Jump to content

[DDoS using Q3 protocol vulnerability, not mod related or backdoor] BackDoor Exploit?


Th3On3

Recommended Posts

Sorry guys; I know its outdated; but why update something that runs great? Well recently having alot of problems; lag and such; was told by Host DoS attacks and actually it was reported; that there are built in exploints aka back doors into silent mod; by the dev taht allows the server to be used to hack others.

 

I need someone from the DEV team to contact me if you can please and i will provide all the information I have; I am going to update to 3.3 however I hope this is not the same problem. Thanks

Link to comment
Share on other sites

  • Management

The same getstatus problem is in the engine and concerns every server with any mod. Even any Quake3 engine based game to be exact. There are no backdoors or exploits made by us.

 

Fortunately, there are fixes for the getstatus engine exploit.

http://www.splashdamage.com/forums/showthread.php/22936-POTENTIONAL-FIX-etded.x86-getstatus-exploit

Link to comment
Share on other sites

  • Management

Possibly the DoS attacker has not configured the attack to search for etmain servers. Or, when the test with etmain was made, the server was not configured to announce it to the ET master list.

 

The basic problem with the attack is that the engine uses UDP. The attacker creates a simple UDP packet in which he spoofs the source address which is the DoS target. Then the attack keeps sending these getstatus packets, which involve no handshaking, to the server as fast as possible and the server keeps sending the target loads of data in the form of getstatus responses. A single response has a significant size as it includes a lot of information of the server.

 

There are always some amount of querys happening to the server as soon as it is public. Different game trackers query the master server for the server list and then query all the servers, usually with slow interval. Also, all the possible joining players will query the server. So there is never a moment when there is noone querying. But the amount of an attacker is usually a huge amount of querys.

Link to comment
Share on other sites

  • Management

I will pass it along; however when in ETMAIN it has no traffic; but when in Silent it has 100 connections; and no on is on the server

 

It could have 100 or even 300 or even more... it has nothing to do with silent mod. It's simple Enemy Territory, Quake 3 engine exploit.

 

Since I know your host, I have applied the getstatus DDoS patch on your server.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...