Bugtraq mailing list archives
UT (and other game-servers) DDOS
From: Tom <tom () lemuria org>
Date: Fri, 5 Jul 2002 09:36:27 +0200
2) Bug The UDP is a connection-less protocol so is "normal" that it is insecure, but UT don't do any control about the packets that it receives!
This is almost identical to a method I developed in May using Q3 servers, and where I mention that Halflife, UT and possibly other similiar game servers are subject to the very same problem. I wrote a short paper about the method of this and posted it on my webpage: http://web.lemuria.org/security/ With the game servers, the impact is limited, as I detail in the paper. You can't take down yahoo or /. with it, but it's more than enough to blow any dial-up user or small business (T1 or so) off the net. -- New GPG Key issued (old key expired): http://web.lemuria.org/pubkey.html pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom () lemuria org> Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
Current thread:
- UT (and other game-servers) DDOS Tom (Jul 05)