[cod] COD 4 UDP security leak

NewLight Systems nls at newlightsystems.com
Fri Jan 6 15:44:06 EST 2012 

You can try this:

/sbin/iptables -A OUTPUT -p UDP -m length --length 1162:1168 -j DROP
/sbin/iptables -A FORWARD -p UDP -m length --length 1162:1168 -j DROP
/sbin/iptables -A INPUT -p UDP -m length --length 1162:1168 -j DROP
/sbin/iptables -A INPUT -p UDP -m length --length 42 -m recent --set
--name getstatus_cod
/sbin/iptables -A INPUT -p UDP -m string --algo bm --string "getstatus"
-m recent --update --seconds 1 --hitcount 20 --name getstatus_cod -j DROP

This prevents your servers to be exploitable. If you are the target
there's nothing in your hand to take UDP floods down, only your ISP can
blackhole offending IPS

El 06/01/12 20:48, Goas escribió:
> Could someone poste those ip tables
>
> Am 06.01.2012 um 20:43 schrieb NewLight Systems
> <nls at newlightsystems.com <mailto:nls at newlightsystems.com>>:
>
>> There's a dll that fixed that on windows and iptables rules on linux
>>
>> El 06/01/12 20:08, Bong escribió:
>>>
>>> Our servers are also down now untill there is a fix but i am also on
>>> a win server :(
>>> -----Original Message----- From: RedDragon
>>> Sent: Friday, January 06, 2012 9:33 AM
>>> To: Call of Duty server admin list.
>>> Subject: [cod] COD 4 UDP security leak
>>>
>>> Hi Guys,
>>> is there a practical solution to fix the udp security problem? Our
>>> servers were also a target.
>>> We have turned off the servers for now till a logtime solution patch is
>>> out there.
>>>
>>> @rayn
>>> Is it possible to release the last quick patch as an offical one?
>>>
>>> Greetz
>>> RedDragon
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>>
>>>
>>> ---
>>> avast! Antivirus: Inbound message clean.
>>> Virus Database (VPS): 120106-0, 06/01/2012
>>> Tested on: 06/01/2012 19:00:41
>>> avast! - copyright (c) 1988-2012 AVAST Software.
>>> http://www.avast.com
>>>
>>>
>>>
>>>
>>> ---
>>> avast! Antivirus: Outbound message clean.
>>> Virus Database (VPS): 120106-0, 06/01/2012
>>> Tested on: 06/01/2012 19:08:07
>>> avast! - copyright (c) 1988-2012 AVAST Software.
>>> http://www.avast.com
>>>
>>>
>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>>
>>
>> -- 
>>
>>
>> *David Aguilar Valero*
>>
>> Dpto. Comercial y Soporte técnico
>>
>> NewLight Systems
>>
>> *Servidores de juegos, HW, Dedicados*
>>
>>
>> *crk01 at nls.es* <mailto:c>
>>
>> crk01 at newlightsystems.com <mailto:crk01 at newlightsystems.com>
>>
>> tecnico at newlightsystems.com <mailto:tecnico at newlightsystems.com>
>>
>> #NewLight_Systems @ irc-hispano.org <http://irc-hispano.org>
>>
>> *www.newlightsystems.com* <http://www.newlightsystems.com/>
>>
>> *www.nls.es* <http://www.nls.es/>
>>
>> This email and any files or attachments transmitted with it are
>> intended solely for the use of the intended recipient. This email is
>> confidential and may contain legally privileged information. If you
>> are not the intended recipient you should not read, disseminate,
>> distribute, or copy this email. If you have received this email in
>> error, please notify the sender immediately and delete it from your
>> system.
>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org <mailto:cod at icculus.org>
>> http://icculus.org/mailman/listinfo/cod
>
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod

-- 


*David Aguilar Valero*

Dpto. Comercial y Soporte técnico

NewLight Systems

*Servidores de juegos, HW, Dedicados*


*crk01 at nls.es* <mailto:c>

crk01 at newlightsystems.com <mailto:crk01 at newlightsystems.com>

tecnico at newlightsystems.com <mailto:tecnico at newlightsystems.com>

#NewLight_Systems @ irc-hispano.org

*www.newlightsystems.com* <http://www.newlightsystems.com/>

*www.nls.es* <http://www.nls.es/>

This email and any files or attachments transmitted with it are intended
solely for the use of the intended recipient. This email is confidential
and may contain legally privileged information. If you are not the
intended recipient you should not read, disseminate, distribute, or copy
this email. If you have received this email in error, please notify the
sender immediately and delete it from your system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20120106/4e0f4c55/attachment.htm>

More information about the cod mailing list