OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Tom (tomlemuria.org)
Date: Fri Jul 05 2002 - 02:36:27 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    > 2) Bug
    > The UDP is a connection-less protocol so is "normal" that it is
    > insecure, but UT don't do any control about the packets that it
    > receives!

    This is almost identical to a method I developed in May using Q3
    servers, and where I mention that Halflife, UT and possibly other
    similiar game servers are subject to the very same problem.

    I wrote a short paper about the method of this and posted it on my
    webpage:

    http://web.lemuria.org/security/

    With the game servers, the impact is limited, as I detail in the paper.
    You can't take down yahoo or /. with it, but it's more than enough to
    blow any dial-up user or small business (T1 or so) off the net. 

    -- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tomlemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5