![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
CS Source memory error
- Thread starter XBLiNKX
- Start date
ThreeDee
[H]F Junkie
- Joined
- Sep 5, 2001
- Messages
- 11,377
i get same error on occasion when maps switch out
I started getting this error after upgrading to the 65.76 Forceware drivers. I was running 61.77 drivers for a week and having no problems. The error happens so randomly on my machine (i.e. works fine for days then 3 crashes in an hour) that it might not have anything to do with those drivers....
i think i found out why this is happening. there is a bug to where if someone comes into a server with certain values in their name then the whole server will crash right along with everyone's game/client crashing. gets really annoying with all the little shits running around in the CS:S servers.
Don't know if this is true, but funny none the less.
quote:
--------------------------------------------------------------------------------
Originally posted by MMAzrael
Is a certin "usergroup" crashing your server? Feel like you can't do anything to stop or strike back? Think again. The recently discovered exploit that can cause all connected users to crash back to their desktop is nothing short of a Denial of Service. In some cases, this can force you to restart your srcds service. If you live in the United States and the attack originates within the US, this is illegal. Is it a major cybercrime? Obviously not however it's against every AUP published by every ISP. At a minimum, you can get the offenders internet access turned off. Depending on the state and how far you want to take things, this can become a federal offense (crosses state lines, electronic attack, denial of service, knowlingly causing a disruption, etc etc etc) but don't get your hopes up on the latter.
So, what can you do? If you know how the attack occurs, there is a certin "change" you can search for in your server logs. Find out who made that change and then look for their connection string to your server. When they connect, your server records their IP address. It is their real IP address and cannot be spoofed due to the bi-directional communication that is required in CS:S. The string you are looking for looks like this (edited for obvious reasons):
L 10/16/2004 - 22:35:23: "<attacker name>" connected, address "<address>:27005"
1. Take the <address> field and go to http://www.arin.net
2. Click on WHOIS Search
3. Enter the IP address and hit the search button
4. This will show the ISP and owner of the IP address space
5. In some cases you'll have to click again on a specific IP address block.
6. There will be contact info, usually an abuse email address.
7. Structure your email like the following (will vary by ISP):
date - 10/16/2004
time - 11:05:19
timezone - Central
source IP address - <attacker IP>
destination IP address - <your server IP>
sending port - 27005
receiving port - 27015
type of protocol - UDP
frequency - once
specifics of the attack if applicable - The username is question is <attacker name> connecting from IP address <address> which is leased from Classic Net Communications (verified via ARIN). The user initiates the attack by <attack details, removed for obvious reasons>. The user in question knows that what they are doing will cause users to be "owned" because this is an active attack meaning the user has to issue a series of commands. The user also says (which shows intent and knowledge): "man, this server is full" and "perhaps we should clear it out". The attack then causes all attached user machines to crash and the server itself to "lag out" requiring a restart of the daemon. The user reconnected approximately 40 minutes later and repeated this exploit. Logs available on request. Thank you for your immediate attention to this matter.
<insert your contact info here>
I've done this 17 times in the past 36 hours. I've had 12 replies stating that the offenders internet access has been disabled. Most of are kids I'm sure and they'll have to explain to their parents why the cable + internet was turned off. I have also been on the phone w/ 5 of the ISPs. They have asked for server logs as further proof and have indicated that they will take this further than just turning off ISP access. It takes time but word will get out among the hacker/script kiddie community and this should trail off. In a post 9/11 world, this activity is very sensitive and quite illegal. Is it as bad as crashing a bank's system or DDoS'ing Yahoo/Google? No but the legal line between the two is extremely thin.
Enjoy.
--------------------------------------------------------------------------------
Taken from: http://www.steampowered.com/forums/showthread.php?threadid=159185
quote:
--------------------------------------------------------------------------------
Originally posted by MMAzrael
Is a certin "usergroup" crashing your server? Feel like you can't do anything to stop or strike back? Think again. The recently discovered exploit that can cause all connected users to crash back to their desktop is nothing short of a Denial of Service. In some cases, this can force you to restart your srcds service. If you live in the United States and the attack originates within the US, this is illegal. Is it a major cybercrime? Obviously not however it's against every AUP published by every ISP. At a minimum, you can get the offenders internet access turned off. Depending on the state and how far you want to take things, this can become a federal offense (crosses state lines, electronic attack, denial of service, knowlingly causing a disruption, etc etc etc) but don't get your hopes up on the latter.
So, what can you do? If you know how the attack occurs, there is a certin "change" you can search for in your server logs. Find out who made that change and then look for their connection string to your server. When they connect, your server records their IP address. It is their real IP address and cannot be spoofed due to the bi-directional communication that is required in CS:S. The string you are looking for looks like this (edited for obvious reasons):
L 10/16/2004 - 22:35:23: "<attacker name>" connected, address "<address>:27005"
1. Take the <address> field and go to http://www.arin.net
2. Click on WHOIS Search
3. Enter the IP address and hit the search button
4. This will show the ISP and owner of the IP address space
5. In some cases you'll have to click again on a specific IP address block.
6. There will be contact info, usually an abuse email address.
7. Structure your email like the following (will vary by ISP):
date - 10/16/2004
time - 11:05:19
timezone - Central
source IP address - <attacker IP>
destination IP address - <your server IP>
sending port - 27005
receiving port - 27015
type of protocol - UDP
frequency - once
specifics of the attack if applicable - The username is question is <attacker name> connecting from IP address <address> which is leased from Classic Net Communications (verified via ARIN). The user initiates the attack by <attack details, removed for obvious reasons>. The user in question knows that what they are doing will cause users to be "owned" because this is an active attack meaning the user has to issue a series of commands. The user also says (which shows intent and knowledge): "man, this server is full" and "perhaps we should clear it out". The attack then causes all attached user machines to crash and the server itself to "lag out" requiring a restart of the daemon. The user reconnected approximately 40 minutes later and repeated this exploit. Logs available on request. Thank you for your immediate attention to this matter.
<insert your contact info here>
I've done this 17 times in the past 36 hours. I've had 12 replies stating that the offenders internet access has been disabled. Most of are kids I'm sure and they'll have to explain to their parents why the cable + internet was turned off. I have also been on the phone w/ 5 of the ISPs. They have asked for server logs as further proof and have indicated that they will take this further than just turning off ISP access. It takes time but word will get out among the hacker/script kiddie community and this should trail off. In a post 9/11 world, this activity is very sensitive and quite illegal. Is it as bad as crashing a bank's system or DDoS'ing Yahoo/Google? No but the legal line between the two is extremely thin.
Enjoy.
--------------------------------------------------------------------------------
Taken from: http://www.steampowered.com/forums/showthread.php?threadid=159185
i get this too fairly often. most commonly, it seems to give it to me when i pick any resolution below 1600x1200. before i could use 1280x960 and 1600x1200, the difference now is i have a new monitor that can run 1280x960 @ 100hz, so now when i switch to even 1280x960 or below it gives the error. so i think for me the game simply doesn't like anything more than 85hz.