Call of Duty 2 DoS Exploit?

[Brett]

I noticed we had a huge outbound spike of traffic tonight on one of our machines, and it has happened a few other times on the same machine. The customer complaining of the issue has a COD2 server, and seems to be the one being affected the most by this.

 

It feels very similar to when we had some of our un-patched COD4 servers a while back being used as DDoS zombies.

 

Is there any sort of exploit in COD2 of this nature? I didn't see any patches from Aluigi that seemed to fix that type of exploit, but would like to get to the bottom of this.

[omnigenus]

Yeah...same as cod4

http://clientforums.tcadmin.com/showpost.php?p=62111&postcount=91

 

There's a huge DDoS attack on Spamhaus ATM...it started around 10PM CET last night and it's still going on... our incoming traffic is HUGE.

 

Well, at least no packages of ours hit Spamhaus

[asphyx]

write iptables.

 

set the rules in the conf folder:

 

iptables-save > iptables.conf

 

open saved rules iptables.conf and copy that from me : change server and ports and type :

 

iptables -F

 

then restore :

iptables-restore < iptables.conf

 

-A OUTPUT -p UDP -m length --length 1162:1168 -j DROP
-A FORWARD -p UDP -m length --length 1162:1168 -j DROP
-A INPUT -p UDP -m length --length 1162:1168 -j DROP
-A INPUT -p UDP -m length --length 42 -m recent --set --name getstatus_cod
-A INPUT -p UDP -m string --algo bm --string "getstatus" -m recent --update --seconds 1 --hitcount 20 --name getstatus_cod -j DROP 

 

FINISHED! No Spam anymore!

[Brett]

Thank you guys, that fix you linked to Omni worked perfectly.

 

We are seeing one of our machines still being used for attacks though. Unfortunately we have multiple servers on the IP's in question. Are any of these games (Unreal Tournament 99, MOHAA, SOF2, Urban Terror, MW3, or BF2) exploited in the same way as COD?

[ViolentCrimes]

UT has some for Quakewars engine not sure which one that is.