Call of Duty botnet launches 10Gbps DDoS

Powered by SC Magazine
 

Unpatched servers used in attack.

A botnet of servers used for the popular gaming title Call of Duty have been hijacked and used in a 10 gigabit distributed denial of service (DDoS) attack.

The attack bombarded a small unnamed business with a UDP flood by exploiting a flaw that is still present in thousands of game servers.

The flaw meant that servers did not require a valid player session in order to process replies.

This allowed attackers to write code to send UDP packets to the victim by spoofing the IP address.

European anti-DDoS vendor VistNet, which moved to block the attack, said thousands of vulnerable sites could be found with a “quick Google search”.

Administrators could apply a patch to fix the flaw, which rate limited reply packets to a given IP address.

The fix logged an attackers’ IP address when query packets were sent, and ignored further queries for a set time. 

Administrators of hacked Call of Duty 4: Modern Warfare servers had initially thought VistNet was behind the attacks. Few understood how their servers were compromised, the company said.

Copyright © SC Magazine, Australia


Call of Duty botnet launches 10Gbps DDoS
 
 
 
Top Stories
Photos: Microsoft's new Surface 3 tablet
Microsoft has pared down the specs in favour of portability.
 
Is your lawyer smarter than IBM's Watson?
Sparke Helmore CIO Peter Campbell expects machine learning to take a chunk out of law firm profits. But he’s far from downcast.
 
Australia passes data retention into law
Mammoth last-ditch effort by Greens, indies knocked back.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Do you support the Government's data retention scheme?

   |   View results
Yes
  9%
 
No
  91%
TOTAL VOTES: 1431

Vote