[bf1942] Your Linux BF Server

Peter Norin peter.norin at songnetworks.se
Wed Feb 12 03:34:30 EST 2003 

While you are on the topic of DDoS.

I have had a server exposed to this, and yes thru battlefield, or more accuratly, gamespy.

Im sure u all have heard of the issue with gamespy.

There is a "exploit" widely spread out. only thing you need to 
get your "drones" is gamespy.. there is your list of IP:s.

so blocking udp 23000 was the solution which isnt that great since noone
can see the server...

tho the nice thing about linux in this case is iptables.

iptables -A input_chain -j ACCEPT -p udp --dport 23000 -m limit --limit 1/s

or something like that.

/P

-----Original Message-----
From: Reinder P. Gerritsen [mailto:reinder at strikerz.net]
Sent: den 11 februari 2003 18:54
To: bf1942 at icculus.org
Subject: RE: [bf1942] Your Linux BF Server


Well, to be honnest, I don't give much for security by obscurity
And telling names instead of numbers doesn't even get close to being
obscure.

If you're realy scared, then you can't even get a server running on
Inet. Hell, even your website sooner or later had to be translated to an
IP.

As far as I can see, there are only 3 basic reasons to get DoSsed: 
1 - Target practice: You got the "Lucky" number of a test fire of some
zombi farm. Just to see what effect you have (Congratulations, but
that's realy rare.)
2 - Fame: You're a big famous site having all kinds of attention, and
the mere fact that the attacker can take it offline, so it's all over
the news (DNS Rootservers, or perhaps an event like the chat interview
with our latest addition to the crown in Holland)
3 - Revenge: Someone is just a 'littl' pissed off at you and makes it a
personal business to take you down. (for example that guy that has been
writing articles on DoS attacks, after he got put down himself because
he was telling that the 'hackers' in questions were only some "punk
scriptkiddies without potential" or something like that)

Neither of these reasons has any relation to a plain simple list of
numbers, BF1942 is not a high-profile service (yet) and by the time it
is, there are so many servers around, one DoS more or less is not
noticed by the comunity, so there goes you fame.
And for the revenge part, when someone is pissed off at you, it doesn't
matter on which lists you are. The attacker knows the server already by
heart.

Anyhow, I guess this is a totally different kind of discussion then
should take place on this list... More like a discussion on Focus-Linux
or somethin like that.

-----Original Message-----
From: Killing [mailto:killing at barrysworld.com] 
Sent: Tuesday, February 11, 2003 6:21 PM
To: bf1942 at icculus.org
Subject: Re: [bf1942] Your Linux BF Server


And its not trivial to get the ips? Dont think this is going anywhere
fast.

    Steve / K
Randall wrote:
> well, true, but names are listed, why give out IP? yes, I'm a computer

> security geek

More information about the Bf1942 mailing list