Logs available on request. Thank you for your immediate attention to this matter.

<insert your contact info here>

I've done this 17 times in the past 36 hours. I've had 12 replies stating that the offenders internet access has been disabled. Most of are kids I'm sure and they'll have to explain to their parents why the cable + internet was turned off. I have also been on the phone w/ 5 of the ISPs. They have asked for server logs as further proof and have indicated that they will take this further than just turning off ISP access. It takes time but word will get out among the hacker/script kiddie community and this should trail off. In a post 9/11 world, this activity is very sensitive and quite illegal. Is it as bad as crashing a bank's system or DDoS'ing Yahoo/Google? No but the legal line between the two is extremely thin.

Enjoy."
Click to expand...


handclap.gif
 
Good luck im sure everyone one who gets affected by that %n name thing is going to go through that whole process just to get a letter from some internet company "saying" thye disabled sum1's internet connection! :stare:
 
sorry but changing your name ingame is not going to get your ISP accoutn disabled, and if it did, i'd be raising hell. my fault for changing my name to that, or valve's fault for leaving it in the game?

ps. dont be a taddle tale
 
Mine got disabled thanks to my "funny" little brother. Got it back up in 1 hour though. Bellsouth "Didn't know" why the account was disabled. Not sure if this was the reason though.
 
Wesisapie said:
sorry but changing your name ingame is not going to get your ISP accoutn disabled, and if it did, i'd be raising hell. my fault for changing my name to that, or valve's fault for leaving it in the game?

ps. dont be a taddle tale
Click to expand...

I think you'll find that Sunlight is right I’m afraid, and its not just a simple matter of you changing your name its the fact you have willing ignored the rules of conduct that you or your parents HAD to agree to in order to sign up with your ISP.

The rules of conduct with any ISP forbid malicious conduct of any kind, plain and simple. If someone then complains it’s your own fault, not VALVe

P.S. Don’t be taddle tale?! Sorry, that wound me up. I suppose we shouldn’t have even informed VALVe on the bug report about this then?

P.S.S Not accusing you of anything but I think your one of the few people that doesn’t like the idea of this bug getting stopped and cheaters and the likes getting their comeuppance.
 
That was a really good post - if only i could use it..... (I don't live in America)
 
It's a shame there's no similar site in Australia, because a few idiots are really killing the progress of the first 64-player CS:S server here, as well as ruining the general experience of many CS:S players. I just hope at least a few of the culprits find out about this, and get too scared to try it again(most of them are probably gullible 12 year-olds anyway).
 
VALVe could just put in something so that anyone who does it gets a temp ban....(and of course fix it, but anyone who tries gets a temp ban)
 
about my last comment, taddling about people who use a bug is different from reporting that there is a bug. even a child can see that. sorry to wind you up, maybe you need to go back to grade 3
i dont use it, but when people do it on a server im in i just laugh, and then rejoin it. not too difficult is it?
they even find new and creative ways to make it funny, unlike you who must be smashing his mouse and keyboard every time he sees someone change their name to %n.

step back, relax.

its just a game, its just a score, its just a server, its just your life.
 
Using the bug can be good too. The %n bug is a very common bug, let me quote my coder:

[22:12:55] [@force|]: The printf() and sprintf() family of functions are also easily misused in
[22:12:59] [@force|]: a manner allowing malicious users to arbitrarily change a running pro-
[22:13:02] [@force|]: gram's functionality by either causing the program to print potentially
[22:13:05] [@force|]: sensitive data ``left on the stack'', or causing it to generate a memory
[22:13:08] [@force|]: fault or bus error by dereferencing an invalid pointer.
[22:13:17] [@force|]: under "SECURITY CONSIDERATIONS" in printf(3)
[22:13:27] [@Majestic_XII]: i think the same kind of error was in cs 1.6 too
[22:14:28] [@force|]: the big security bug in OpenFTPd was done this way too

So to end this bug as fast as possible, use the bug. It force valve to make a fix for it fast. Of course, its not funny for those who play the game... but its a game.. and shouldnt be taken so seriously.
 
Majestic XII said:
Of course, its not funny for those who play the game... but its a game.. and shouldnt be taken so seriously.
Click to expand...

So I'm gonna use a wallhack & aimbot, of course it's not funny for for those who play the game... but it's a game... and shouldn't be taken so seriously ;)
 
Wesisapie said:
step back, relax.

its just a game, its just a score, its just a server, its just your life.
Click to expand...

I'm a very relaxed person but I do not agree with this, at all. These kiddies are ruining a game, and it should not be tolerated. Saying you're not bothered is like having your favourite TV series hacked and not even caring (I know this is impossible, it's for comparison).

I wish these laws applied to the UK because I'd certainly report the culprit.
 
CB | Para said:
So I'm gonna use a wallhack & aimbot, of course it's not funny for for those who play the game... but it's a game... and shouldn't be taken so seriously ;)
Click to expand...

I wouldnt be pissed... i see it as a new challange. If i can win over a cheater... yay for me.
 
