Vulnerability Development mailing list archives

Re: New DoS attack

From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Mon, 19 Jun 2000 19:37:56 -0700


Dave Booth wrote:


Sorry, BB - normally I read your comments here with much head-nodding
and agreement but this time I have to disagree. As a previous poster
pointed out if you are reimplementing TCP in UDP gaming protocols you
may as well just use TCP. Lots of reasons, all performance-related, why
game designers dont want to do that. Assuming 2-way UDP traffic is
possible through whatever firewalling setup is in place (or they wouldnt
be playing now!) how do you hit the back-channel nightmares you worry
about with a scheme like this...?


No, just the initial 3-way handshake.  Should be a grand total of one
extra packet and about 2 extra round trips, assuming no retransmits
required.  All at the beginning.  Shouldn't hurt gameplay one bit.


Game client makes tcp connection to server and requests to join the
game.
Server responds (as part of the same tcp session) with a unique token,
remembers it and the clients IP then signs off.
Client initiates normal UDP game connection including the token in
every datagram.
Server silently ignores all incoming datagrams where there isnt a valid
token that matches up with the IP address the datagram claims to come
from.

In each case the connection is initiated by the client, but that makes
blind spoofing to create bogus connections impossible as there has to be
a two-way conversation in tcp to pass the token before the UDP join game
request (which doesnt get modified at all apart from the inclusion of
the token) will be accepted by the server. If it isnt blind spoofing but
is done by someone who can sniff the network then as you so rightly
pointed out the victim is in a world of hurt anyway and spoofed game
connections are the least of their problems.


You're right, that would work fine.  It's extra work above what I was
proposing, though.  You can take any portion of the features from
TCP and put them atop UDP manually.  That's what UDP is for in my mind.

                                        BB

Current thread:

Re: New DoS attack Luke Dudney (Jun 15)
- Re: New DoS attack Bluefish (Jun 17)
- Re: New DoS attack Blue Boar (Jun 17)
- <Possible follow-ups>
- Re: New DoS attack Dave Booth (Jun 19)
  - Re: New DoS attack Blue Boar (Jun 19)
  - Re: New DoS attack Taneli Huuskonen (Jun 20)