Multiplayer game servers that let players attack each other in virtual worlds could be the latest tool for online scofflaws to digitally attack other computers on the Internet, according to a security firm.
In an advisory posted to the company's website, security consultancy PivX Solutions stated that popular multiplayer games that have servers supporting the GameSpy network - such as "Quake 3: Arena," "Unreal Tournament 2003" and "Battlefield 1942" - could be used to magnify a denial-of-service attack, in some cases by as much as 400 times.
"This attack will go right through a lot of firewalls right now," said Geoff Shively, chief technical officer for the company. "A single server can theoretically produce enough data to flood a T-1 (connection, or 1.5 Mbps)."
The flaw occurs because servers that include the GameSpy networking code automatically send responses to queries for status information and don't verify the sender's address. An attacker can just ask the server for the information, but forge the data so that the packets appear to come from a fake address. When the game server responds, the large amount of information sent in reply goes to the target of the attack instead.
Other games that PivX believes are vulnerable are "Quake," "Quake 2," "Half-Life," "Tribes," "Return to Castle Wolfenstein," "Medal of Honour: Allied Assault," "NeverWinter Nights," and "America's Army." Versions of the game servers that are released on the Linux platform are affected as well.
Harnessing this power?
this is the reason large corporations block/prohibit SSL, IM, gaming ports - it adds to potential attacks behind the firewall. So, they follow a simple theory - Block Everything.
It doesn't have to be an attack, but lazy employees say, visiting youtube or NFLvideo sites 15 or 20 people at a time (like the playoff or world series) can lag a corporate network enough to degrade it - we see it all the time at the hospital.
DNR
It doesn't have to be an attack, but lazy employees say, visiting youtube or NFLvideo sites 15 or 20 people at a time (like the playoff or world series) can lag a corporate network enough to degrade it - we see it all the time at the hospital.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
-
ebrizzlez
- Kage
- Posts: 732
- Joined: 31 Mar 2007, 16:00
- 17
- Location: Hidden in a Buffer Protection.
- Contact:
Most game servers, if not all implement the UDP protocol.
What UDP does is just blast a bunch of packets without acknowledge of them in return unless the programmer specified to wait for an Ack packet to return. But this is why most games you experience that awesome lag such as Quake 3, because its just blasting a bunch of packets hoping the remote address location is receiving all the packets in the right order, and with UDP, this isn't so true.
But hmm... *starts setting up Half-Life server. *
What UDP does is just blast a bunch of packets without acknowledge of them in return unless the programmer specified to wait for an Ack packet to return. But this is why most games you experience that awesome lag such as Quake 3, because its just blasting a bunch of packets hoping the remote address location is receiving all the packets in the right order, and with UDP, this isn't so true.
But hmm... *starts setting up Half-Life server. *
[img]http://i81.photobucket.com/albums/j205/ebrizzlez/4lsint1.jpg[/img]