[6829] in bugtraq
Re: NetQuake Protocol problem resulting in smurf like effect.
daemon@ATHENA.MIT.EDU (David Schwartz)
Tue May 26 18:06:36 1998
Date: Tue, 26 May 1998 14:41:26 -0400
Reply-To: David Schwartz <davids@WEBMASTER.COM>
From: David Schwartz <davids@WEBMASTER.COM>
X-To: Q <q@LESTAT.GNU.NET>
To: BUGTRAQ@NETSPACE.ORG
A rule for UDP based services is that until/unless you have in some
sense 'established a connection', you must not send 'a lot' more data to a
host than it has sent you. Until this rule is understood and enforced, we
will be seeing a lot more smurf-like 'magnification' attacks.
DS
>* Through the NQ (NetQuake) Protocol it is possible to send a spoofed
>connect request packet to several <i.e 400 or so> NetQuake Servers. This
>then will result in a flood of attempted "Connect" requests from the
>servers' end to the target machine whether that target machine carries a
>copy of Quake or not. This may be perceived in a similar way to smurf
>attack, although I'm told it requires far less bandwidth "and can be done
>from even a 14.4"
