Jump to content

COD GetStatus() Exploit Packet Structure


Brett

Recommended Posts

Hey guys,

 

With a huge amount of activity on this exploit lately, I had to take quite a bit of time going around and patching all the servers we had running that had been setup prior to the patch being pre-installed.

 

We (and quite a few others) are still falling victim to it though, from various sources which do not have their servers patched. I plan to write a small tool that hooks into Winsock and drops all GetStatus() replies (since hosting machines should only be getting requests).

 

Would anyone who has been running Wireshark or similar tools and has been hit by this exploit be able to provide me with the packet structure? Having both the packet structure for replies and requests would be great, but I really only need that of the replies to log and drop the packets.

 

Obviously not a permanent fix, especially when multiple are being used, but will at least help with the smaller attacks and make logging easier than Wireshark.

Link to comment
Share on other sites

If you're getting bombarded with status responses (DDoSed) there's really no point in filtering that traffic as even a smaller DDoS will put your router/firewall to the test...

 

But if you really want to do it, CoD status responses are easy to filter out as they all start with '????statusResponse' (FF FF FF FF 73 74 61 74 75 73 52 65 73 70 6F 6E 73 65)

 

Like this example:

????statusResponse.\fs_game\PAMD_105\g_antilag\0\g_gametype\sd\g_needpass\1\gamename\Call of Duty 2\mapname\mp_burgundy\protocol\118\scr_friendlyfire\1\scr_killcam\0\shortversion\1.3\sv_allowAnonymous\0\sv_floodProtect\1\sv_hostname\My server\sv_maxclients\12\sv_maxPing....

 

So, simply search all packets for statusResponse string (FF FF FF FF 73 74 61 74 75 73 52 65 73 70 6F 6E 73 65).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Who's Online   0 Members, 0 Anonymous, 7 Guests (See full list)

    • There are no registered users currently online
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use