[quake3-bugzilla] [Bug 5678] prevent using getinfo as an amplifier for DDOS attacks

bugzilla-daemon at icculus.org bugzilla-daemon at icculus.org
Wed Jun 20 13:04:31 EDT 2012


Simon McVittie <smcv-ioquake3 at pseudorandom.co.uk> changed:

           What    |Removed                     |Added
                 CC|                            |smcv-ioquake3 at pseudorandom.
                   |                            |co.uk

--- Comment #3 from Simon McVittie <smcv-ioquake3 at pseudorandom.co.uk> 2012-06-20 13:04:30 EDT ---
When I looked at this for getstatus (CVE-2010-5077), the amplification factor
for getinfo (in openarena, so based on an older ioquake3) was 4.4x, compared
with 20x or more for getstatus:

> According to wireshark, using various commands on an unconfigured
> squeeze "listen server" (1 player in the game, playing on the server
> machine) has these amplification factors (I'm counting the size of the
> IP packet, so excluding Ethernet headers):
> command    in/bytes   out/bytes   amp.
> --------------------------------------
> getstatus  41         802         20x   (more on a config'd server?)
> getinfo    39         172         4.4x
> rcon       36         73          2x
> getchallenge 44       61          < 2x
> connect    39         71          < 2x  (minimal connect message)


Is this actively being used in attacks?

Is there some other reason for critical severity?

Configure bugmail: https://bugzilla.icculus.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the quake3-bugzilla mailing list