6 Sep
2011
6 Sep
'11
9:47 a.m.
Call of Duty is apparently using the same flawed protocol as Quake III servers, so you can think of it as an amplification attack. (I wish I'd forgotten all about this stuff) You send "\xff\xff\xff\xffgetstatus\n" in a UDP packet with a spoofed source, and the server responds with everything you see. With decent amplification (15B -> ~500B) and the number of CoD servers in world you could very easily build up a sizable attack. -- Jeff Walter Network Engineer Hurricane Electric