[cod] COD 4 UDP security leak

Marco Padovan evcz at evcz.tk
Sat Jan 7 05:25:00 EST 2012


Do the dump with -nvvXS.... Those just looks like statusresponse
Il giorno 07/gen/2012 09:34, "RedDragon" <reddragon at efc-funclan.de> ha
scritto:

>  Hi guys,
> a filter by lenght isn't a good solution. Here's a sample from the abuse
> message
>
> 2011-12-25 13:37:59.270429 GMT ip 46.4.18.xxx.9841 > 208.110.65.xx.20480: UDP (566 bytes) [#0]
> 2011-12-25 13:37:59.274127 GMT ip 46.4.18.xxx.24685 > 208.110.65.xxx.20480: UDP (575 bytes) [#0]
>
> As u can see the lenght is even longer then 42-43 bytes.
>
> The patch from ryan disable its self after some time. Posted before in
> this list.
>
> Hope for a dll or somthing solution. Packetfiltering by an firewall isn't
> a good solution for me.
>
> Greetz
> RedDragon
>
> Am 07.01.2012 00:38, schrieb NewLight Systems:
>
> Previous versions where affected by xfire or hlsw ( windows )
>
> In linux, Ryan's patch is ok, but there are more gameservers affected (ET,
> COD2, CODMW, CODWAW, and all Quake based.. )
>
> El 07/01/12 0:34, John escribió:
>
> David,
>
> Here's another link to a copy of the Windows tool, if you don't want to
> register for an account on the TCAdmin forums:
> http://files.nfoe.net/download.php?fname=./cod4/CoD4_Getstatus_Flood_Fix.zip.
> I don't know if it's the very latest, though (it's v3).
>
> For Linux hosters, the best option is probably to use Ryan's patch --
> unless you are running something other than 1.7:
> http://treefort.icculus.org/cod/cod4-lnxsrv-query-limit-test.tar.bz2
>
> -John
>
> On 1/6/2012 2:46 PM, STIPE Administrator wrote:
>
>  I keep getting attacked by other game server companies who run COD on
> windows - and they would really like this DLL fix..****
>
> Does anyone know where it can be downloaded?****
>
> ** **
>
> Somebody gave me a link to a working dll fix  for widnows last week but
> the website was most likely ddos attacked and forced to shutdown.****
>
> http://rankgamehosting.ru/index.php?showtopic=1320****
>
> ** **
>
> somebody is really trying hard to prevent the fix for this spreading out.*
> ***
>
> ** **
>
> ** **
>
> ** **
>
> *From:* NewLight Systems [mailto:nls at newlightsystems.com<nls at newlightsystems.com>]
>
> *Sent:* Saturday, 7 January 2012 6:44 AM
> *To:* Call of Duty server admin list.
> *Subject:* Re: [cod] COD 4 UDP security leak****
>
> ** **
>
> There's a dll that fixed that on windows and iptables rules on linux
>
> El 06/01/12 20:08, Bong escribió: ****
>
>
> Our servers are also down now untill there is a fix but i am also on a win
> server :(
> -----Original Message----- From: RedDragon
> Sent: Friday, January 06, 2012 9:33 AM
> To: Call of Duty server admin list.
> Subject: [cod] COD 4 UDP security leak
>
> Hi Guys,
> is there a practical solution to fix the udp security problem? Our
> servers were also a target.
> We have turned off the servers for now till a logtime solution patch is
> out there.
>
> @rayn
> Is it possible to release the last quick patch as an offical one?
>
> Greetz
> RedDragon
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
>
> ---
> avast! Antivirus: Inbound message clean.
> Virus Database (VPS): 120106-0, 06/01/2012
> Tested on: 06/01/2012 19:00:41
> avast! - copyright (c) 1988-2012 AVAST Software.
> http://www.avast.com
>
>
>
>
> ---
> avast! Antivirus: Outbound message clean.
> Virus Database (VPS): 120106-0, 06/01/2012
> Tested on: 06/01/2012 19:08:07
> avast! - copyright (c) 1988-2012 AVAST Software.
> http://www.avast.com
>
>
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod ****
>
> ** **
>
> --
>
> ****
>
> ** **
>
> *David Aguilar Valero*****
>
> Dpto. Comercial y Soporte técnico****
>
> NewLight Systems****
>
> *Servidores de juegos, HW, Dedicados*****
>
> ** **
>
> *crk01 at nls.es* <c>****
>
> crk01 at newlightsystems.com****
>
> tecnico at newlightsystems.com****
>
> #NewLight_Systems @ irc-hispano.org****
>
> *www.newlightsystems.com* <http://www.newlightsystems.com/>****
>
> *www.nls.es* <http://www.nls.es/>****
>
> This email and any files or attachments transmitted with it are intended
> solely for the use of the intended recipient. This email is confidential
> and may contain legally privileged information. If you are not the intended
> recipient you should not read, disseminate, distribute, or copy this email.
> If you have received this email in error, please notify the sender
> immediately and delete it from your system.****
>
>
> _______________________________________________
> cod mailing listcod at icculus.orghttp://icculus.org/mailman/listinfo/cod
>
>
>
>
> _______________________________________________
> cod mailing listcod at icculus.orghttp://icculus.org/mailman/listinfo/cod
>
>
> --
>
>
>  *David Aguilar Valero*
>
> Dpto. Comercial y Soporte técnico
>
> NewLight Systems
>
> *Servidores de juegos, HW, Dedicados*
>
>
>  *crk01 at nls.es* <c>
>
> crk01 at newlightsystems.com
>
> tecnico at newlightsystems.com
>
> #NewLight_Systems @ irc-hispano.org
>
> *www.newlightsystems.com* <http://www.newlightsystems.com/>
>
> *www.nls.es* <http://www.nls.es/>
>
> This email and any files or attachments transmitted with it are intended
> solely for the use of the intended recipient. This email is confidential
> and may contain legally privileged information. If you are not the intended
> recipient you should not read, disseminate, distribute, or copy this email.
> If you have received this email in error, please notify the sender
> immediately and delete it from your system.
>
>
> _______________________________________________
> cod mailing listcod at icculus.orghttp://icculus.org/mailman/listinfo/cod
>
>
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20120107/cda2492e/attachment-0001.htm>


More information about the cod mailing list