Slashdot Mirror
Unreal Security Hole
Screaming Lunatic writes "There seems to be a big security hole in the Unreal engine that has been around for about 5 years. It affects servers for a number of games and operating systems, including Linux (which accounts for about 40% of UT2003 servers). Epic has been working on a patch for about 3 months. Imagine the bad publicity games would receive if a worm on the scale of Slammer had been created." A Bugtraq post from Thor Larholm of Pivx,
says that Marc Rein of Epic threatened PivX with "getting
our lawyers involved with this"; the TechTV article Larholm cites (the same one linked from this submission), however, contains no
mention of legal action. Rein nonetheless apologized for "those completely unfortunate comments" in a followup message to Bugtraq.
So, how long until we see the "Monster Kill" virus begin to make the rounds?
More at bluesnews.
and here i thought ut2k3 was just really good at killing time. does this mean we can all go up on terrorism charges now since we've used a device capable of bringing down network systems? =)
What If It Does Get Hit By A Worm Like Slammer? I'd have UT2003 withdrawls like a crackhead in rehab. Hurry up and patch it! But seriously, a hole thats been open for 5 years and just now been discovered and working on patching? C'mon Epic your not microsoft.
The flaw in a netshell is that if you have autodownload turned on, you don't know what you might get.
Well no shit.
So, there may be code in a level you get from a server. Whoopde doo, Basil. Do you autodownload and install browser plugins?
It's just a flaw in the complete system of downloading maps from untrusted servers. Turn AD off, get your maps from an archive you trust.
Slammer_Worm is on a killing spree!
Slammer_Worm is on rampage!
Slammer_Worm is dominating!
Slammer_Worm is unstoppable!
Slammer_Worm is Godlike!!!
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
Lots of software has security holes. Games are no different... the difference with games is that they are not targets. It's interesting that this one was spotted, but it's no real surprise.
The poster mentions Slammer. The difference between Slammer and this is that Slammer affected "mission critical" systems, and there are pretty easily demonstratable monetary losses attributed to that worm.
In the case of Unreal, there are not many (if any) businesses (or lives) depending on this software. Hypothetically, someone who hosts games for a fee would get some complaints from customers. But really, a lot of the people affected would be "home users". And, let's face it, home users (including those running Linux) are really vulnerable to all kinds of attacks. This is just a drop in the bucket...
Of course, it'd still suck to get fucked over by this security flaw (just like all the others).
Down with Saudi Arabia!!!
A.C.K.W PoStErS
- adv_pr.htm l
x t
a ction=v iewthread&threadid=39954
/ 0,24195, 3417248,00.html
- adv_pr.htm l
On February 5th, Luigi Auriemma of PivX Solutions released a tightly packed
advisory detailing multiple vulnerabilities in the Unreal network gaming
engine developed by Epic Games. These vulnerabilities affect both clients
and servers who are playing the plethora of games that are using the engine,
and has been readily exploitable for 5 years.
The press release:
http://www.pivx.com/press_releases/ueng
The advisory itself:
http://www.pivx.com/luigi/adv/ueng-adv.t
Following both industry and personal standards, PivX gave Epic Games a
duration of 30 days to (at the very least) respond to our private
notification to them. After nothing had happened during that month we
prepared to release the advisory, yet once the press asked Epic Games for
comments they were suddenly very responsive. Promises to work closely with
us on the vulnerability and advisory were made and we managed to hold down
the press for several months after this. 60 days passed after this, without
any collaberation, honest effort or actual contact from Epic Games.
We released the advisory after 90 days had passed from the original vendor
notification. 90 days, in which we were played like fools, in which Epic
Games had ample time and sufficient opportunity to react and work with us on
a coordinated release. 90 days in which Epic Games, from the best of our
comprehension, had archived our communications in the thrash, during which
we received no serious communication except for crisis handling at the
originally planned release time.
On February 6th, BluesNews (among many others) could cite a quote from Mark
Rein, Epic Games Vice President:
"I won't sugar coat this. We f***ed up on this. Yes this is real and yes
this was brought to our attention and yes we should have fixed it by now."
http://www.bluesnews.com/cgi-bin/board.pl?
