Rcon DoS

[Thilo Schulz]

Hi Luigi,

On Sunday 03 December 2006 23:15, Luigi Auriemma wrote:
> I have a doubt about an instruction in the Quake 3 engine.
>
> Some months ago during the checking of the Quake 3 source code (in
> reality I noticed this thing some years ago, anyway) I saw the limitation
> of max 2 rcon commands for second in sv_main.c, and I thought it was just
> an anti-brute forcing instruction instead in the Changelog file it's
> identified as "fixing rcon being broken on NT/XP with > 23 days uptime
> (or so)"
>
> This limitation of 2 rcon for seconds allows some people to block the
> RCON service simply sending more than 2 rcon commands at second, so the
> valid commands of the admin will be ignored.
>
> I thought about this DoS already some months ago while I was writing a
> tool called multircon but I didn't considered a real bug so I simply
> left a comment in the runtime help and in the program's description.
>
> Anyway at the moment seems that people are exploiting this bug (reported
> by an admin and some other people) so what do you think about this rcon
> limitation? Isn't better to remove it?
> What is it's real purpose?

If this limitation really is in there, your concern is a valid one. I will 
take care of it in the next few days.

-- 
Thilo Schulz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://icculus.org/pipermail/quake3/attachments/20061203/d5015d87/attachment.pgp>