lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 10 Nov 2003 16:00:33 +0000
From: Luigi Auriemma <aluigi@...ervista.org>
To: bugtraq@...urityfocus.com
Subject: A resource for the Fake players bug



I want to signal an interesting type of problem that affects almost all the
videogames with multiplayer support and moreover a resource where finding
informations and proof-of-concepts for games and game's engines.

I already managed this problem in the past (over one year ago) with
Half-Life and then with the Unreal engine but at that time I considered it a
"common" bug thinking it wasn't so vast (yeah I was really wrong).

The problem is what I call "fake players bug" (I have not found other
discussions or papers about the argument so this is the same name I have
used the first time) and it is a Denial of Service versus the game servers
that host a multiplayer match.

I have written a simple paper containing some informations about the problem
so I avoid to waste time and space explaining the problem and its effects
here.
The link for the paper (available also in italian) is:

http://aluigi.altervista.org/fakep/fakepintro.txt


I have already written proof-of-concepts for some games like Half-Life, the
Quake 2 engine, the Quake 3 engine, Serious Sam engine, Unreal 1, Tribes 1
and 2, Need for speed hot pursuit 2, Ghost Recon and others but I update the
list continually at least each week:

http://aluigi.altervista.org/fakep.htm


Have phun



--- 
Luigi Auriemma
http://aluigi.altervista.org



Powered by blists - more mailing lists