[EMAIL PROTECTED] wrote:
> To: [EMAIL PROTECTED]
> Subject: Re: [hlds_linux] [OT] Multi-vendor Game Server DDoS
> Vulnerability
>
>
> I read this a few days ago on the newside of the
> german c't magazine. I
> am a bit shocked that no gamedeveloper ever thought about such
a
> common vulnerability for DDOS attacks.
> A very easy solution would be to limit the number of respons
per IP.
>
> I think about no more than 2-5 responses to requests of a
specific IP
> (which is spoofed in this case) are allowed in one
> second. More requests
> get dropped and no victim-server will be harmed this way.
> Furthermore I believe in practical 'Gamespy' requests there are
no
> more than this 2-5 requests per seconds needed. If there are
more
> requests you can be sure this is a application going harakiri
or a
> DDOS smurf attack.
>
> Yesterday we got massiv attacked with a similiar DOS and we are
> planning to drop the server offline if valve will not patch
> this behavior to a
> level like descriped above.
>
>
> Frank
>
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view
> the list archives, please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux

The IP can be spoofed, so they could just pake it query from an
inifinite number of IPs.

---------
Tyler "[TASF]Overkill" Schwend
"Semper facere bonum, an a amare odium, vita mors."

_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Reply via email to