[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DDoS - CoD?

Subject: DDoS - CoD?
From: jeffw at he.net (Jeff Walter)
Date: Tue, 06 Sep 2011 06:47:31 -0700
In-reply-to: <[email protected]>
References: <[email protected]>

Call of Duty is apparently using the same flawed protocol as Quake III 
servers, so you can think of it as an amplification attack.  (I wish I'd 
forgotten all about this stuff)

You send "\xff\xff\xff\xffgetstatus\n" in a UDP packet with a spoofed 
source, and the server responds with everything you see.  With decent 
amplification (15B -> ~500B) and the number of CoD servers in world you 
could very easily build up a sizable attack.

--
Jeff Walter
Network Engineer
Hurricane Electric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jeffw.vcf
Type: text/x-vcard
Size: 305 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110906/9e112816/attachment.vcf>

Follow-Ups:
- DDoS - CoD?
  - From: mark at pcinw.net (Mark Grigsby)
- DDoS - CoD?
  - From: george.herbert at gmail.com (George Herbert)

References:
- DDoS - CoD?
  - From: lists at blackhat.bz (BH)

Prev by Date: DDoS - CoD? - Activision contact
Next by Date: Point to MultiPoint VPN w/qos
Previous by thread: DDoS - CoD? - Activision contact
Next by thread: DDoS - CoD?
Index(es):
- Date
- Thread