Frank Stollar <[EMAIL PROTECTED]> wrote:
>
> That mentioned I already a few posts ago. But Simon Street made clear,
> that would just help a little bit, because there are thousends of
> cs/hl/q3 etc. servers around the world. And if every server just
> answer _one_ request to the same IP (which is spoofed of course), it
> would have the same effect.
>

By that reasoning there is no solution to the problem - even a
challenge/response system would be vulnerable if all you want is for the
server to return one packet. Only ISPs can solve this, by fixing their
routers as Jeremy said. In which case this security advisory has been
targeted at the wrong audience, and we may as well just forget about it.

However, a query rate limit would at least prevent anybody taking
advantage of this flaw from screwing up my game servers. Combined with a
thousand other servers they still might be able to DDoS some third
party, but then that would be the attacker's ISP's fault for not fixing
their routers, not mine for running HLDS.

-Simon

_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Reply via email to