I read this a few days ago on the newside of the german c't magazine. I am a bit shocked that no gamedeveloper ever thought about such a common vulnerability for DDOS attacks. A very easy solution would be to limit the number of respons per IP.
I think about no more than 2-5 responses to requests of a specific IP (which is spoofed in this case) are allowed in one second. More requests get dropped and no victim-server will be harmed this way. Furthermore I believe in practical 'Gamespy' requests there are no more than this 2-5 requests per seconds needed. If there are more requests you can be sure this is a application going harakiri or a DDOS smurf attack. Yesterday we got massiv attacked with a similiar DOS and we are planning to drop the server offline if valve will not patch this behavior to a level like descriped above. Frank _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux

