Pussnboots, on 24 January 2012 - 12:15 AM, said:
Also, more importantly, I would like to know the PORTS of the servers being affected. It's possible that only the 27*** range is affected. Please post what you got if you have been affected! :D
the attack works with any port. all it does is query the q3a master server and other known master servers that run q3a protocols such as cod2, takes the entire list of the IP:Port and sends a getstatus query request with a spoofed source address so that the thousands upon thousands of servers respond to the same IP address with the status data, saturating the victims inbound bandwidth. typical DDoS but using a exploint found in a game rather than infecting peoples pc's with a virus.
for each getstatus packet the attacker only needs to send arround ~50bytes and in return the server will respond with ~500bytes of information (more if you have extra cvars, or info vars compared to standard build).
now for every 50bytes of bandwidth the attacker has he can increase his attack 10 fold if not more. The reason why this is a great security risk is because the potential is out for the attacker to get his hands on a few VPS server (even one would do) with multiple 100-1000mbit connections for spare pocket change for a whole month.
if the attacker had 100mbit connection thats 5000Mbits of DDoS bandwidth that can be produced (more than enough to take out most websites even with backup servers)
its also enough to take down a lot of game servers at once (specially with all the home server out there)
God forbid if the attack should get a 1Gbit line. When people ask how serious this problem is, all the need to do is look at their logs to see some of the victims that are being attacked, This is why I am angry at companies such as gameservers.com refusing to compile their own damn executable (it takes less than 3 mins to do and probably less than 1 to deploy)
even if all the urban terror servers are patched, its still a small puzzle piece it in the bigger picture, there is only ~1500 servers in this game, its the companies like gamerservers.com hosting tens of thousands of call of duty servers and other gametypes that NEED to do something about this to really resolve this issue.