Vulnerability Development mailing list archives
Re: New DoS attack
From: dave.booth () MEDTRONIC COM (Dave Booth)
Date: Mon, 19 Jun 2000 09:11:54 -0500
Sorry, BB - normally I read your comments here with much head-nodding and agreement but this time I have to disagree. As a previous poster pointed out if you are reimplementing TCP in UDP gaming protocols you may as well just use TCP. Lots of reasons, all performance-related, why game designers dont want to do that. Assuming 2-way UDP traffic is possible through whatever firewalling setup is in place (or they wouldnt be playing now!) how do you hit the back-channel nightmares you worry about with a scheme like this...? Game client makes tcp connection to server and requests to join the game. Server responds (as part of the same tcp session) with a unique token, remembers it and the clients IP then signs off. Client initiates normal UDP game connection including the token in every datagram. Server silently ignores all incoming datagrams where there isnt a valid token that matches up with the IP address the datagram claims to come from. In each case the connection is initiated by the client, but that makes blind spoofing to create bogus connections impossible as there has to be a two-way conversation in tcp to pass the token before the UDP join game request (which doesnt get modified at all apart from the inclusion of the token) will be accepted by the server. If it isnt blind spoofing but is done by someone who can sniff the network then as you so rightly pointed out the victim is in a world of hurt anyway and spoofed game connections are the least of their problems. Dave Booth dave.booth () medtronic com Opinions exressed here are mine, not my employers.
Blue Boar <BlueBoar () THIEVCO COM> 06/17/00 11:51AM >>>
No, because then you'd have one of those horrible protocols that passes addresses and ports as part of the datastream, does backchannel connections, etc.. and will generally make firewall admins want to kill you. I.e. you just broke everyone's home NAT box, so they can't play their game now. A simple rip-off of the 3-way handshake from TCP (including the equiv of sequence numbers, which must be non-predictable) will do the trick. For blind spoofing anyway. An attacker who can monitor the exchange can still execute the DoS, but that's generally a much worse problem anyway. BB
Current thread:
- Re: New DoS attack Luke Dudney (Jun 15)
- Re: New DoS attack Bluefish (Jun 17)
- Re: New DoS attack Blue Boar (Jun 17)
- <Possible follow-ups>
- Re: New DoS attack Dave Booth (Jun 19)
- Re: New DoS attack Blue Boar (Jun 19)
- Re: New DoS attack Taneli Huuskonen (Jun 20)