Page MenuHomeFeedback Tracker
Create Task
Maniphest T83273

A2S_INFO dos vulnerability
Acknowledged, WishlistPublic
Actions

Description

An attacker can send a large amount of A2S_INFO request message to overload the server.

https://developer.valvesoftware.com/wiki/Server_queries#A2S_INFO

I know some games have this fixed or allow you to define maximum request per second that will be answered (e.g. sv_max_queries_sec_global) or have addon to fix it https://forums.alliedmods.net/showthread.php?t=114787?t=114787.

Details

Legacy ID
2913801289
Severity
None
Resolution
Open
Reproducibility
Always
Category
Dedicated Server

Event Timeline

Manzarek set Category to Dedicated Server.Jul 21 2015, 11:58 PM
Manzarek set Reproducibility to Always.
Manzarek set Severity to None.
Manzarek set Resolution to Open.
Manzarek set Legacy ID to 2913801289.May 8 2016, 12:25 PM
Manzarek edited a custom field.
Manzarek added a subscriber: Manzarek.
Manzarek added a comment.Jul 23 2015, 8:54 PM

This is a real problem, combined with random spoofed ip and random source its really hard to block. You should use a cache system. A 4mbps can down a 1gpgs server protected with ovh ddos pro protection.

© Bohemia Interactive a.s. Bohemia Interactive® is a registered trademark of Bohemia Interactive a.s. All rights reserved. · Privacy Policy · Terms and Conditions