[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NetQuake Protocol problem resulting in smurf like effect.

To: BUGTRAQ@NETSPACE.ORG
Subject: Re: NetQuake Protocol problem resulting in smurf like effect.
From: David Schwartz <davids@WEBMASTER.COM>
Date: Tue, 26 May 1998 14:41:26 -0400
Approved-By: aleph1@NATIONWIDE.NET
Reply-To: David Schwartz <davids@WEBMASTER.COM>
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>

    A rule for UDP based services is that until/unless you have in some
sense 'established a connection', you must not send 'a lot' more data to a
host than it has sent you. Until this rule is understood and enforced, we
will be seeing a lot more smurf-like 'magnification' attacks.

    DS

>* Through the NQ (NetQuake) Protocol it is possible to send a spoofed
>connect request packet to several <i.e 400 or so> NetQuake Servers.  This
>then will result in a flood of attempted "Connect" requests from the
>servers' end to the target machine whether that target machine carries a
>copy of Quake or not. This may be perceived in a similar way to smurf
>attack, although I'm told it requires far less bandwidth "and can be done
>from even a 14.4"

Prev by Date: ircii-pana (BitchX) 74p4 overflow - exploit/fix
Next by Date: Re: NetQuake Protocol problem resulting in smurf like effect.
Prev by thread: Re: NetQuake Protocol problem resulting in smurf like effect.
Next by thread: Re: NetQuake Protocol problem resulting in smurf like effect.
Index(es):
- Date
- Thread