Vulnerability Development mailing list archives
Re: New DoS attack
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Mon, 19 Jun 2000 19:37:56 -0700
Dave Booth wrote:
Sorry, BB - normally I read your comments here with much head-nodding and agreement but this time I have to disagree. As a previous poster pointed out if you are reimplementing TCP in UDP gaming protocols you may as well just use TCP. Lots of reasons, all performance-related, why game designers dont want to do that. Assuming 2-way UDP traffic is possible through whatever firewalling setup is in place (or they wouldnt be playing now!) how do you hit the back-channel nightmares you worry about with a scheme like this...?
No, just the initial 3-way handshake. Should be a grand total of one extra packet and about 2 extra round trips, assuming no retransmits required. All at the beginning. Shouldn't hurt gameplay one bit.
Game client makes tcp connection to server and requests to join the game. Server responds (as part of the same tcp session) with a unique token, remembers it and the clients IP then signs off. Client initiates normal UDP game connection including the token in every datagram. Server silently ignores all incoming datagrams where there isnt a valid token that matches up with the IP address the datagram claims to come from. In each case the connection is initiated by the client, but that makes blind spoofing to create bogus connections impossible as there has to be a two-way conversation in tcp to pass the token before the UDP join game request (which doesnt get modified at all apart from the inclusion of the token) will be accepted by the server. If it isnt blind spoofing but is done by someone who can sniff the network then as you so rightly pointed out the victim is in a world of hurt anyway and spoofed game connections are the least of their problems.
You're right, that would work fine. It's extra work above what I was proposing, though. You can take any portion of the features from TCP and put them atop UDP manually. That's what UDP is for in my mind. BB
Current thread:
- Re: New DoS attack Luke Dudney (Jun 15)
- Re: New DoS attack Bluefish (Jun 17)
- Re: New DoS attack Blue Boar (Jun 17)
- <Possible follow-ups>
- Re: New DoS attack Dave Booth (Jun 19)
- Re: New DoS attack Blue Boar (Jun 19)
- Re: New DoS attack Taneli Huuskonen (Jun 20)