Jump to content

Exploit in CoD4 (ddos) ?


sArAkUzZa

Recommended Posts

  • Replies 149
  • Created
  • Last Reply

I noticed 100% network usage about one hour ago.

 

I started new traffic capture using Microsoft Network Manager 3.4. I thought it was UDP flood to our server but i was mistaken. There was a huge UDP outgoing traffic from gameservers IP:port sources to different destination IP's with port 80.

 

This was solved by blocking UDP traffic to port 80 from all server IP's. Now its normal 30% network usage.

 

I believe this is what Omnigenus was talking about.

 

UPD: I guess the best practice is to deny all traffic and manually set all rules that are needed for game servers and other services. In Windows its a little more complicated to do but in Iptables in Linux is the perfect solution.

Link to comment
Share on other sites

Ok guys, here's a small fix i made...it well help you with this problem.

 

So, what is this all about?

I'll try to keep it short...

 

This fix will allow only one getstatus response per second, per IP.

 

So, if someone sends 100 getstatus queries to your server, in a single second, your CoD4 server will respond with a single serverstatus message.

 

So, if you do the basic math, your server will send just 1 kB/s instead of 100kB/sec...multiply that by the number of affected servers on your machines and by the number of possible simultaneous attacks....yeah :~

 

 

Now you're able to put a smile on your face :cool

 

 

==================== THE GOOD PART ====================

 

1. Download

 

2. Read the readme file

 

 

ZIP file includes my getstatus flood testing tool...

 

If your servers are vulnerable, like this random german server i tested this on, you'll get something like this:

CoD4_badtimes.jpg

 

If your server are protected, you'll get something like this:

CoD4_goodtimes.jpg

CoD4_Getstatus_Flood_Fix.zip

Link to comment
Share on other sites

Sorry, but i'll keep my coding for myself. Nothing personal, i just feel like i did enough already :smile:

 

My work on this is done and it's completely free...you can simply take it or leave it.

 

Feel free to look into Luigi Auriemma's Proxocket tool...it's opensource and you'll get the hang of it, if you know c.

If you don't, you wouldn't have any real use of my code anyway.

Link to comment
Share on other sites

  • 3 weeks later...

Well, as i said, this is a quick fix and it's not the final solution for this problem.

 

It helps a great deal, yes, but it's far from being perfect.

 

I have some new ideas and i'm working on them, but don't want to have gs performance trouble...if i finish it, i'll give you an update

Link to comment
Share on other sites

  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

  • Who's Online   0 Members, 0 Anonymous, 17 Guests (See full list)

    • There are no registered users currently online

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use