Hi Last night i had been playing Counter Strike 16. via Steam.exe but…i was connected to the wrong server! It was untrusted server and It was hosted by the hackers! I felt some lag while i was plying the game so i knew that something was going on so… i closed down CS and checked out a firewall log and i had found out that CPF had blocked seccesfully Steam.exe application from reaching my ip>Source IP was the attackers IP destination was my IP port was UDP 1434! I have never been attacked this way before! This attack was VIA Steam.exe? I have no idea how hacker had managed to use Steam.exe to try connect to my ip? Maybe theres some unknown Steam.exe vulnerability? However CPF is stopping this kind of hacking attempt! I think that they were looking for Steam.exe password! So heads up Steam.exe users if u haven’t installed CPF yet it is time to do so
Note:This hacking attempt has been blocked by CPF 3.0 not by a router and all the CPF settings/options are enabled!
But that leads to another question: how did you get connected to the wrong server? I don’t know anything about how Counter Strike 16 is set up so as to understand what could happen.
The UDP 1434 could simply have been a probe. It could also have been an attempt to communicate with malware that has somehow already gotten into your machine. If you haven’t done this already, I’d strongly suggest running several scans over your machine, using your installed antivirus, and at least one or more of the on-line scanners (www.kaspersky.com, www.trend.com housecall, www.prex.com prevxcsi) If malware is present on your machine already, it could block your antivirus and give you a false “all clear”. That’s a little more difficult to do with the on-line scanners.
Hi CS has alots of active servers so… i was surfing thru the server list and decided to connect to some unknown server to me and it was just a bad move! I picked up a server full of the hackers lol
I have scanned my system with a lots of malware scanners and cameup with nothing!? I believe that this was an inbound attack via Steam.exe and the attacker ip was… far far away from the US! I have also scanned my PC with rootkits tools and sent the results to the pro’s security experts and cameup with nothing!
I don’t know if Counter Strike uses this port or not, but if not, it’s suspicious. It might use a random port. You should also remember, that a blocked ‘intrusion attempt’ in the logs often doesn’t mean that someone’s trying to hack you.
Seeing as it was only blocked for UDP 1434, I don’t think it was a port scan, as you often scan all ports to find one that’s open.
And they don’t seem to know what they’re doing, because if they did, they would hack other peoples server, as they can easily get the IP and port, which is open, as it needs to accept incoming connections.
But now, if it was a real attack, this proves that CFP 3 doesn’t only perform well in leak tests, but also in reality!
Then your machine is mostly likely not infected with any malware. It would be a good idea to watch logs for the next couple of days to see if there is anything unusual, just in case.
Port 1434/udp is a very common probe used by malware. I’m not sure as to why. On the dayjob site, this port is nearly always in the 10 most probed ports. CFP is properly doing its job in blocking the probes.
