1 and 2 are not viable
3 is not going to stop the DDoS, because you only need to send _one_ packet to each of the tens of thousands of servers to flood victims. A throttle on queries to the server per second would be a good way to stop the server getting bogged down though, like the way the hl1106 rcon protocol implemented this, but I believe there are already mechanisms in place.
There _are_ ways of preventing this : Force routers to drop spoofed packets.
See http://slashdot.org/article.pl?sid=03/01/19/1729250&mode=thread
: Spoofed packet question
: Egress filtering
Kris.
At 17:53 25/01/2003, you wrote:
IP spoofing will always be possible. No way of changing anything in the network layer.I only see these few options: 1.) change server-query protocol. this would be quite a big thing to do. ... biggest problem: find support in the industry. gamespy (afaik) established the query protocol the way it is for many gameservers. if HLDS changes many others might have to switch, too. 2.) switch from UDP over to TCP. has negative influence on response-speeds. forget this idea, if you ask me 3.) implement a throttle in all hlds. a block response will be send when there are more than a couple of simultaneous queries. the response packet (which says: too much load, try again in 5 seconds) can be only few bytes big. 4.) do nothing about all this. this issue lately came up but was never exploited the big way. so where's the problem ? Jan ----- Original Message ----- From: "Kris" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, January 25, 2003 6:24 PM Subject: Re: [hlds_apps] preventing DDoS > At 14:28 25/01/2003, you wrote: > >The only thing that would slow down is the time it takes for the query to > >produce results. And, unless the server ping is very high, that isn't even > >going to be THAT much. And you don't want to play on a server with 500+ ping > >anyways, so who cares about the query speed of those. > >Also, an effective handshake would be able to reuse the same ID for the same > >connection a few times. So the only added lag is 1 round trip to the > >gameserver. > > 1 round trip is long enough... say you're querying 30'000 game servers. > it's now going to take twice the time to get a reply from them, might as > well go make 6 cups of tea (instead of the normal 3) before the query > process finishes :) > > >As for waste of resources.... GameSpy, which is a quite 'heavy' program, > >used to run fine on my P233 with 32 MB RAM... Surely, the current 500 Mhz+ > >machines with 128MB RAM+ can handle a few more bytes per server... I mean, > >it's not that the server name, IP, port, playercount, ping, player data, > >rules, etc.. take up 0 bytes of memory. > > Heh, have you seen gamespy lately :) > Anyway, the point still stands that this should be fixed on the various > network levels, not the application layer. > > Kris. > > _______________________________________________ > hlds_apps mailing list > [EMAIL PROTECTED] > http://list.valvesoftware.com/mailman/listinfo/hlds_apps > _______________________________________________ hlds_apps mailing list [EMAIL PROTECTED] http://list.valvesoftware.com/mailman/listinfo/hlds_apps
_______________________________________________ hlds_apps mailing list [EMAIL PROTECTED] http://list.valvesoftware.com/mailman/listinfo/hlds_apps