On February 11th the tides have changed, and TechTV are reporting public
legal threats from that same person:
"This is slanderous," he says. "They've taken this too far. We're getting
our lawyers involved with this."
http://www.techtv.com/news/security/story
I fail to see how Mark Rein on one hand can publicly announce this to be a
real threat that they should have fixed earlier, and on the other hand can
announce the advisory to be false and malicious statements. There is no
slander or libel in any aspect of this, and the only imaginable outcome that
Mark Rein must have been aiming for by his declaration of layer involvement
is to silence future security research on Epic Games products through the
promise of unfounded barratry. As we know from precedents in the past, this
approach to security is counterproductive at best and encouraging for
underground security research at worst, and I can only hope for an official
retraction of this policy by Epic Games once other employees have had half a
minute to think about the implications and example that Mark Rein is setting
forth.
In the past, I have received better nonresponsive treatment by Microsoft
when their security handling was at its worst. Contrary to the vast
improvements that Microsoft has gone through over the last year and a half,
Epic Games did not even start to acknowledge the problem properly before a
full public disclosure had been made on February 5th.
I believe that Luigi, and all of PivX, has handled this issue in a
courteous, proffessional and ethical manner, and the uncoordinated release
that was its outcome stems from a direct result of a nonresponsive vendor
that at best is plainly ignorant and at worst acts directly against the best
interest and security of its own customers.
Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
Latest PivX research: Multi-Vendor Unreal Engine Advisory
http://www.pivx.com/press_releases/ueng
When you play CS, you're supporting terrorists!
"threatened PivX with "getting our lawyers involved with this""
No, let's not let the lawyers get involved. THey make enough per hour as it is - we don't need to pay anyone $250/hr to play Unreal Tournament for "case notes."
Wait.. then again, lawyers in Unreal Tournament games. Hrm. It could be an all-out fragfest on a level that nobody could have ever imagined before. I like that idea!
"I won't sugar coat this. We f***ed up on this. Yes this is real and yes this was brought to our attention and yes we should have fixed it by now."
:)
I get the feeling that I'll be in my cold, cold grave before Microsoft starts releasing statements like this
But seriously, it's nice to see a large company admitting it has "F***ed up".
--sex
Very popular slashdot journal for adul
Think about it. There are literally thousands of internet based applications in use every day, and they range from the obscure to the common on a wide variety of operating systems.
Just because your favorite (or even least favorite) app hasn't had a major hole found in it that doesn't mean it isn't there. You might be running a time-bomb on even the most secure of your systems and not even be aware.
Of course this is all obvious to anybody who has been online for a while.
It's been a question for years whether bug finders should go public with bug finds or contact the company directly as to the flaws and the extent of their risk. I think the Open Source community agrees that places like bugtraq and open forums are the best way to discuss holes and security risks. Although Mark Rein was a little over-reactive and zealous M$ and other companies should make more effort to help their users find bug reporting easy -- in an open environment. This would really speed up the patching process (the priority at least) as well as the overall quality of knowledge available to the users affected and the company whose product is at fault.
I think this adds some teeth to the popular notion that gamers, or at least the majority of them are, terrorists. Plain and simple. They are a threat to the security of the principles we hold dear in the United States of America, and the Right Honourable Prime Minister George Williamson Bush, Junior should consider binding legislation against anyone suspected of being in a gamer-terrorist cell.
A.C.K.W PoStErS
Thor,
I have sent your company an apology for those completely unfortunate
comments that I sincerely regret. We did provide an official statement
and I was not, at the time, aware that my verbal reaction, in a moment of
shock and surprise, was being captured for the article.
The comment was a complete over-reaction to seeing the list of games
including future games that have not yet been published. It had nothing
to do with the security issues themselves, the validity of the report, or
the way Pivx presented it to us. Pivx gave us more than fair enough
warning of the bugs and we simply failed to fix them in the allotted
time. We released a statement last week to the Unreal community
indicating that "we fucked up" in not addressing these concerns within
the given time and that we were already testing a patch with the security
issues corrected. In addition the official statement we gave pointed out
that we were fixing the holes and that the Pivx report was fair and
accurate. Licensees were already provided with the source code for the
security fixes.
Again this was a moment-of-stupidity reaction and I sincerely apologize
to Pivx and the entire security community. Epic has already stated that
we will take these matters far more seriously in the future.
Mark Rein,
Epic Games Inc.
Visit us at http://www.epicgames.com
Good. On. Mark. Rein.
He admitted that they screwed up. (or fucked up, as the case may be.) He lost it when pivx when public. Then he apologised for losing it, and admitted that pivx was entirely in the right.
This is about as much news as the bug itself. Not much.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
And you get modded as insightful... oh well.
that's why I've lost so many matches! Somebody is executing malicious code that screws up my aim and makes me play like crap.
