DDoS - CoD?

Jeff Walter jeffw at he.net
Tue Sep 6 13:47:31 UTC 2011

Call of Duty is apparently using the same flawed protocol as Quake III 
servers, so you can think of it as an amplification attack.  (I wish I'd 
forgotten all about this stuff)

You send "\xff\xff\xff\xffgetstatus\n" in a UDP packet with a spoofed 
source, and the server responds with everything you see.  With decent 
amplification (15B -> ~500B) and the number of CoD servers in world you 
could very easily build up a sizable attack.

Jeff Walter
Network Engineer
Hurricane Electric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jeffw.vcf
Type: text/x-vcard
Size: 305 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110906/9e112816/attachment.vcf>

More information about the NANOG mailing list