Well, i haven't played quake in a long time, but to my knowledge, quake doesn't give away the ip addresses of everybody logged in, so yes its still a bug, but since the server doesn't give away the address, its a little difficult to accomplish since you'd have to know the ip address in avdance.. -- Matt Watson TeraHertz Communications Administrator On Sun, 1 Nov 1998 mjat_private wrote: > I apoligize in advance if this seems unimportant or if anything resembling > this was ever posted in the past. I looked through the archive and came > across nothing. > > In playing with a friend of mine's code (dcd3 by Volatile) and combing > through the bugtraq archives...i came across something that i found > interesting. In May of this year, Ambrose Feinstein said... > "actually, using the attack on yourself for the same set of servers would > work too; if a netquake server gets a connection from an ip already > connected, even on a different port, it drops both." > Assuming this is correct, what stops anyone running a variation of unix to > send a spoofed packet to the quake server of anyone they dont like and > having the quake server drop both connections? > This would cause that person pinging 300+ and getting wooped by the person > from the edu pinging 130 to have full control over whether the person > could play or not. Just a thought....Lemme know if anyone can produce > this with some success. > > Mike > mj@efnet > MyDesktop Networks - http://www.mydesktop.com >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:21:57 PDT