I hate liberals. If you are a liberal, do not reply.
Servers out there. Simply create UDP packets and sent them to 10000 servers and they will all respond to the place you want to DoS. Games are no safer than any other piece of Internet connected piece of software.
This should definately get more attention now and in the future. The innocence of the internet is long dead (long live the king [of porn]).
Just like I've always said!! Windows is incredibly insecu.. ehh...
Um...oh. never mind.
teeker
Now they should make a movie, where some kid installs this on his dad's computer at work, and his dad just HAPPENS to be the scientist involved in working the computers that controls nuclear weapons, and they have to play unreal, and if they loose: the world will be destroyed, so they put the kid in some virtual reality suit so he can get inside the game and play for real and save the day. oh come on! its as good a plot as any other videogame based movie, think of that and really tell me honestly that wouldn't be the plot of any unreal movie that came out....
-You're wasting your time. Alfador only likes me.
Being a fairly regular UT2003 player I can honestly say there are not nearly as many servers out there as open MS SQL boxes. There are maybe a 1000 or so boxes at any one time running servers and the traffic is generally low.
Switching to Quake III.
:-(
Just when me and my friends were putting the finishing touches of our college residence Unrealy Tourny level
Patch it! Patch it quick, I have to snipe! A day without "M-mmmonster KILL" ringing in my ears, is a day not worth waking up for.
Saskboy's blog is good. 9 out of 10 dentists agree.
When you play CS, you're supporting terrorists!
And everybody knows smoking pot is as American as apple pie?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
GG
NEW MAP!!!!!!!!!!!!!!!!!!1111
GG EVARYBODY
ZEROSTUD IS A CHEATER
YEAH, I
OMFG UR TEH LAMER
SHUTUP, U CAMPING FAG
[FGP]-Killaz-X -0- LAG!
NO LAG U SUX
NO FUCK YOU
I GET 20 PING
U GUYS HERE ABOUT TEH SECURITY THING??!
GG
NEW MAP
LATZ, IM GONNA PLAY CS
FUCK YOU
KILLING SPREE
UR CHEATING
KICK HIM
STFU U LAMR, YUO SUK
VOTE ON NEW MAP
..when the only weapons you have are a pair of Enforcers.
Those damn guns are just too fantastic not to use. High rate of fire (when you have two), good accuracy, no splash damage to yourself in a fire fight, pretty dangerous if you can keep your cross hairs on your opponent's head.
Lobbing the Gravity Vortex or flying a Redeemer missile into a large bunch of players to get the M-Kill seems like cheating!
What's really amazing about this flaw is that GameSpy and it's ilk unwittingly offer thousands of IP addresses from which possible DOS attacks may originate. Part of running an Unreal server involves sending "heartbeats" to the master servers of your choice advertising your IP so that other players may easily connect.
No port scanning any IP ranges to determine what services available is needed.
That's like Microsoft providing a web page showing which IIS servers are still affected by code red and showing their IP's.
Praying for the end of your wide-awake nightmare.
Guns, rocket launchers, women: good
Worms, security holes, f'ing smiley face proxy mines, Microsoft: bad
mmmkay?
With all these knuckleheads with too much time on their hands, trying to find as many holes, exploits and bugs in commercial and os software... It's about time they finally started popping up in games and entertainment as well. I find it rather funny that this hasn't happened more often, but I suppose that if you were to break it down, people who are hardcore gamers are probably a fair bit more knowledgable about exploits and the like than your average sysadmin.
:)
(I'm serious! And you know it's true... even if you deny it!)
IT'S A TRAP!
[/Admiral Akbar]
It can't be real ;-)
that carmack left in there with an ip specified specifically from id software would allow complete control? Basically, the server watched for a packet from a specific server and would do anything it wanted.
Well after 2 years of unemployment, toqer is getting into the game house business. That's right, 40 computers T1, the works. I know that my users will be 10 times smarter than the average corporate user and 1/2 the age!
(dum bum bum)
Joking aside, from personal experience I say we're all doomed to open mouth insert foot once in a while, and Marc Rein is no exception. Before you disagree with me or mod me down, let me remind you all of what a *ASSET* epic has been to the gaming community.
Unreal is cross platform, no waiting, it was there pretty much day 1. You can play UT2003 on win or lin.
In regards to my future business, epic has THE BEST licensing compared to EA, Valve, Activision and blizzard, their license is basically "You buy it retail, go ahead and load it on your rental computer" The afformentioned companies want indefinite license fee's and Epic doesn't.
