Vulnerability Development mailing list archives
Re: New DoS attack
From: huuskone () CC HELSINKI FI (Taneli Huuskonen)
Date: Tue, 20 Jun 2000 10:13:48 +0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Booth <dave.booth () MEDTRONIC COM> wrote: [...]
Game client makes tcp connection to server and requests to join the game. Server responds (as part of the same tcp session) with a unique token, remembers it and the clients IP then signs off. Client initiates normal UDP game connection including the token in every datagram. Server silently ignores all incoming datagrams where there isnt a valid token that matches up with the IP address the datagram claims to come from.
This thread was originally about the use of game servers as traffic amplifiers for smurf-type DoS attacks. The problem is that a game server can be tricked into sending relatively large amounts of data in response to a blindly spoofed request to join the game, thereby flooding the spoofed address. It seems to me that your suggested protocol would indeed solve the problem, but I think it's overkill. The same result is achieved by having the server reply to the initial contact attempt with a packet containing essentially nothing but the token. After that, continue like you propose. Much simpler and cleaner, IMHO. Taneli Huuskonen -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBOU8Zf1+t0CYLfLaVEQI0/wCeMskkhh15C5RP0xv5SYn4l5RWPUoAoNXE MKROy4DS5n5C7ITAS3fo6nuw =4BsF -----END PGP SIGNATURE----- -- I don't | All messages will be PGP signed, | Fight for your right to speak for | encrypted mail preferred. Keys: | use sealed envelopes. the Uni. | http://www.helsinki.fi/~huuskone/ | http://www.gilc.org/
Current thread:
- Re: New DoS attack Luke Dudney (Jun 15)
- Re: New DoS attack Bluefish (Jun 17)
- Re: New DoS attack Blue Boar (Jun 17)
- <Possible follow-ups>
- Re: New DoS attack Dave Booth (Jun 19)
- Re: New DoS attack Blue Boar (Jun 19)
- Re: New DoS attack Taneli Huuskonen (Jun 20)