That looks like a client fuzzing random SteamIDs, did you happen to save the ticket in question by any chance?
If there's a legitimate bug here with steamclient not instantly rejecting bogus IDs, that should definitely be reported. Regardless though, whatever you experienced isn't what OP dealt with. On Tue, Mar 17, 2015 at 8:39 PM, Bottiger <[email protected]> wrote: > This doesn't look like valid tickets being reused to me. > > Client 3160 [I:16:229567929] connected to universe 16, but game server > [G:1:809] is running in universe 1 > S3: Client connected with invalid ticket: UserID: c58 > S3: Client connected with invalid ticket: UserID: c53 > S3: Client connected with invalid ticket: UserID: c53 > S3: Client connected with invalid ticket: UserID: c53 > S3: Client connected with invalid ticket: UserID: c53 > S3: Client connected with invalid ticket: UserID: c53 > S3: Client connected with invalid ticket: UserID: c53 > Client 3155 [I:0:1191841122] connected to universe 0, but game server > [G:1:809] is running in universe 1 > S3: Client connected with invalid ticket: UserID: c53 > Client "Wololo" connected (72.69.41.145:27005). > STEAMAUTH: Client Wololo received failure code 8 > Dropped Wololo from server (Invalid STEAM UserID Ticket > ) > > On Tue, Mar 17, 2015 at 6:30 PM, Ryan Stecker <[email protected]> > wrote: > >>As you deduced, it is possible to spoof any SteamID you want and play > > for a couple of minutes before the server kicks you. > > > > No, it isn't. Steam authentication tickets are signed by Valve's servers. > > You cannot craft a ticket containing any SteamID you want. > > > > You can, however, subject the server to a replay attack by reusing > another > > user's authentication ticket. This allows users to play on your server > with > > whatever SteamID they borrowed for approximately 1-2 minutes until the > > Steam server rejects them and the game server kicks them. > > > > On the original topic, there's nothing invalid about that SteamID in the > > OPs post: > > > > 08:29:18°pm (@VoiDeD) !sid [U:1:96295245] > > 08:29:45°pm (idler2) VoiDeD: STEAM_0:1:48147622 / [U:1:96295245] (UInt64 > = > > 76561198056560973, IsValid = True, Universe = Public, Instance = desktop > > (1), Type = Individual, AccountID = 96295245) > > 08:29:45°pm (idler2) VoiDeD: †( > > http://steamcommunity.com/profiles/76561198056560973/) (Last Online = > > 3/18/2015 1:11:21 AM, Last Offline = 3/18/2015 1:11:39 AM) > > > > > > On Tue, Mar 17, 2015 at 8:12 PM, Bottiger <[email protected]> wrote: > > > >> We experienced this several months ago and reported it to Eric Smith > >> but have not heard anything from him for a long time so we stopped > >> sending him exploits like this. > >> > >> As you deduced, it is possible to spoof any SteamID you want and play > >> for a couple of minutes before the server kicks you. > >> > >> We tried kicking or freezing people that didn't get verified within 30 > >> seconds but unfortunately this also happens frequently to normal > >> players. > >> > >> > >> > >> On Tue, Mar 17, 2015 at 5:59 PM, Weasels Lair <[email protected]> > >> wrote: > >> > Wondering if any other admin's have seen this. > >> > > >> > Today I had a player join with a SteamID that I was unable to ban by > ID. > >> > From SourceMod I kept getting a message about waiting another 30 > seconds > >> > and trying again, because that SteamID was not verified (yet)? > >> > > >> > In the end, I resorted to fire-walling-off his source IP address for > now. > >> > > >> > When I punched his SteamID3 (which was showing as "[U:1:96295245]") > into > >> > SteamIDConverter.com, it kept showing "unknown" for their SteamID64, > >> > "[U:1:0]" for their SteamID3, and blank for their plain SteamID? > >> > > >> > So, I am thinking it is a completely bogus/fake/spoofed SteamID. > >> > > >> > He seemed to be able to play only for a few minutes at a time, before > he > >> > would get dropped from the server for having an invalid SteamID. > >> > Basically, he was in-game long enough to hack (aimbot) and disrupt the > >> game > >> > (repeatedly). He was able to just do that over and over, until I just > >> > blocked his source IP address all-together. > >> > _______________________________________________ > >> > To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > >> > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
