> http://www.pivx.com/kristovich/adv/mk001/ > > Summary: Any server responding to Gamespy-style UDP status requests > are vulnerable to denial-of-service attacks with spoofed IP > addresses. The article explains in detail, but they found that just > one person with a > 14.4 modem connection could generate enough traffic to completely > flood a full T1 circuit. A person with a 56k modem connection could > generate enough traffic to completely flood two full T1 circuits. > > Probably the wrong list for this but the server admin list has a lot > of people on it and I'd like to know if Valve even _knows_ about this > before all the script kiddies get ahold of it. > > -doug > This is a really old "problem", and theres not much valve can do about it, except for adding a challenge to client querys, which will screw over most game query programs, and really reduce the speed of queries, which defeats the object.
If you check around on bugtraq theres a similar exploit for quakeworld, which shows the age of this trick. -- Ginga _______________________________________________ hlds_apps mailing list [EMAIL PROTECTED] http://list.valvesoftware.com/mailman/listinfo/hlds_apps
