Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

UT (and other game-servers) DDOS

From: Tom <tom () lemuria org>
Date: Fri, 5 Jul 2002 09:36:27 +0200
2) Bug
The UDP is a connection-less protocol so is "normal" that it is
insecure, but UT don't do any control about the packets that it
receives!


This is almost identical to a method I developed in May using Q3
servers, and where I mention that Halflife, UT and possibly other
similiar game servers are subject to the very same problem.

I wrote a short paper about the method of this and posted it on my
webpage:

http://web.lemuria.org/security/


With the game servers, the impact is limited, as I detail in the paper.
You can't take down yahoo or /. with it, but it's more than enough to
blow any dial-up user or small business (T1 or so) off the net.



-- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom () lemuria org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5
Previous By Date Next
Previous By Thread Next

Current thread: