This isn't new afaik. If I'm not mistaken, it was talked about on hlds before. The solution I thought was to use a cookie. Ideally though, the server shouldn't respond to non-won (er whatever the hell)-authed clients.
Throttling really won't help you much because it isn't one server involved, and really you aren't being used much to participate. .. though there should be _some_ degree of protection ... otherwise we end up with smurf nets all over the place ... which is effectively what this is. This problem is not unique to game servers by any means ... there are many, MANY ways to abuse public services if one so desires. For the same reason people should run directory services like NDS, (gawd forbid .. Active Directory), ldap, Wins, etc. in a lan environment, I believe the protocol needs to be changed to use Won (or whatever your choice is), exclusively. THEN, allow special clients to query your server directly (like your web page to see whose playing, etc.).. Changing over to a directory only, need not be difficult either. If you want to see how much of your bandwidth is being wasted by server queries'n crap, use .. I think its sv_shownet ? .. I'd have to look for it (too lazy). It will show you whose doing a query, ping, etc. DO NOT DO THIS FOR A LONG TIME ... cause it lags your server .. heh. Machone wrote:
This is a multi-part message in MIME format. -- -- [ Picked text/plain from multipart/alternative ] http://www.pivx.com/kristovich/adv/mk001/ Mike Kristovich, security advisory MK#001 Topic: Multi-vendor Game Server DDoS Vulnerability
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux

