I have come across the following scenario: Your Quake 3 or ioquake3 server may be being used for a Distributed Reflection Denial of Service attack if attackers spoofs some packets (with target server ip) and asks gameserver to send all server information (about 2k of data). Gameserver sends all server information (500k of data). Attacker repeats for thousands of gameservers.
Is it possible to have ioquake3 detect and avoid this kind of attack? This exploit is around several years and raises its head now and then. There is one of these attacks happening right now across (potentially) thousands of quake 3 servers, targeting several webservers (install and run iftop on your Linux server. Note the amount of outgoing traffic is incredibly high on port 27960 if your server is being used in the attack). I'd like to hear what people think about this. We have shut down our server to avoid the IP being blacklisted until a solution presents itself. I'm thinking ioquake3 should be patched in some way to detect this exploit? I can't really think of any combination of firewall rules to avoid the attack and keep the game server active. RawShark
_______________________________________________ ioquake3 mailing list ioquake3@lists.ioquake.org http://lists.ioquake.org/listinfo.cgi/ioquake3-ioquake.org By sending this message I agree to love ioquake3 and libsdl.