Despite home PC gaming being the best, I know the gamehouse community will grow because not everyone can afford 50 P4 3ghz with hyperthreading. As long as the gamehouses keep their technology ahead the the "home curve" they will become a dominating force for showcasing games, a marketing tool if you will. Epic understands this and wants to see this happen.
Epic has been good to the gaming community, and since Marc was grown up enough to apoligize, we should be grown up enough to forgive him.
Sorry I can't stop talking about the gamehouse thing....Since I know some dev's (Even Carmack at ID) read slash, hopefully if I get modded up enough they'll read this.
To: EA, Valve, Activision and blizzard
Your indefinite contracts suck. Gamehouses are Synonymous with arcades with one vital difference... You do not provide the actual hardware. The owner of the facility provides hardware at a HUGE cost. Try pricing a gamehouse built on Dells sometime and see, the monthly cost of lease / and or buy is crazy. Don't be cheap about it either, price all top of the line and see what you come up with.
The thing you guys don't see is that gamehouse could be the new retail outlet for your games. Licensing shmicening, send me a box of your product to sell on consignment, and I GUARANTEE I would sell out those boxes faster than any single fry's or compusa store. Just find 1 gamehouse to TRY it with as an experiment, see if you sell more.
Kudos, however, to Epic for later retracting it.
Not so much a sig as a lack of one.
If there's as many Unreal Servers as MS SQL servers and as many firewalls forwarding the ports, then something's just not right with the internet world...
Then again, many things are not right with the internet world [shrugs]
The past 15 years of life all in one.
It's called context. When Epic found out, they assigned a programmer to it. That guy screwed up. However, Epic isn't afraid of critiquing their own performance. Ever since the security error was widely publicized (about a week ago), Epic has been nothing less than forthcoming about the magnitude of the error.
It's a very understandable situation, one that's happened before even to good companies. They didn't try to cover it up, or call it a feature. They've just been working their pants off trying to get out a patch that fixes the problem w/o causing even more havoc.
its only a game so how long does it take to fix bug like this, for a game? It shouldn't take that long its not an operating system. Well I guess we can say that Microsoft isn't the only company with bugs left unfixed.
Frankly, if you're someone who routinely writes "ppl" in place of "people" you're already demonstrating such severe degeneration of health/brain that you may already be a lost cause.
Sooo...what I wanted to say is that I hope that someone f**k the game-servers up so badly that these trapped gamerz can see what life has to offer!
Might I suggest you take some of the same advice you give to these "gamerz" and check out what life has to offer. It appears to be passing you by.
"They do not preach that their god will rouse them, a little before the Nuts work loose." Kipling, 'The Sons of Martha'
It is likely that this whole f#ck up was caused by clueless middle people at Epic. Those that have no frigging clue about what security people do in situations like this. I am pretty sure they also could not be bothered to research the consequences of their silence.
Hopefully this story gets more publicity so that even the least informed ones get a clue that ignoring vulnerabilities is a BAD thing to do!!!
Did you RTFA (READ THE FUCKEN APOLOGY)?
I came across it when it came in my inbox from Bugtraq. Just try to imagine Steve Ballmer, in a very public forum literally saying "we fucked up". I thought it was one of the most amazing acts of humility I've ever seen from someone who is probably worth millions. Also, the TechTV article linked from the PivX letter citing "public legal threats"... ummm... doesn't contain any legal threats. I'm assuming that he made them on the air on TechTV.
Also, as Rein explained in his apology, his initial reaction was to the fact that PivX was implying that 4 games which were not even released yet were insecure; which is a conjecture on PivX's part, and which could potentially damage the sales of those games even if the holes were fixed. His initial reaction was that this was libel, and he was correct.
This conjecture was not properly disclosed in the original disclosure, which means if the developers for these games were to show that their code was in fact patched against these vulnerabilities, it is in fact libel.
And you get modded up to +5.... oh well.
Now I guess when someone says they '0wnz j00' they might really mean it. ;)
-- There was no way I was geting sniped in my fly hiding spot on the side of the Red Tower. I mean what Blue guy would even be looking there? Had to be a bug of some kind! --
This
Imagine the bad publicity games would receive if a worm on the scale of Slammer had been created.
I wouldn't mind seeing which bank used unreal servers in their ATMs :)
This not very different from the Gamespy vulnerability posted here about a month ago. This vulnerability also lets the attacker crash the server instead of just using it for a DDOS attack. What do you guys think it's more likely, that a script kiddie will use a l337 h4ck to try to DDOS yahoo, or taht he'll just try to take down every unreal server on the internet?
