Vulnerability Development mailing list archives
Re: Online Games Consoles and Security Implications
From: Valdis.Kletnieks () vt edu
Date: Tue, 21 May 2002 21:55:00 -0400
On Tue, 21 May 2002 08:50:57 EDT, Elan Hasson <elan () daryl org> said:
The xbox is VERY secure, read the docs on Network Security in the SDK.
Color me dubious, if you're basing that statement on the docs. If you're citing "and Big Name XYZ wasn't able to break it either", then I'll be a *bit* more inclined to agree. Remember that Allchin testified under oath last week that many of those API's had to remain undocumented for "national security" - presumably because if hackers knew the API was there, they could rape, pillage, and burn even worse than they are now. Now, admittedly, the fact that IE is (hopefully) not in the XBox version of Embedded XP improves matters significantly.
MS even has a bit in there about Denial Of Service..and how the xbox can handle it and not affect game performance.
However, I won't buy the "handle it and not affect game performance" at face value until tested by others. I mean, let's THINK for a moment - do they just mean "non-network game performance"? If you're on a cable modem playing a game that wants 100kbits/sec of data, and you get hosed down by a DoS attack that drops your effective throughput to 5kbits, you WILL BE HOSED, no matter what the docs say. Unless Microsoft has some ultra-sneaky ultra-nifty QoS hooks in its TCP/IP stack that interface into the routers at the upstream end of your connection so you don't get packets you didn't want? Of course, if such hooks did exist, somebody should clue in the Cisco and Juniper users over on the NANOG mailing list - one guy at a Tier-1 provider was estimating that 10-15% of *all* the traffic was DDOS-related. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Online Games Consoles and Security Implications John_Leitch (May 21)
- RE: Online Games Consoles and Security Implications Dom De Vitto (May 21)
- Re: Online Games Consoles and Security Implications Kevin Finisterre (May 21)
- RE: Online Games Consoles and Security Implications Elan Hasson (May 21)
- Re: Online Games Consoles and Security Implications Valdis . Kletnieks (May 21)
- Re: Online Games Consoles and Security Implications hellNbak (May 21)
- Re: Online Games Consoles and Security Implications Dave (May 21)
- <Possible follow-ups>
- RE: Online Games Consoles and Security Implications Steve Maks (May 21)
- Re: Online Games Consoles and Security Implications kawaii (May 21)
- RE: Online Games Consoles and Security Implications Vasisht Tadigotla (May 21)
- Re: Online Games Consoles and Security Implications Ryan Verner (May 22)
- Re: Online Games Consoles and Security Implications Vasisht Tadigotla (May 23)
- RE: Online Games Consoles and Security Implications Dom De Vitto (May 21)
- RE: Online Games Consoles and Security Implications Elan Hasson (May 21)
- RE: Online Games Consoles and Security Implications Evans, TJ (May 22)
- RE: Online Games Consoles and Security Implications Elan Hasson (May 23)