Multi-vendor Game Server (GameSpy) DDoS Attack

← Back to Stories (view on slashdot.org)

Multi-vendor Game Server (GameSpy) DDoS Attack

Posted by Hemos on Sunday January 19, 2003 @06:30AM from the how-many-games-do-you-have dept.

w4rl5ck writes "PivX has this security advisory about DDoS attacks using a single modem line and some game servers (i.e. Counter Strike, QuakeX, Battlefield 1942 - in short, those supporting GameSpy). Works via spoofed udp packages querying the server stats, and because udp is connectionless, the server simply answers - to the spoofed address, of course. Funny thing, isn't it? (originally found on heise.de)"

5 of 188 comments (clear)

Min score:

Reason:

Sort:

Even if it is connectionless.. by grub · 2003-01-19 06:37 · Score: 5, Informative

.. it wouldn't be hard to put in some sort of verification to ensure the packets are getting to an appropriate destination. Witness NFS.

--
Trolling is a art,
1. Re:Even if it is connectionless.. by Yokaze · 2003-01-19 06:58 · Score: 3, Informative
  
  It would be and it is.
  
  Connectionless is on the connection layer. This doesn't mean, that the application can't be stateful.
  HTTP is a stateless protocol, still you are surfing just this moment a stateful website.
  
  --
  "Between strong and weak, between rich and poor [...], it is freedom which oppresses and the law which sets free"
2. Re:Even if it is connectionless.. by The+Raven · 2003-01-19 11:13 · Score: 3, Informative
  
  WTF do they do that, anyway?
  Because a program that queries thousands of servers would take HOURS to query them all if it had to negotiate a connection, query, then break down the connection for EVERY SINGLE ONE of the servers it queries.
  
  It's not uncommon for me to query 20 thousand servers in a few minutes. Doing this with a stateful method would take over an hour. Imagine downloading 20 thousand 500 byte images from 20 thousand web servers. With a well written program, you should be able to do 20 a second... IF you have Windows NT (or derivatives, like 2000 or XP) or Linux. Windows 9x wouldn't be able to do more than 3 or 4, because it can't handle the massive number of TCP connections that NT can.
  
  Using UDP, on Windows 9x or NT or Linux, I can query 100-200 servers per second.
  
  The advantages of a connectionless protocol are clear. Yes, we may need to consider an alternative, but don't bash them for stupidity when you don't know the first thing about what you're talking about.
  
  --
  "I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
Re:What did we always say.. by Anonymous Coward · 2003-01-19 06:45 · Score: 3, Informative

As much as I love the All Seeing Eye and I hate Gamespy, the problem exists in the games themselves, any games that support Gamespy. Next time read the article.
Comment removed by account_deleted · 2003-01-19 06:49 · Score: 4, Informative

Comment removed based on user account deletion