I agree, this is a really old problem, but security through obscurity
rarely works for long and this one may become a problem now. I can think
of at least one relatively transparent way to solve the problem, which is
to implement some traffic-shaping within the game server application. Rate
limit query/status/info responses to queries from the same source to some
reasonable level. No challenge would be required, and all the client-side
applications could remain unchanged. Seems like a limit of one or two
query responses every five or ten seconds to the same IP address would be
sufficient for just about anything I can think of.
-d
>>This is a really old "problem", and theres not much valve can do about
>> it, except for adding a challenge to client querys, which will screw
>> over most game query programs, and really reduce the speed of queries,
>> which defeats the object.
>>
>>If you check around on bugtraq theres a similar exploit for quakeworld,
>> which
>>shows the age of this trick.
>>
>>--
>>Ginga
_______________________________________________
hlds_apps mailing list
[EMAIL PROTECTED]
http://list.valvesoftware.com/mailman/listinfo/hlds_apps
