[bf1942] DoS against port 29900

James Gurney james at globalmegacorp.org
Wed Oct 12 12:35:39 EDT 2005

 From the very little research I did on this last night, it sounds like 
it's theoretically possible for the ISP to block spoofed packets, which 
would seem to be the best solution all round. Or.. it may be possible to 
use iptables to rate limit the queries to the port, thus hugely reducing 
the impact of the flood.. I'll do some more research on this today..


On 10/12/2005 3:43 AM, Steven Hartland wrote:
> Yep we made EA aware of this issue a two weeks ago. ATM they dont
> seem to be taking it seriously. Looks like that's a light one we had 150Mb
> DDoS's for a number of days. Had to null route an entire /16 to ensure
> the DoS didn't reach its intended target.
>    Steve / K
> ----- Original Message ----- From: "James Gurney" 
> <james at globalmegacorp.org>
>> Has anyone seen a DoS attack targeting the BF2 gamespy port? I came 
>> home to find my server taking a (fairly pathetic) 0.1Mbps flood 
>> against port 29900. Unfortunately, the reply was pumping out 2Mbps of 
>> traffic, presumably saturating the DSL of whatever poor sap was 
>> hosting the trojan. No problem, easily shut down.. I'm just curious if 
>> anyone has seen this before.. Seems pretty random.
>> tcpdump revealed the source port as 22222. Port 22222 shows up in 
>> Google as being the source port for a bunch of trojans, but none of 
>> which appear to target the gamespy port (as far as I can tell).
> ================================================
> This e.mail is private and confidential between Multiplay (UK) Ltd. and 
> the person or entity to whom it is addressed. In the event of 
> misdirection, the recipient is prohibited from using, copying, printing 
> or otherwise disseminating it or any information contained in it.
> In the event of misdirection, illegible or incomplete transmission 
> please telephone (023) 8024 3137
> or return the E.mail to postmaster at multiplay.co.uk.

More information about the Bf1942 mailing list