[bf1942] DoS vulnerability in game servers (including BF1942)
ScratchMonkey
ScratchMonkey at SewingWitch.com
Sat Jan 18 16:04:43 EST 2003
--On Saturday, January 18, 2003 10:01 AM +0000 Roger Burton West
<roger at firedrake.org> wrote:
> Or just use TCP instead of UDP, which works substantially as you
> describe. Even Windows mostly gets TCP handshaking right these days (it
> used not to manage to generate a very random number, and it's still not
> as good as most other OSes, but it's no longer trivial to crack).
Good point. TCP with syn flood protection is essentially the same as
Scott's algorithm, with the exception that FIN packets are sent on the end
to close the connection, and the ACK packets for the data in each
direction. So the question is whether one uses TCP to avoid re-inventing
the wheel and suffers the cost of some additional traffic.
Note that status data is NOT time-sensitive like regular UDP packets, so
the server can tag those packets as "bulk" and smart packet-queueing can
put those behind any UDP packets. (See http://lartc.org/ for how to set up
such queuing on Linux. I use the WonderShaper (available at that URL) on my
server.)
More information about the Bf1942
mailing list