nanog mailing list archives
Re: DDoS - CoD?
From: Mark Grigsby <mark () pcinw net>
Date: Tue, 6 Sep 2011 08:26:51 -0700
Recently (last month) Ryan Gordon (the person responsible for porting COD to Linux) released a patch for cod4 servers to address this specific issue. Here is the announcement and a link to the original email as well. The discussion also indicated that all of the Quake III based games suffered from the same issue. http://icculus.org/pipermail/cod/2011-August/015397.html So we're getting reports of DDoS attacks, where botnets will send
infostring queries to COD4 dedicated servers as fast as possible with spoofed addresses. They send a small UDP packet, and the server replies with a larger packet to the faked address. Multiply this by however fast you can stuff UDP packets into the server's incoming packet buffer per frame, times 7500+ public COD4 servers, and you can really bring a victim to its knees with a serious flood of unwanted packets. I've got a patch for COD4 for this, and I need admins to test it before I make an official release. http://treefort.icculus.org/cod/cod4-lnxsrv-query-limit-test.tar.bz2
On Tue, Sep 6, 2011 at 6:47 AM, Jeff Walter <jeffw () he net> wrote:
Call of Duty is apparently using the same flawed protocol as Quake III servers, so you can think of it as an amplification attack. (I wish I'd forgotten all about this stuff) You send "\xff\xff\xff\xffgetstatus\n" in a UDP packet with a spoofed source, and the server responds with everything you see. With decent amplification (15B -> ~500B) and the number of CoD servers in world you could very easily build up a sizable attack. -- Jeff Walter Network Engineer Hurricane Electric
-- Mark Grigsby Network Operations Manager PCINW (Preferred Connections Inc., NW) 3555 Gateway St. Ste. 205 Springfield, OR 97477 Voice: 800-787-3806 ext 408 DID: 541-762-1171 Fax: 541-684-0283
Current thread:
- DDoS - CoD? BH (Sep 06)
- Re: DDoS - CoD? Dobbins, Roland (Sep 06)
- RE: DDoS - CoD? John van Oppen (Sep 06)
- Re: DDoS - CoD? BH (Sep 06)
- Re: DDoS - CoD? Greg Chalmers (Sep 06)
- Re: DDoS - CoD? Alexander Harrowell (Sep 06)
- Re: DDoS - CoD? - Activision contact BH (Sep 06)
- Re: DDoS - CoD? - Activision contact Jeff Walter (Sep 07)
- Re: DDoS - CoD? Dobbins, Roland (Sep 06)
- Re: DDoS - CoD? Mark Grigsby (Sep 06)
- Re: DDoS - CoD? George Herbert (Sep 06)
- Re: DDoS - CoD? Ryan Gelobter (Sep 08)