[cod] COD 4 UDP security leak

Sat Jan 7 03:34:15 EST 2012

Hi guys,
a filter by lenght isn't a good solution. Here's a sample from the abuse
message

2011-12-25 13:37:59.270429 GMT ip 46.4.18.xxx.9841 > 208.110.65.xx.20480: UDP (566 bytes) [#0]
2011-12-25 13:37:59.274127 GMT ip 46.4.18.xxx.24685 > 208.110.65.xxx.20480: UDP (575 bytes) [#0]

As u can see the lenght is even longer then 42-43 bytes.

The patch from ryan disable its self after some time. Posted before in
this list.

Hope for a dll or somthing solution. Packetfiltering by an firewall
isn't a good solution for me.

Greetz
RedDragon

Am 07.01.2012 00:38, schrieb NewLight Systems:
> Previous versions where affected by xfire or hlsw ( windows )
>
> In linux, Ryan's patch is ok, but there are more gameservers affected
> (ET, COD2, CODMW, CODWAW, and all Quake based.. )
>
> El 07/01/12 0:34, John escribió:
>> David,
>>
>> Here's another link to a copy of the Windows tool, if you don't want
>> to register for an account on the TCAdmin forums:
>> http://files.nfoe.net/download.php?fname=./cod4/CoD4_Getstatus_Flood_Fix.zip.
>> I don't know if it's the very latest, though (it's v3).
>>
>> For Linux hosters, the best option is probably to use Ryan's patch --
>> unless you are running something other than 1.7:
>> http://treefort.icculus.org/cod/cod4-lnxsrv-query-limit-test.tar.bz2
>>
>> -John
>>
>> On 1/6/2012 2:46 PM, STIPE Administrator wrote:
>>>
>>> I keep getting attacked by other game server companies who run COD
>>> on windows - and they would really like this DLL fix..
>>>
>>> Does anyone know where it can be downloaded?
>>>
>>>  
>>>
>>> Somebody gave me a link to a working dll fix  for widnows last week
>>> but the website was most likely ddos attacked and forced to shutdown.
>>>
>>> http://rankgamehosting.ru/index.php?showtopic=1320
>>>
>>>  
>>>
>>> somebody is really trying hard to prevent the fix for this spreading
>>> out.
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>> *From:*NewLight Systems [mailto:nls at newlightsystems.com]
>>> *Sent:* Saturday, 7 January 2012 6:44 AM
>>> *To:* Call of Duty server admin list.
>>> *Subject:* Re: [cod] COD 4 UDP security leak
>>>
>>>  
>>>
>>> There's a dll that fixed that on windows and iptables rules on linux
>>>
>>> El 06/01/12 20:08, Bong escribió:
>>>
>>>
>>> Our servers are also down now untill there is a fix but i am also on
>>> a win server :(
>>> -----Original Message----- From: RedDragon
>>> Sent: Friday, January 06, 2012 9:33 AM
>>> To: Call of Duty server admin list.
>>> Subject: [cod] COD 4 UDP security leak
>>>
>>> Hi Guys,
>>> is there a practical solution to fix the udp security problem? Our
>>> servers were also a target.
>>> We have turned off the servers for now till a logtime solution patch is
>>> out there.
>>>
>>> @rayn
>>> Is it possible to release the last quick patch as an offical one?
>>>
>>> Greetz
>>> RedDragon
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org <mailto:cod at icculus.org>
>>> http://icculus.org/mailman/listinfo/cod
>>>
>>>
>>> ---
>>> avast! Antivirus: Inbound message clean.
>>> Virus Database (VPS): 120106-0, 06/01/2012
>>> Tested on: 06/01/2012 19:00:41
>>> avast! - copyright (c) 1988-2012 AVAST Software.
>>> http://www.avast.com
>>>
>>>
>>>
>>>
>>> ---
>>> avast! Antivirus: Outbound message clean.
>>> Virus Database (VPS): 120106-0, 06/01/2012
>>> Tested on: 06/01/2012 19:08:07
>>> avast! - copyright (c) 1988-2012 AVAST Software.
>>> http://www.avast.com
>>>
>>>
>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org <mailto:cod at icculus.org>
>>> http://icculus.org/mailman/listinfo/cod
>>>
>>>  
>>>
>>> -- 
>>>
>>>  
>>>
>>> *David Aguilar Valero*
>>>
>>> Dpto. Comercial y Soporte técnico
>>>
>>> NewLight Systems
>>>
>>> *Servidores de juegos, HW, Dedicados*
>>>
>>>  
>>>
>>> *crk01 at nls.es* <mailto:c>
>>>
>>> crk01 at newlightsystems.com <mailto:crk01 at newlightsystems.com>
>>>
>>> tecnico at newlightsystems.com <mailto:tecnico at newlightsystems.com>
>>>
>>> #NewLight_Systems @ irc-hispano.org
>>>
>>> *www.newlightsystems.com* <http://www.newlightsystems.com/>
>>>
>>> *www.nls.es* <http://www.nls.es/>
>>>
>>> This email and any files or attachments transmitted with it are
>>> intended solely for the use of the intended recipient. This email is
>>> confidential and may contain legally privileged information. If you
>>> are not the intended recipient you should not read, disseminate,
>>> distribute, or copy this email. If you have received this email in
>>> error, please notify the sender immediately and delete it from your
>>> system.
>>>
>>>
>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>
>>
>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>
> -- 
>
>
> *David Aguilar Valero*
>
> Dpto. Comercial y Soporte técnico
>
> NewLight Systems
>
> *Servidores de juegos, HW, Dedicados*
>
>
> *crk01 at nls.es* <mailto:c>
>
> crk01 at newlightsystems.com <mailto:crk01 at newlightsystems.com>
>
> tecnico at newlightsystems.com <mailto:tecnico at newlightsystems.com>
>
> #NewLight_Systems @ irc-hispano.org
>
> *www.newlightsystems.com* <http://www.newlightsystems.com/>
>
> *www.nls.es* <http://www.nls.es/>
>
> This email and any files or attachments transmitted with it are
> intended solely for the use of the intended recipient. This email is
> confidential and may contain legally privileged information. If you
> are not the intended recipient you should not read, disseminate,
> distribute, or copy this email. If you have received this email in
> error, please notify the sender immediately and delete it from your
> system.
>
>
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20120107/cbf7c1e8/attachment.htm>