this post was submitted on 11 Dec 2023
52 points (93.3% liked)

PC Gaming

8529 readers
1409 users here now

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let's Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)

founded 1 year ago
MODERATORS
all 36 comments
sorted by: hot top controversial new old
[–] [email protected] 82 points 11 months ago

The headline is about exposing your IP, which frankly isn't that big of a deal. The actual article says it exposed your IP, and then includes arbitrary code execution as the after thought... Clearly the code execution is the massive vulnerability here lol

[–] [email protected] 33 points 11 months ago* (last edited 11 months ago)

If only leaking your IP was the huge exploit lmao. It literally allowed for arbitrary code execution which is infinitely worse. Honestly bad title by the author of that article, it's far more serious than they let on.

Pretty unfortunate bug but at least they patched it pretty quickly it seems.

[–] [email protected] 26 points 11 months ago* (last edited 11 months ago) (3 children)

If you're worried about your IP being "leaked" you have no idea what an IP is. You can literally grab everyone's IP using the console commands to list the players.

[–] [email protected] 12 points 11 months ago

Man shut down the net. When you visit a site your IP is leaked, well be the next headline.

[–] [email protected] 9 points 11 months ago

Status no longer reports user Ips as those are hidden through some steam routing, I'm not sure if rcon status still reports it but that would be limited to server admins. If you open the steam overlay while in CS it shows some of the details.

[–] Serinus 7 points 11 months ago (2 children)

No, most multiplayer games and services these days only share your IP with the server, and not with other players.

Leaking your IP to someone malicious can mean DDoS attacks and rough geolocation. IP can be a good narrowing to find your address when combined with additional information.

SC2 is not a game one would expect to leak your IP and is a valid, small concern.

[–] Nindelofocho 2 points 11 months ago (1 children)

Server owners can be just as malicious many games support private servers

[–] Serinus 2 points 11 months ago (1 children)

Choosing to join a private server is very different from having your IP leaked on official servers.

[–] Nindelofocho 1 points 11 months ago (1 children)

Can you please clarify what you mean? I think I get the gist but may be misunderstanding.

[–] Serinus 2 points 11 months ago* (last edited 11 months ago) (1 children)

Being aware of the small risk you're taking with one person (the server owner) versus being unaware of the risk you're taking with many different random lobbies.

Server owners are more likely to ban you than DDoS you. And it's a single digit number of people with access to that information vs hundreds in random lobbies.

The risk, while still small, is hundreds of times greater than a private server.

[–] Nindelofocho 1 points 11 months ago

Ah thank you very much for that. I see now :)

[–] [email protected] 1 points 11 months ago

It can be very rough geolocation, currently my IP geolocates to a city around 300 Km away, other times the right city.

[–] thantik 24 points 11 months ago (1 children)

It sounds like the person who posted this believes you can run code on people's machines simply by having their IP address rather than there actually being any kind of exploitable code-running capability. Leaking your IP isn't really a big deal, as you're constantly leaking your IP any time you connect to anything anyways, and if CS:2 uses any kind of peer-to-peer to lower latency or make the game more responsive, you could have grabbed those ips with a simple netstat (for windows users) command anyhow.

[–] cm0002 4 points 11 months ago (1 children)

Right, the worst that can happen is a DDoS, you can take down a residential connection really easily. Those little consumer grade routers cannot handle much lmao

[–] thantik 5 points 11 months ago

And since most residential IPs are short-lived DHCP leases, instead of permanent IPs, a simple router reset will usually get you a new IP and you're good at that point.

[–] [email protected] 0 points 11 months ago

Well that sucks, hope it gets sorted soon.