DDoS - CoD? - Activision contact
jeffw at he.net
Wed Sep 7 15:35:03 UTC 2011
On 9/6/2011 6:02 AM, BH wrote:
> Looking around, I believe the issue is that the IP has ended up on a
> master game list, so we are now getting the queries directed at US.
Having written multiple versions of a Quake III master server (again,
much self-hate) I pulled one of my old master query scripts out of
mothballs and checked. You are not listed on the CoD4 master server
(assuming you did not alter the UDP frames you originally posted). If
you were you would be seeing "getInfo" and "getStatus" queries, but
you're not. You're seeing the "getInfoResponse" and "getStatusResponse"
packets from a server which is listed on the master server. This is an
attack, nothing sinister is happening.
Your best bet is to filter all UDP traffic except for what you need (DNS
comes to mind). You might also want to get in contact with
killkuter at hotmail.com and encourage them to install the previously
mentioned patched server executable to prevent their server from being
used as an attack amplifier.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 314 bytes
Desc: not available
More information about the NANOG