[8373] in bugtraq
Quake problem?
daemon@ATHENA.MIT.EDU (mj@SMACKDADDY.NET)
Tue Nov 3 17:22:37 1998
Date: Sun, 1 Nov 1998 12:48:42 -0500
Reply-To: mj@SMACKDADDY.NET
From: mj@SMACKDADDY.NET
To: BUGTRAQ@NETSPACE.ORG
I apoligize in advance if this seems unimportant or if anything resembling
this was ever posted in the past. I looked through the archive and came
across nothing.
In playing with a friend of mine's code (dcd3 by Volatile) and combing
through the bugtraq archives...i came across something that i found
interesting. In May of this year, Ambrose Feinstein said...
"actually, using the attack on yourself for the same set of servers would
work too; if a netquake server gets a connection from an ip already
connected, even on a different port, it drops both."
Assuming this is correct, what stops anyone running a variation of unix to
send a spoofed packet to the quake server of anyone they dont like and
having the quake server drop both connections?
This would cause that person pinging 300+ and getting wooped by the person
from the edu pinging 130 to have full control over whether the person
could play or not. Just a thought....Lemme know if anyone can produce
this with some success.
Mike
mj@efnet
MyDesktop Networks - http://www.mydesktop.com
