They've definitely thought this through, which was my concern with leaving two query types open. Here's a more detailed response I received from Alfred off-line:
>We are trying to counter bandwidth amplification attacks but also need to consider end user experience. >If we simply auth every query we just made getting server lists twice as slow (2 packets would be needed for >each server query rather than one, urgh). Instead, for the _INFO message (which is typically 150 bytes long) >we made the initial request larger (but smaller than 2 discrete packets) so that the balance between >usability and protection is met (you have less than a 3:1 bandwidth amplification with _INFO packets, and we >counter that by rate limiting queries also). A2S_PING returns a packet the exact same size as the request so >that one isn't a problem. >Both the _RULE _PLAYER requests typically return 1400 byte packets so this tradeoff isn't possible for them. --- Ron Mercer the_DM-Ohio http://www.qtracker.com > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Timo Stripf > Sent: Friday, February 25, 2005 2:57 PM > To: [email protected] > Subject: RE: [SPAM] RE: [hlds_apps] Server query protocol > > The tricky part on the DDoS via UDP is that you can multiply > your traffic. > You send a small udp packet (50 bytes inc. overhead) to the > game server and get a packet of 1kb in return. That is a > multiplication factor of 20. > > The answer of a A2S_INFO or PLAYER response is too small that > it makes sense to use it for DDoS and therefore you don't > need to protect these services. > > Timo > > > > Steve, there are server cvars to limit the number of > queries a second > > your server replies to. Use them :) > > > > As for the server query protocol changes, I'm a bit miffed. > > > > If the motivation for the change is to help avoid the query > mechanism > > become a DDOS tool then leaving the A2S_INFO query without > protection > > seems silly. > > > > Also, changing the A2S_INFO query to "0xFFFFFFFFFFFFFFF 'T' "Source > > Engine Query" '\0'" also seems silly, can't we have a > smaller string > > (or even better, a new character instead of T) to reduce the packet > > data size on client machines that query lots of servers > (i.e. for server browsers)? > > > > Kris. > > > > ----Original Message---- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Steve > > Tilson Sent: 25 February 2005 17:08 To: > > [email protected] > > Subject: Re: [SPAM] RE: [hlds_apps] Server query protocol > > > > > And we all very much appreciate your efforts. > > > > > > I am forming up a open source project for .NET rcon classes/tools. > > > I think the more complicated and safer protocol is preferred. > > > We can do the work to implement the protocol if the dedicated > > > servers will also deploy supporting this protocol. > > > > > > One comment about HLSW... > > > We frequently find ourselves firewall blocking IP > addresses that use > > > HLSW. > > > The tool was fine when it was an admin tool. > > > When the tool began competing with the all-seeing-eye for a game > > > launcher things got out of control. > > > > > > The issue with HLSW is it can be used as a dos tool itself by > > > setting the number of servers per second very high, having the > > > target server as the only server in the list, and setting > it to auto-update. > > > The result is a constant stream of status queries that effectively > > > renders the server unplayable. > > > > > > Stiil a great tool but it would be really great if you > could govern > > > the queries against single servers to once per 30 seconds or so. > > > > > > Regards, > > > Steve Tilson > > > > > > > > > > > > _______________________________________________ > > hlds_apps mailing list > > [email protected] > > http://list.valvesoftware.com/mailman/listinfo/hlds_apps > > > > _______________________________________________ > hlds_apps mailing list > [email protected] > http://list.valvesoftware.com/mailman/listinfo/hlds_apps > _______________________________________________ hlds_apps mailing list [email protected] http://list.valvesoftware.com/mailman/listinfo/hlds_apps
