DoS attack using game servers
Scratch Monkey
ScratchMonkey at SewingWitch.com
Fri Jan 17 16:22:36 EST 2003
http://www.pivx.com/press_releases/mk_mk001.html
http://www.pivx.com/kristovich/adv/mk001/
While this advisory discusses BF1942 servers, it looks like any game server
that uses qstat-style status reporting can be used as a smurf reflector to
generate a DoS attack, including Half-Life and Tribes.
The advisory doesn't mention it, but one can get even more amplification by
sending simultaneous queries to multiple servers.
I expect the primary way to stop this will be to install status throttles
in the affected games, so that queries from the same source address are
accepted only at some reasonable rate.
More information about the Bf1942
mailing list