I just wonder if this was caused by a drunken programmer that decided that avioding a handshake would optimize the network code, or by just a network programmer that didn't even know what a handshake is. If this happened in my company I'd wish it was the former, not the latter.
...how lazy game manufacturers are now a days and how little they care about game issues until something like this happens.
Dolemite
Save the World! Use a Quote!
"Champaign of Beers"
Sounds like you drink Miller too.
If all you have is a hammer, everything looks like a nail.
Many moons ago I used to host a dedicated Unreal Tournament server named "Mr.Toad's Wild Ride". It was on a P3-550 running RedHat 6. The only Linux box in my cabinet, all the other servers were FreeBSD.
One day my network went to crap, and I found that the switch had been overloaded with bogus MAC addresses. Turns out someone had hacked the Unreal Tournament box and put a very nasty packet sniffer on it. (Thank the gods for ssh.)
I had always assumed it was just the default state of a RedHat 6 box that had been easily cracked.
-Chris
-- This sig is only a test. If this were a real sig it would say something witty. --
So funny because it's true.
I guess most Unreal tournament players are sub-adults.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Kazaa's next legal defense will be that their software is not a file-sharing service but really an instant messaging server with a security hole that can be exploited to give access to a user's hard drive.
Ergonomica Auctorita Illico!
what about the 'unlimited nukes' virus? Or the auto targeting lightning gun.
Do you need a website upgrade?
- Local and remote denial of service.
- Distributed denial of service (flooding remote computers with data packets to freeze it).
- Bounce attacks with spoofed UDP packets
This bit sounds an awful lot like the GameSpy reflection attack: you send them a forged UDP packet asking for some resource, they send out 400 times as much data to the poor bloke whose IP you put on it. Rinse, lather, repeat and you have yourself a pretty big DRDOS (not the guys MS killed, rather a Distributed Reflection Denial Of Service).
I hereby place the above post in the public domain.
Coutesy of Google Groups
If you really want to be paranoid, you can run a server inside a User Mode Linux VM which is only a little slower than a real box (only the system calls are emulated, not the instructions) and iptables on all IP connections into and out of the box.
It wouldn't solve every problem, but it would reduce the ill-effects of most worms.
Actually, I'm Frank and I am sick and tired of people wanting to be me :)
Progress is man's ability to complicate simplicity!
Way back in the days of Quake 1, there was a problem with Quake 1 servers--if you sent a spoofed connect packet (20 bytes) to them, they would response with like 5000 bytes to the source address.. this is a case where it magnifies amount of traffic from the original source. There was a program called quakewar that exploited this. They fixed this for QuakeWorld, Quake2, 3, and all games based off these (Half-Life is based off QuakeWorld and Quake).. basically instead of responding with all the information necessary for the client to get in sync with the server, they send back a random number (a string actually about 8 bytes) that the connecting client must in turn send back. If the server never receives this, it won't proceed to send lots of data to the source address. I did a bit of stuff with a simple quakeworld proxy before so I'm sure about how this handshaking happens for Quake protocol games. Sure you can get all 10000 Half-Life servers to response to someone, but it won't be much more data than you could send out yourself. I assume the Unreal problem is that it doesn't do this little handshaking to make sure the source is real.
I'm very disappointed that many ISVs only get serious about security when someone rats to the press. As a member of the press, I'm all for it :) but it's still disappointing.
Rather like those investigative shows on TV which examine cases of customers getting raw deals, often for years, from vendors/shops/etc. But when the journos arrive, they're all smiles and terribly-sorry-we'll-make-it-all-better, paying off that one customer and still ignoring the many who are still being screwed the same way.
Why does it have to get to the stage of negative publicity before firms get a clue about customer service? Commercial reasons, obviously - customer care is overhead - but it's still sad.
...HOLY SHIT!
Which I suppose is what people would have been saying if a major exploit was ever created/and spread to their machine.
Are you local? There's nothing for you here!
A first security patch solving the main issues has been released to the liscensees about a week ago. The second one was released yesterday and solves most other issues.
It's been around for a long time but as far as I know this security issue hasn't been abused yet.
Of course the fact that Epic released patches doesn't mean that all the games using Unreal have been patched yet.
One of the exploits allows you to run your own code on the machine running an unreal engined game. It should be possible to exploit this bug on the xbox with Unreal Championship, too. That would a way to run unsigned code on a unmoddified xbox. Unreal Championship would be something like a boot cd for linux.
