[bf1942] DoS against port 29900

Robert Jonker robert at infinity-shell.net
Wed Oct 12 06:07:18 EDT 2005

I cannot tell you what it is or what to do exactly (yet) but I can confirm I
have seen the same this morning:

http://www.infinity-shell.net/images/misc/bf2dosgraph.gif -> shows traffic
on the affected BF2 server, which was empty at that time.

I havent had access to this machine but I got told on the phone the traffic
was on the gamespy port. We stopped the 'attack' just by quering the server
(send some packets on the gamespy port too). Maybe a 'new' bug?


-----Oorspronkelijk bericht-----
Van: James Gurney [mailto:james at globalmegacorp.org] 
Verzonden: woensdag 12 oktober 2005 7:40
Aan: bf1942 at icculus.org
Onderwerp: Re: [bf1942] DoS against port 29900

On 10/11/2005 9:31 PM, ScratchMonkey wrote:
> Sounds like a reflection attack. Valve's servers switched to a 
> challenge-response system to shut down this kind of thing. I believe 

Right, that would make sense. That would explain why blocking incoming 
traffic based on the source address didn't help..

> If you spoof your source UDP address to be your victim, and send tiny 
> requests to lots of game servers, they all reply and swamp the victim.

Any idea how to determine the real source address? I still have the 
incoming flood, which is an irritation more than anything else..


More information about the Bf1942 mailing list