Bugtraq mailing list archives
Re: NetQuake Protocol problem resulting in smurf like effect.
From: davids () WEBMASTER COM (David Schwartz)
Date: Tue, 26 May 1998 14:41:26 -0400
A rule for UDP based services is that until/unless you have in some sense 'established a connection', you must not send 'a lot' more data to a host than it has sent you. Until this rule is understood and enforced, we will be seeing a lot more smurf-like 'magnification' attacks. DS
* Through the NQ (NetQuake) Protocol it is possible to send a spoofed connect request packet to several <i.e 400 or so> NetQuake Servers. This then will result in a flood of attempted "Connect" requests from the servers' end to the target machine whether that target machine carries a copy of Quake or not. This may be perceived in a similar way to smurf attack, although I'm told it requires far less bandwidth "and can be done from even a 14.4"
Current thread:
- NetQuake Protocol problem resulting in smurf like effect. Q (May 22)
- Re: NetQuake Protocol problem resulting in smurf like effect. Black Jack (May 26)
- <Possible follow-ups>
- Re: NetQuake Protocol problem resulting in smurf like effect. David Schwartz (May 26)
- Re: NetQuake Protocol problem resulting in smurf like effect. Ambrose Feinstein (May 26)