Bugtraq mailing list archives

Re: NetQuake Protocol problem resulting in smurf like effect.

From: davids () WEBMASTER COM (David Schwartz)
Date: Tue, 26 May 1998 14:41:26 -0400


    A rule for UDP based services is that until/unless you have in some
sense 'established a connection', you must not send 'a lot' more data to a
host than it has sent you. Until this rule is understood and enforced, we
will be seeing a lot more smurf-like 'magnification' attacks.

    DS

* Through the NQ (NetQuake) Protocol it is possible to send a spoofed
connect request packet to several <i.e 400 or so> NetQuake Servers.  This
then will result in a flood of attempted "Connect" requests from the
servers' end to the target machine whether that target machine carries a
copy of Quake or not. This may be perceived in a similar way to smurf
attack, although I'm told it requires far less bandwidth "and can be done
from even a 14.4"

Current thread:

NetQuake Protocol problem resulting in smurf like effect. Q (May 22)
- Re: NetQuake Protocol problem resulting in smurf like effect. Black Jack (May 26)
- <Possible follow-ups>
- Re: NetQuake Protocol problem resulting in smurf like effect. David Schwartz (May 26)
- Re: NetQuake Protocol problem resulting in smurf like effect. Ambrose Feinstein (May 26)