Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
457
Views
0
Helpful
3
Replies

Filtering out crash packets - game servers Cisco PIX506E/516E?

avocentiz
Level 1
Level 1

‎08-21-2005 10:54 AM - edited ‎03-10-2019 01:35 AM

One of our most common hosted games suffer greatly at the moment, as we get hit by a mirc script that forces the servers to crash. We have tried to limit the buffer size, i e patching it - but it simply doesnt work against this malware.

We are now looking into a hardware firewall solution that can prevent these attacks without causing performance losses on our game servers.

Cisco PIX506E or PIX516E - can any of these deliver this?

The game servers gets flooded by a getinfo request +a and loops until the server cant respond any more and shuts down. I know what strings to look for in the packets, so could these hw firewalls filter these out?

Labels:
0 Helpful
3 Replies 3

Not applicable

‎08-25-2005 05:35 AM

Remember that the purpose of Firewalls is to prevent unauthorized entry into your network while allowing desired traffic at the same time. It is probably easiest to begin with an analysis of what the objective of a break-in might be, then consider how to make it difficult for a potential criminal to get into your network. Due to their inherently insecure natures, some network protocols are not appropriate for running across Firewalls from untrusted to trusted networks. Examples of such insecure protocols are:

NFS

rlogin

rsh

any RPC-based protocol.

0 Helpful

avocentiz
Level 1
Level 1
In response to

‎08-25-2005 06:03 AM

The Quake 3 engine has problems to handle big queries allowing an

attacker to shutdown any game server based on this engine:

ERROR: Info_SetValueForKey: oversize infostring

In some of the vulnerable games is also possible to crash the server.

A malware script sends a getstatus aaaaa to the server until it chokes and crashes. The patch that is out there doesnt really solved the problem. That is why i was wondering if the firewall solution could filter out these packets or if it would slow it down to much?

0 Helpful

scothrel
Level 3
Level 3

‎08-25-2005 07:34 AM

If the getinfo/getstatus messages must get through for proper play, and you need to block just malformed versions of those packets, then I don't think a FW is what you need. You need a regex capability, like in the IDS/IPS product, that can be customized to your specific problem. Either an IPS (inline) solution or and IDS w/ blocking FW or router would work. Implementation detail would be specific to your requirements (response time, latency impact, etc) for game play. (I know *I* don't want high pings)

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card