Upvote Upvoted 97 Downvote Downvoted
Warning to all streamers
1
#1
0 Frags +

If you make a local tf2 server whilst streaming (or if you're a target):

  • Set sv_lan 1 or go invisible/offline on steam
  • Have -hushsteam in the launch options.

DDoSsers are ip grabbing people's addresses by a nuanced exploit, where local servers, without the aforementioned precautions, are reported to the steam master server list and they find you playing on them.

Most ISP's give dynamic ip addresses in residential packages, so turning your router off for 30m-1hr will give you a new ip address

Spreading the word so you guys don't suffer the same fate as me :p

If you make a local tf2 server whilst streaming (or if you're a target):
[list]
[*] Set [b]sv_lan 1[/b] or [b]go invisible/offline[/b] on steam
[*] Have [b]-hushsteam[/b] in the launch options.
[/list]

DDoSsers are ip grabbing people's addresses by a nuanced exploit, where local servers, without the aforementioned precautions, are reported to the steam master server list and they find you playing on them.

Most ISP's give dynamic ip addresses in residential packages, so turning your router off for 30m-1hr will give you a new ip address

Spreading the word so you guys don't suffer the same fate as me :p
2
#2
45 Frags +

best RahThread ever

best RahThread ever
3
#3
4 Frags +

RahGod

RahGod
4
#4
19 Frags +

Fuck you woodchip, this is why RahThreads are important

Fuck you woodchip, this is why RahThreads are important
5
#5
Twitch Prime
34 Frags +

i still cant get over the fact that this almost costed us the Grand Finals stream

i still cant get over the fact that this almost costed us the Grand Finals stream
6
#6
6 Frags +

What the fuck? These guys are such rejects seriously

Cheers for this

What the fuck? These guys are such rejects seriously

Cheers for this
7
#7
1 Frags +

What does this launch option do? -hushsteam

What does this launch option do? -hushsteam
8
#8
18 Frags +
MoermanWhat does this launch option do? -hushsteam

Taken from Mastercoms' recommended launch options:

-hushsteam : For security. Prevents local game servers from registering their IP with Steam

[quote=Moerman]What does this launch option do? -hushsteam[/quote]
Taken from [url=https://docs.mastercomfig.com/page/9.5.2/customization/launch_options/]Mastercoms' recommended launch options:
[/url]

-hushsteam : For security. Prevents local game servers from registering their IP with Steam
9
#9
2 Frags +
DuMmTmi still cant get over the fact that this almost costed us the Grand Finals stream

Nah, my internet was restricted because we had a mispayment - just a series of unfortunate events really

[quote=DuMmTm]i still cant get over the fact that this almost costed us the Grand Finals stream[/quote]
Nah, my internet was restricted because we had a mispayment - just a series of unfortunate events really
10
#10
0 Frags +

thanks dr rahmed

thanks dr rahmed
11
#11
3 Frags +

Sorry for bump, but -hushsteam means you can't use unlocks in local tf2 servers, would streamers still be safe by just being invisible on Steam or do you need both? Would you need to remove -hushsteam when playing on local tf2 servers, then add it back when you're playing normally? Cheers

Sorry for bump, but -hushsteam means you can't use unlocks in local tf2 servers, would streamers still be safe by just being invisible on Steam or do you need both? Would you need to remove -hushsteam when playing on local tf2 servers, then add it back when you're playing normally? Cheers
12
#12
7 Frags +
Pirateer5Sorry for bump, but -hushsteam means you can't use unlocks in local tf2 servers, would streamers still be safe by just being invisible on Steam or do you need both? Would you need to remove -hushsteam when playing on local tf2 servers, then add it back when you're playing normally? Cheers

That's a good find - I thought the item servers being down were coincidental
It's safer to have both, but one bullet point or the other will be fine

[quote=Pirateer5]Sorry for bump, but -hushsteam means you can't use unlocks in local tf2 servers, would streamers still be safe by just being invisible on Steam or do you need both? Would you need to remove -hushsteam when playing on local tf2 servers, then add it back when you're playing normally? Cheers[/quote]

That's a good find - I thought the item servers being down were coincidental
It's safer to have both, but one bullet point or the other will be fine
13
#13
3 Frags +
Pirateer5Sorry for bump, but -hushsteam means you can't use unlocks in local tf2 servers, would streamers still be safe by just being invisible on Steam or do you need both? Would you need to remove -hushsteam when playing on local tf2 servers, then add it back when you're playing normally? Cheers

bit of speculation but i remember people pretty much being able to index the tf2 master server list (the data of the server browser) to find streamers in ~2018, so if your local server were to show up in there and was reachable, you'd show up just like you would when you inspect a server, even if you were offline
it's possible that sv_lan 1 is enough to prevent that: "( no heartbeat, no authentication, no non-class C addresses )", heartbeat should be what makes you show up in the master server list, authentication should be something you opt in when you actually host servers, and non-class C addresses is networking stuff that doesn't matter for this

[quote=Pirateer5]Sorry for bump, but -hushsteam means you can't use unlocks in local tf2 servers, would streamers still be safe by just being invisible on Steam or do you need both? Would you need to remove -hushsteam when playing on local tf2 servers, then add it back when you're playing normally? Cheers[/quote]
bit of speculation but i remember people pretty much being able to index the tf2 master server list (the data of the server browser) to find streamers in ~2018, so if your local server were to show up in there and was reachable, you'd show up just like you would when you inspect a server, even if you were offline
it's possible that sv_lan 1 is enough to prevent that: "( no heartbeat, no authentication, no non-class C addresses )", heartbeat should be what makes you show up in the master server list, authentication should be something you opt in when you actually host servers, and non-class C addresses is networking stuff that doesn't matter for this
14
#14
3 Frags +

sv_lan doesn't prevent it, your public IP is still registered with Steam. You can see this in the console log. I think Steam profile privacy settings will prevent it, though they may still be able to scrape from some list and match player list names.

sv_lan doesn't prevent it, your public IP is still registered with Steam. You can see this in the console log. I think Steam profile privacy settings will prevent it, though they may still be able to scrape from some list and match player list names.
Please sign in through STEAM to post a comment.