POTENTIONAL FIX: etded.x86 getstatus

by Indloon 22 Feb 2011, 12:41 Journals
Hi,

since a few months there is a exploit floating around abusing the getstatus requests to launch dos attacks against random targets and as a side effect creating massive lags on clients and the server.
Cause of this Yada from Staatsschutz.org made a patch for linux wich reduces the effectivity of this exploit.

Quote
etfix_getstatus 0.2 by yada / staatsschutz.org / jan. 2011
------

This patch will ratelimit etded.x86 2.60b getstatus requests to 1 per IP every
4 seconds. This approach is not ideal as the real fix would be to change the
protocol to require some kind of handshake but this would break compatibility
with existing clients so its not really practical. The worst part is that the
patch is (in theory) vulnerable to a dos where legitimate clients could be
denied access to the getstatus command but i feel this is less of a headache
than kiddies using the server to flood random targets and thereby lagging the
server and pushing bandwith usage through the roof (master server is excluded
from ratelimit so no need to worry about it being denied using spoofed
packets).


Download the file right here

A readme.txt, the sourcecode and a small howto are included.

Your free to distribute this file.
Comments
7
BIAcky 22 Feb 2011, 13:15
A readme.txt, the sourcecode and a small howto are included.
Blindi 22 Feb 2011, 13:20
someone trying to do something to help ET community
image: sleep
Ethr 22 Feb 2011, 14:22
thought that this had already been fixed or am i thinking or some other dos related problem ?
Burneddi 22 Feb 2011, 15:05
Didn't someone already write a plugin that disables the getstatus command enterily?
Indloon 22 Feb 2011, 19:32
This was other exploit.THis is new security bug...and there are more them.
Something what can break Pales server crasher.
Parent
Burneddi 22 Feb 2011, 19:57
I don't think pale's server crasher has anything to do with brute-force (D)DoSing with getstatus.
Parent
Back to top