[bf1942] DoS against port 29900
Robert Jonker
robert at infinity-shell.net
Wed Oct 12 06:07:18 EDT 2005
I cannot tell you what it is or what to do exactly (yet) but I can confirm I
have seen the same this morning:
http://www.infinity-shell.net/images/misc/bf2dosgraph.gif -> shows traffic
on the affected BF2 server, which was empty at that time.
I havent had access to this machine but I got told on the phone the traffic
was on the gamespy port. We stopped the 'attack' just by quering the server
(send some packets on the gamespy port too). Maybe a 'new' bug?
Robert
-----Oorspronkelijk bericht-----
Van: James Gurney [mailto:james at globalmegacorp.org]
Verzonden: woensdag 12 oktober 2005 7:40
Aan: bf1942 at icculus.org
Onderwerp: Re: [bf1942] DoS against port 29900
On 10/11/2005 9:31 PM, ScratchMonkey wrote:
> Sounds like a reflection attack. Valve's servers switched to a
> challenge-response system to shut down this kind of thing. I believe
Right, that would make sense. That would explain why blocking incoming
traffic based on the source address didn't help..
> If you spoof your source UDP address to be your victim, and send tiny
> requests to lots of game servers, they all reply and swamp the victim.
Any idea how to determine the real source address? I still have the
incoming flood, which is an irritation more than anything else..
James
More information about the Bf1942
mailing list