Maybe we should DoS their sites this way.. THAT would get their attention :)
Jeroen "ShadowLord" Bogers ----- Original Message ----- From: "botman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, January 20, 2003 22:51 Subject: Re: [hlds_apps] Re: hlds_apps digest, Vol 1 #137 - 5 msgs > > I agree, this is a really old problem, but security through obscurity > > rarely works for long and this one may become a problem now. I can think > > of at least one relatively transparent way to solve the problem, which is > > to implement some traffic-shaping within the game server application. Rate > > limit query/status/info responses to queries from the same source to some > > reasonable level. No challenge would be required, and all the client-side > > applications could remain unchanged. Seems like a limit of one or two > > query responses every five or ten seconds to the same IP address would be > > sufficient for just about anything I can think of. > > The problem with your solution is that (if IP spoofing is really used), you > don't KNOW the source (the source IP address is bogus). > > The real solution to this is for IP providers to block packets at the router > front end when the source address in the packet does NOT match the network > that the packet came from. If Cisco, Bay Networks (now Nortel), 3Com and > the other network vendors would get off their asses and implement proper > filtering (and if monkey brained ISPs would turn on the filters), we > wouldn't have this type of attacks. > > Jeffrey "botman" Broome > > _______________________________________________ > hlds_apps mailing list > [EMAIL PROTECTED] > http://list.valvesoftware.com/mailman/listinfo/hlds_apps > > _______________________________________________ hlds_apps mailing list [EMAIL PROTECTED] http://list.valvesoftware.com/mailman/listinfo/hlds_apps
