Re: New DoS attack

[luke.dudney () WN COM AU (Luke Dudney)]

Or even using TCP to establish the connection, then UDP for game data?
This sounds a whole lot more reasonable (even easier) to implement, or am I
missing something?

> -----Original Message-----
> From: Raistlin [mailto:raist () CTRADE IT]
> Sent: Thursday, June 15, 2000 7:48 PM
> To:   
> Subject: R: New DoS attack
>
>
> > I saw a new ugly type of DoS attack this weekend.
> [mail goes on describing an attack performed using "Unreal
> Tournament" game
> servers as amplifiers]
>
> It's nothing near new I fear. "Quake FLOOD" is out in the
> wild since Quake
> appeared on the game scene, which was no more than 2 years
> ago, 3 perhaps.
>
> Problem is, connection request to a game server causes huge
> amounts of data
> to be generated and sent without check on a UDP (connectionless, then)
> transmission.
>
> Understanding that UDP is faster and necessary for game
> programmers, still I
> can't understand the lack of security. A simple "3-way
> handshaking" roughly
> reproduced by UDP method would stop all of this, right ?
>
> Just my .02 EUR (which is a little less than .02$ I fear)
>
> Stefano "Raistlin" Zanero
> System Administrator Gilda dei Giocatori in Rete
> public PGP key block at http://gioco.net/pgpkeys