Frank Stollar <[EMAIL PROTECTED]> wrote: > > That mentioned I already a few posts ago. But Simon Street made clear, > that would just help a little bit, because there are thousends of > cs/hl/q3 etc. servers around the world. And if every server just > answer _one_ request to the same IP (which is spoofed of course), it > would have the same effect. >
By that reasoning there is no solution to the problem - even a challenge/response system would be vulnerable if all you want is for the server to return one packet. Only ISPs can solve this, by fixing their routers as Jeremy said. In which case this security advisory has been targeted at the wrong audience, and we may as well just forget about it. However, a query rate limit would at least prevent anybody taking advantage of this flaw from screwing up my game servers. Combined with a thousand other servers they still might be able to DDoS some third party, but then that would be the attacker's ISP's fault for not fixing their routers, not mine for running HLDS. -Simon _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux

