nanog mailing list archives
Re: DDoS - CoD?
From: Jeff Walter <jeffw () he net>
Date: Tue, 06 Sep 2011 06:47:31 -0700
Call of Duty is apparently using the same flawed protocol as Quake III servers, so you can think of it as an amplification attack. (I wish I'd forgotten all about this stuff)
You send "\xff\xff\xff\xffgetstatus\n" in a UDP packet with a spoofed source, and the server responds with everything you see. With decent amplification (15B -> ~500B) and the number of CoD servers in world you could very easily build up a sizable attack.
-- Jeff Walter Network Engineer Hurricane Electric
Attachment:
jeffw.vcf
Description:
Current thread:
- DDoS - CoD? BH (Sep 06)
- Re: DDoS - CoD? Dobbins, Roland (Sep 06)
- RE: DDoS - CoD? John van Oppen (Sep 06)
- Re: DDoS - CoD? BH (Sep 06)
- Re: DDoS - CoD? Greg Chalmers (Sep 06)
- Re: DDoS - CoD? Alexander Harrowell (Sep 06)
- Re: DDoS - CoD? - Activision contact BH (Sep 06)
- Re: DDoS - CoD? - Activision contact Jeff Walter (Sep 07)
- Re: DDoS - CoD? Dobbins, Roland (Sep 06)
- Re: DDoS - CoD? Mark Grigsby (Sep 06)
- Re: DDoS - CoD? George Herbert (Sep 06)
- Re: DDoS - CoD? Ryan Gelobter (Sep 08)