A story on The Register
announces that "GameSpy could let crackers mount network DDoS attacks"
(thanks argent). According to the story a patch is on the way to address the
problem, which is described here:
The vulnerability, which affects many
games across Windows and *nix server platforms, is based upon spoofed UDP
requests, as an advisory
by security research outfit PivX Solutions (which made public its research
yesterday) explains.
Affected applications include Battlefield 1942 Server, Quake, Quake 2, Q3: Arena
& Team Arena, Half-Life, Counter-Strike, Unreal Tournament 2003, and Return
to Castle Wolfenstein... and more, according to the alert.
"As a basic rule of thumb, if it supports GameSpy, it will likely be
vulnerable," said Mike Kristovich, a security researcher for PivX
Solutions, who first identified the vulnerability.
 |
9. |
wow |
Jan 17, 2003, 16:04 |
Retrac |
|
After reading the pivX page, I am completely suprised by their lack of reagrd on posting the sample code. Having it out there like that is just inviting script kiddies out there to crash servers like mad.
I know it is a simple c program to create udp packets. But I think most people wouldnt go through the hassle to create it from scratch. But when it is done already with a nice user interface like that. Just too tempting in my mind. I think we'll be seeing some patches come through here fairly quickly now.
Later
|
|
|
|
|
 |
|
|
|
|
Date |
Subject |
Author |
|
1. |
Jan 17, 15:05 |
The Register |
Creole Ned |
|
2. |
Jan 17, 15:20 |
Re: The Register |
argent |
|
21. |
Jan 18, 09:30 |
Re: The Register |
me |
|
3. |
Jan 17, 15:30 |
Nothing to do with Gamespy |
a big hairy spider |
|
7. |
Jan 17, 15:48 |
Re: Nothing to do with Gamespy |
argent |
|
16. |
Jan 17, 19:03 |
Re: Nothing to do with Gamespy |
fds |
|
4. |
Jan 17, 15:35 |
Does this mean... |
Schnapple |
|
5. |
Jan 17, 15:45 |
Re: Does this mean... |
argent |
|
6. |
Jan 17, 15:46 |
Little help... |
Sparrow |
|
8. |
Jan 17, 15:57 |
Re: Little help... |
Retrac |
>> |
9. |
Jan 17, 16:04 |
wow |
Retrac |
|
11. |
Jan 17, 16:15 |
Re: wow |
nin |
|
12. |
Jan 17, 16:33 |
Re: wow |
Elder_MMHS |
|
13. |
Jan 17, 17:45 |
Re: wow |
argent |
|
15. |
Jan 17, 19:01 |
Re: wow |
fds |
|
17. |
Jan 17, 21:14 |
Re: wow |
Tungsten |
|
18. |
Jan 17, 21:58 |
Re: wow |
argent |
|
10. |
Jan 17, 16:12 |
Re: Little help... |
Mashiki Amiketo |
|
14. |
Jan 17, 18:54 |
some tidbits |
fds |
|
19. |
Jan 17, 23:32 |
Easy fix, lazy developers |
gunther |
|
23. |
Jan 18, 22:30 |
Not so easy fix. |
LittleFlower |
|
20. |
Jan 18, 09:25 |
GameSpy isn't at fault. |
FRAGaLOT |
|
22. |
Jan 18, 09:42 |
Re: GameSpy isn't at fault. |
fds |
|
24. |
Jan 19, 13:19 |
Re: GameSpy isn't at fault. |
FRAGaLOT |
|
|