Advertisement

DoS in multiplayer games

Started by June 20, 2000 06:58 AM
-1 comments, last by Nurgle 24 years, 5 months ago
A recent topic on the vunl-dev mailing list has been about game servers being used as DoS amplifiers (in the same way that smurf works). I thought the ppl here might be interested in what is being said:
quote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Booth wrote: [...] > Game client makes tcp connection to server and requests to join the > game. > Server responds (as part of the same tcp session) with a unique token, > remembers it and the clients IP then signs off. > Client initiates normal UDP game connection including the token in > every datagram. > Server silently ignores all incoming datagrams where there isnt a valid > token that matches up with the IP address the datagram claims to come > from. This thread was originally about the use of game servers as traffic amplifiers for smurf-type DoS attacks. The problem is that a game server can be tricked into sending relatively large amounts of data in response to a blindly spoofed request to join the game, thereby flooding the spoofed address. It seems to me that your suggested protocol would indeed solve the problem, but I think it''s overkill. The same result is achieved by having the server reply to the initial contact attempt with a packet containing essentially nothing but the token. After that, continue like you propose. Much simpler and cleaner, IMHO. Taneli Huuskonen -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBOU8Zf1+t0CYLfLaVEQI0/wCeMskkhh15C5RP0xv5SYn4l5RWPUoAoNXE MKROy4DS5n5C7ITAS3fo6nuw =4BsF -----END PGP SIGNATURE----- -- I don''t / All messages will be PGP signed, / Fight for your right to speak for / encrypted mail preferred. Keys: / use sealed envelopes. the Uni. / http://www.helsinki.fi/~huuskone/ / http://www.gilc.org/
Mark Collins (aka Nurgle) me@thisisnurgle.org.uk

After careful deliberation, I have come to the conclusion that Nazrix is not cool. I am sorry for any inconvienience my previous mistake may have caused. We now return you to the original programming

This topic is closed to new replies.

Advertisement