> 2) Bug > The UDP is a connection-less protocol so is "normal" that it is > insecure, but UT don't do any control about the packets that it > receives! This is almost identical to a method I developed in May using Q3 servers, and where I mention that Halflife, UT and possibly other similiar game servers are subject to the very same problem. I wrote a short paper about the method of this and posted it on my webpage: http://web.lemuria.org/security/ With the game servers, the impact is limited, as I detail in the paper. You can't take down yahoo or /. with it, but it's more than enough to blow any dial-up user or small business (T1 or so) off the net. -- New GPG Key issued (old key expired): http://web.lemuria.org/pubkey.html pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org> Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
