Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google Log In with Steam Sign In
  • Create Account
Photo

[DDoS using Q3 protocol vulnerability, not mod related or backdoor] BackDoor Exploit?

- - - - -

  • Please log in to reply
6 replies to this topic

#1
OFFLINE   Th3On3

Th3On3

    Newbie

  • Members
  • Pip
  • 2 posts
0
Unknown
Sorry guys; I know its outdated; but why update something that runs great? Well recently having alot of problems; lag and such; was told by Host DoS attacks and actually it was reported; that there are built in exploints aka back doors into silent mod; by the dev taht allows the server to be used to hack others.

I need someone from the DEV team to contact me if you can please and i will provide all the information I have; I am going to update to 3.3 however I hope this is not the same problem. Thanks

#2
OFFLINE   hellreturn

hellreturn

    Management

  • Management
  • PipPipPipPip
  • 2693 posts
158
On the road to fame
Hello,

What you are talking about is 'getstatu's exploit. There are no exploits in 0.3.3. getstatus exploit is not mod exploit but ET exploit.

What is your server OS?

Thanks

#3
OFFLINE   gaoesa

gaoesa

    Advanced Member

  • Management
  • PipPipPipPip
  • 4391 posts
341
Will become famous
  • LocationFinland
The same getstatus problem is in the engine and concerns every server with any mod. Even any Quake3 engine based game to be exact. There are no backdoors or exploits made by us.

Fortunately, there are fixes for the getstatus engine exploit.
http://www.splashdam...tstatus-exploit

#4
OFFLINE   Th3On3

Th3On3

    Newbie

  • Members
  • Pip
  • 2 posts
0
Unknown
I will pass it along; however when in ETMAIN it has no traffic; but when in Silent it has 100 connections; and no on is on the server

#5
OFFLINE   gaoesa

gaoesa

    Advanced Member

  • Management
  • PipPipPipPip
  • 4391 posts
341
Will become famous
  • LocationFinland
Possibly the DoS attacker has not configured the attack to search for etmain servers. Or, when the test with etmain was made, the server was not configured to announce it to the ET master list.

The basic problem with the attack is that the engine uses UDP. The attacker creates a simple UDP packet in which he spoofs the source address which is the DoS target. Then the attack keeps sending these getstatus packets, which involve no handshaking, to the server as fast as possible and the server keeps sending the target loads of data in the form of getstatus responses. A single response has a significant size as it includes a lot of information of the server.

There are always some amount of querys happening to the server as soon as it is public. Different game trackers query the master server for the server list and then query all the servers, usually with slow interval. Also, all the possible joining players will query the server. So there is never a moment when there is noone querying. But the amount of an attacker is usually a huge amount of querys.

#6
OFFLINE   hellreturn

hellreturn

    Management

  • Management
  • PipPipPipPip
  • 2693 posts
158
On the road to fame

I will pass it along; however when in ETMAIN it has no traffic; but when in Silent it has 100 connections; and no on is on the server


It could have 100 or even 300 or even more... it has nothing to do with silent mod. It's simple Enemy Territory, Quake 3 engine exploit.

Since I know your host, I have applied the getstatus DDoS patch on your server.

#7
OFFLINE   Zer0o0

Zer0o0

    Member

  • Members
  • PipPip
  • 16 posts
5
A step in the right direction
youre talking about the patch from dutchmeat??
Im using this script to ban temporaly the ips http://wolffiles.de/...posts-44-p5#523 (the getstaus_ban V1.5 from oldman)
Hope it helps you!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users