[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DDoS - CoD?

Subject: DDoS - CoD?
From: george.herbert at gmail.com (George Herbert)
Date: Tue, 6 Sep 2011 11:19:23 -0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

Arrgghhh....

This reminds me of the WebNFS attack.  Which is why Sun aborted
WebNFS's public launch, after I pointed it out during its Solaris 2.6
early access program.

Never run a volume-multiplying service on UDP if you can help it,
exposed to the outside world, without serious in-band source
verification.  Amplification attacks are a classic easy DDOS win.

-george

On Tue, Sep 6, 2011 at 6:47 AM, Jeff Walter <jeffw at he.net> wrote:
> Call of Duty is apparently using the same flawed protocol as Quake III
> servers, so you can think of it as an amplification attack. ?(I wish I'd
> forgotten all about this stuff)
>
> You send "\xff\xff\xff\xffgetstatus\n" in a UDP packet with a spoofed
> source, and the server responds with everything you see. ?With decent
> amplification (15B -> ~500B) and the number of CoD servers in world you
> could very easily build up a sizable attack.
>
> --
> Jeff Walter
> Network Engineer
> Hurricane Electric
>

-- 
-george william herbert
george.herbert at gmail.com

Follow-Ups:
- DDoS - CoD?
  - From: ryan.g at atwgpc.net (Ryan Gelobter)

References:
- DDoS - CoD?
  - From: lists at blackhat.bz (BH)
- DDoS - CoD?
  - From: jeffw at he.net (Jeff Walter)

Prev by Date: Point to MultiPoint VPN w/qos
Next by Date: Point to MultiPoint VPN w/qos
Previous by thread: DDoS - CoD?
Next by thread: DDoS - CoD?
Index(es):
- Date
- Thread