[ioquake3] DDOS attack on ioquake servers

RawShark rawshark at altfire.com
Thu Jan 12 02:59:02 PST 2012


I have come across the following scenario:

Your Quake 3 or ioquake3 server may be being used for a Distributed
Reflection Denial of Service attack if attackers spoofs some packets (with
target server ip) and asks gameserver to send all server information (about
2k of data). Gameserver sends all server information (500k of data).
Attacker repeats for thousands of gameservers.

Is it possible to have ioquake3 detect and avoid this kind of attack? This
exploit is around several years and raises its head now and then. There is
one of these attacks happening right now across (potentially) thousands of
quake 3 servers, targeting several webservers (install and run iftop on
your Linux server. Note the amount of outgoing traffic is incredibly high
on port 27960 if your server is being used in the attack).

I'd like to hear what people think about this. We have shut down our server
to avoid the IP being blacklisted until a solution presents itself. I'm
thinking ioquake3 should be patched in some way to detect this exploit? I
can't really think of any combination of firewall rules to avoid the attack
and keep the game server active.

RawShark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ioquake.org/pipermail/ioquake3-ioquake.org/attachments/20120112/c9091f76/attachment.htm>


More information about the ioquake3 mailing list