As far as I know Xbox games are running at Ring 0 for speed reasons, so it should be possible to get complete control over the xbox and run Linux or other code without a modchip. Other networked games could have similiar problems, so that scheme could work with other networked games too.
Jan
And why are you saying I am in shitty company? I'm not a website adminstrator you fucking moron.
I hate liberals. If you are a liberal, do not reply.
Saying there isn't going to be a lawsuit
Figure I'd toss in my 1/50 of a Euro at current exchange rates.
"The Sage treasures Unity and measures all things by it" - Lao Tzu
The one reason I was hesitant to play Unreal Tournament on the web was because there seems to be no way to stop it from automatically downloading new maps.
I routinely scan all my downloads if I'm not familiar with the server.
A goal is a dream with a deadline
Ill know better next time.
I don't know anyone who plays CS without grass ;)
Date: November 26, 2002
r ibes 2
Released: January 16, 2002
Version: All up to current.
Bug: Server status port replies to spoofed UDP packets
with large amount of data.
Affected Games:
Quake
Quake 2
Q3: Arena
Half-Life
Counter-Strike
Sin
Soldier of Fortune
Daikatana
Unreal Tourn.
Quakeworld
Unreal
Rune
Gore
Tribes
T
Serious Sam
Serious Sam 2
CC: Renegade
Global Operations
Jedi Knight 2
Battlefield 1942
America's Army
Unreal Tournament 2003
Return to Castle Wolfenstein
Medal of Honour Allied Assault
SoF2 Double Helix
SoF2 Double Helix Demo
Alien vs Predator 2
NeverWinter Nights
V8 Supercar Challenge
UDP is a connectionless protocol of which the source ip and port can easily be spoofed. If you've read the introduction, you can probably
see where I'm going with this.
The BF1942 status port will reply an amazing amount of requests, and although I have only personally tested this to 50 kbytes/sec, I
dont see any reason why you couldn't go even higher.
When these requests are received, the reply is sent to the source host which, in this case, we have spoofed. This causes a huge packet flood
to your victim, therefore you now have your DoS.
When tested, a single upstream of 4 k/s to the BF1942 server yielded over 550 k/s being sent to the victim host. When the victim's host
receives these packets on a UDP port which is open (commonly found to be 135 (MS/DCE RPC), 53 (DNS), and so on), the downstream to that connection will be flooded. If you sent to an unreachable port on the victim's host, the victim's stack will respond with "Unreachable"
responses which will also flood their upstream.
A personal firewall will such as ZoneAlarm will not prevent this DoS, as it is simply a flood of information being sent directly to the victim's computer. To stop this DoS from reaching the victim, the port you specify would have to be blocked before reaching their system. Ports you would find particularly useless would be ones that are commonly blocked by ISPs before reaching the customers: (139/NetBIOS, and so on). A firewall will only prevent the victim from responding with ICMP Unreachable packets.
* Packets can be sent steadily, no wait time needed for refresh.
This is an attack that can easily flood any system slower than the game server, and do it anonymously because the UDP packet source is spoofed to that of the victim. This is very similar to the "smurf" attack that was used in the late 20th century. =)
The attack does not only affect the bandwidth of the host and the victim, but it also tends to eat up a nice chunk of memory and CPU power on the server.
This low amount of required upstream would allow a simple modem user to send a hefty DoS to a T1 or higher.
Due to the fact that Battlefield 1942 servers tend to require a lot of bandwidth to operate, you are very likely to find that nearly any server will have more than enough bandwidth to handle the task. EA has many of their servers hosted on OC3 lines.
In many ways, this exceeds the severity of the smurf attack method.
Example theory of risk:
T1 (1.54 mbps) FULL DoS:
1 server needed @ ~220 k/s or more (a 20 player server will do).
1 - 2 k/s* upstream needed from attacker (~14.4 baud modem)
A single user dialed up at 14,400 bps can topple a T1.
A single dial-up at 56k (31.2kbit up) could DoS 2 T1s at a time.
Worst of all Proof-of-concept code is at the wild =/
More information at Securityfocus. This is the remote exploit which seems to be a UDP amplifier.
If all ISPs actively put in anti-spoofing filters on all their routers then this type of denial of service attack could be greatly reduced as blackhats would only be able to spoof IPs & UDP services to their own segments.
But no, most ISPs probably take a router out of the box, type a few commands and take it into production.