Arrgghhh.... This reminds me of the WebNFS attack. Which is why Sun aborted WebNFS's public launch, after I pointed it out during its Solaris 2.6 early access program.
Never run a volume-multiplying service on UDP if you can help it, exposed to the outside world, without serious in-band source verification. Amplification attacks are a classic easy DDOS win. -george On Tue, Sep 6, 2011 at 6:47 AM, Jeff Walter <je...@he.net> wrote: > Call of Duty is apparently using the same flawed protocol as Quake III > servers, so you can think of it as an amplification attack. (I wish I'd > forgotten all about this stuff) > > You send "\xff\xff\xff\xffgetstatus\n" in a UDP packet with a spoofed > source, and the server responds with everything you see. With decent > amplification (15B -> ~500B) and the number of CoD servers in world you > could very easily build up a sizable attack. > > -- > Jeff Walter > Network Engineer > Hurricane Electric > -- -george william herbert george.herb...@gmail.com
