[quake3-bugzilla] [Bug 5678] prevent using getinfo as an amplifier for DDOS attacks
bugzilla-daemon at icculus.org
bugzilla-daemon at icculus.org
Wed Jun 20 13:04:31 EDT 2012
https://bugzilla.icculus.org/show_bug.cgi?id=5678
Simon McVittie <smcv-ioquake3 at pseudorandom.co.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |smcv-ioquake3 at pseudorandom.
| |co.uk
--- Comment #3 from Simon McVittie <smcv-ioquake3 at pseudorandom.co.uk> 2012-06-20 13:04:30 EDT ---
When I looked at this for getstatus (CVE-2010-5077), the amplification factor
for getinfo (in openarena, so based on an older ioquake3) was 4.4x, compared
with 20x or more for getstatus:
> According to wireshark, using various commands on an unconfigured
> squeeze "listen server" (1 player in the game, playing on the server
> machine) has these amplification factors (I'm counting the size of the
> IP packet, so excluding Ethernet headers):
>
> command in/bytes out/bytes amp.
> --------------------------------------
> getstatus 41 802 20x (more on a config'd server?)
> getinfo 39 172 4.4x
> rcon 36 73 2x
> getchallenge 44 61 < 2x
> connect 39 71 < 2x (minimal connect message)
(<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665656>)
Is this actively being used in attacks?
Is there some other reason for critical severity?
--
Configure bugmail: https://bugzilla.icculus.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the quake3-bugzilla
mailing list