[quake3-bugzilla] [Bug 5678] prevent using getinfo as an amplifier for DDOS attacks

bugzilla-daemon at icculus.org bugzilla-daemon at icculus.org
Wed Jun 20 22:29:25 EDT 2012


https://bugzilla.icculus.org/show_bug.cgi?id=5678

--- Comment #4 from /dev/humancontroller <devhc97 at gmail.com> 2012-06-20 22:29:22 EDT ---
(In reply to comment #3)
> Is this actively being used in attacks?

yes. there were reports and discussions about attacks on ioQuake3-based games.
5 months ago (around the time of the said events), i reported that the limiting
functionality is missing from the getinfo code [1], but apparently noone
listened.

> Is there some other reason for critical severity?

no. and perhaps the "criticalness" of this bug report is already out-of-date
(by this time, server owners have applied some rate limiting of their own,
etc.).


[1]
http://lists.ioquake.org/pipermail/ioquake3-ioquake.org/2012-January/004785.html

-- 
Configure bugmail: https://bugzilla.icculus.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.


More information about the quake3-bugzilla mailing list