[bf1942] DoS against port 29900

Steven Hartland killing at multiplay.co.uk
Wed Oct 12 19:24:29 EDT 2005

I've had confirmation a fix is in the works. No dates as yet but always good
to know they guys are working on it :)

If its a heavy DDoS the best u can do is null route the target. It is very
very hard to trace these things as ScratchMonkey said.

    Steve / K
----- Original Message ----- 
From: "ScratchMonkey" <ScratchMonkey at MatureAsskickers.net>
>>  From the very little research I did on this last night, it sounds like
>> it's theoretically possible for the ISP to block spoofed packets, which
>> would seem to be the best solution all round. Or.. it may be possible to
>> use iptables to rate limit the queries to the port, thus hugely reducing
>> the impact of the flood.. I'll do some more research on this today..
> Rate-limiting is your best bet. Tracking the offender requires cooperating 
> routers all the way back to the real source.
> Valve took a different approach: They send back a small packet with a token 
> for the initial query. The bigger queries require that token to work. This 
> ensures that you know who really sent the big query.

This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. 

In the event of misdirection, illegible or incomplete transmission please telephone (023) 8024 3137
or return the E.mail to postmaster at multiplay.co.uk.

More information about the Bf1942 mailing list