Wesisapie said:
about my last comment, taddling about people who use a bug is different from reporting that there is a bug. even a child can see that. sorry to wind you up, maybe you need to go back to grade 3
i dont use it, but when people do it on a server im in i just laugh, and then rejoin it. not too difficult is it?
they even find new and creative ways to make it funny, unlike you who must be smashing his mouse and keyboard every time he sees someone change their name to %n.

step back, relax.

its just a game, its just a score, its just a server, its just your life.
Click to expand...

It's makes me laugh everytime somone gets kicked off there ISP. :smoking:
 
I don't think the ISP is allowed to disable your account or whatever because someone using a bug exploit and crashing someone his game! I don't even think Valve is going to temp ban (or even allowed to ban) people using that bugexploit (often). It's up to the server admins to take action against persons like that. And up to Valve to fix this silly bug

Having a nickname like %n isn't illegal!

And the bug exploit is not crashing the server, it's crashing your cs source game!
 
who's to say its kiddies doing it? the more mature people are the ones who can laugh about it.
 
sharp said:
I don't think the ISP is allowed to disable your account or whatever because someone using a bug exploit and crashing someone his game! I don't even think Valve is going to temp ban (or even allowed to ban) people using that bugexploit (often). It's up to the server admins to take action against persons like that. And up to Valve to fix this silly bug

Having a nickname like %n isn't illegal!

And the bug exploit is not crashing the server, it's crashing your cs source game!
Click to expand...

So If I create a worm, and for a known M$ exploit and I cause servers to crash, it isn't illegal? Cool.

Crashing a server or client intentionally, wether it is a game server or a banks database is a federal crime.

Some people's kids :rolleyes: :rolling:
 
does simply having your name set to %n crash the server, or do you have to change your name to that and then do something else? if there is something to do after changing your name, sensible people should join a server and change their name to that so no little brats can come in and use it to crash the server.
 
$pazmatazz said:
does simply having your name set to %n crash the server, or do you have to change your name to that and then do something else? if there is something to do after changing your name, sensible people should join a server and change their name to that so no little brats can come in and use it to crash the server.
Click to expand...


You have to intentionally change your name ingame, then die, afaik, but I know my favorite server's admin, www.cainslair.com , is even banning people who jion the server with that name, because it shows intent. He has a rather large list of banned idiots.
 
haha nice one Yetskii. I like your admin friend.

Anyway, I think a Temp ban is definately a good idea. VALVe, do it! :)
 
Your fault for using a known exploit. I'v been tracking Steam IDs and turning them in. Valve will most likely ban the offending users.

Cain's server is the shiznitz. Best adminned server around.
 
rdytorave said:
Your fault for using a known exploit. I'v been tracking Steam IDs and turning them in. Valve will most likely ban the offending users.

Cain's server is the shiznitz. Best adminned server around.
Click to expand...

Don't count on it, I mean they haven't done anything to the Emporio users so I don't see how and why they're going to ban people using exploits.
 
To all that have replied to defend the ignorance of exploiters. Why defend them alot of the low ping servers are rented and people pay money. If you you have a few @ss munchers crash the server a couple of times aday it is chasing away traffic because looks as if server is not stable and what not. As a Server owner and admin i pay money to operate it. So if you want to be an ass i can be as well. :sniper:
 
Valve is held responsible for the actions that happen through their own game, and an isp CANT disable ur internet becasue of a mistake in valves engine that causes it to crash when someone has a certain name, wich in no way compramises ur internet connection. Names are easy to change and anyone can accidentally mistake a "%g" which does absolutely nothing and there is nothing wrong with doing, for "%n" wich crashes everyones cs:s in the server becasue of some memory error that valve created. They even have commands availibly to non admins that lets people see through walls is valve going to ban their accounts and the isp-s are going to disable peoples internet connections becaquse of some frustrated admin who is angry that he cant rules peoples lives! Now i'm not saying that these people changing their name to %n are doing a good thing , cause there not. but hey its NOT illegal and has never been mentioned by Valve as of yet. When valve says "OmG stop U hAx0r n/\m0rz ()r we banz u ac0unt5" ill stop it, or erm...... change my opinion of people doing it :p !

p.s. It is funny as hell though to piss of admins! :afro:

p.p.s anyone else notice that when u do the %n name thing it only crashes when ur name comes up for killing sum1 or giving taking, damage, or when the next round starts?
 
It doesnt crash the server. It removes all the clients in it, but it does not crash the server. You could rejoin 30 seconds later.
 
Read a lil more acrefuly bub, I said crashes peoples cs:s in the server not the server!
 
You must log in or register to reply here.

Similar threads

Krynn72
You guys, what the **** is up.
Replies
11
Views
2K
Tollbooth Willie
Tollbooth Willie
Lizardizzle
  • Poll
A proposition: ValveTime Half-Life 1 co-op event
Replies
5
Views
1K
Tollbooth Willie
Tollbooth Willie
Tollbooth Willie
HL2.NET HORROR SLAP
Replies
7
Views
2K
Tollbooth Willie
Tollbooth Willie
BabyHeadCrab
what is it pathos?
Replies
1
Views
3K
Tollbooth Willie
Tollbooth Willie
TechnoHippyChic
Star Citizen
Replies
3
Views
1K
Tollbooth Willie
Tollbooth Willie
Back
Top