Re: Master Servers: yet another DDoS...

[Greg Steuck <greg-bugtraq () nest cx>]

> > > > > "Auriemma" == Auriemma Luigi <aluigi () pivx com> writes:

    Auriemma> Yeah, seems that DDoS attacks will never die and in these
    Auriemma> months seems that every game can be used for launch DDoS
    Auriemma> attacks...

One could argue that using _D_DoS term here is a misnomer. The attack
will not be truly distributed since there is only a handful of attacking
hosts (Master Servers). And what's even better they all are under
control of their respective owners that probably will care if most of
their bandwidth will be consumed by rogue traffic.

Yet I agree that the approach allows for bandwidth magnification since
the Master Servers will probably have far better connectivity than an
average script kiddie.

Turning to mitigation techniques one could further argue that the server
operators could improve their software resistance to this kind of abuse
_without_ abandoning UDP or introducing a handshake. They will need to
introduce rate limiting provisions into their code such that each IP
address can request the server list only once in a certain period of
time. It is possible though that with a certain combination of
parameters (number of IP addresses kept, keep-alive period) this
mitigation technique may become more resource intensive for the operator
than switching to TCP.

Bye
Greg