I read this a few days ago on the newside of the german c't magazine. I
am a bit shocked that no gamedeveloper ever thought about such a common
vulnerability for DDOS attacks.
A very easy solution would be to limit the number of respons per IP.

I think about no more than 2-5 responses to requests of a specific IP
(which is spoofed in this case) are allowed in one second. More requests
get dropped and no victim-server will be harmed this way.
Furthermore I believe in practical 'Gamespy' requests there are no more
than this 2-5 requests per seconds needed. If there are more requests
you can be sure this is a application going harakiri or a DDOS smurf attack.

Yesterday we got massiv attacked with a similiar DOS and we are planning
to drop the server offline if valve will not patch this behavior to a
level like descriped above.


Frank


_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Reply via email to