File: 100000102.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (62 lines) | stat: -rw-r--r-- 1,193 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
Rule: 

--
Sid: 
100000102

-- 
Summary: 
This event is generated when an empty UDP packet is sent to port 2305, where 
Halocon game servers typically listen.

-- 

Impact: 
After receiving such a packet, the server will no longer listen on this port, 
denying the administrator the ability to send remote commands.

--
Detailed Information:
Halocon servers listen to UDP port 2305 for commands. Upon receiving an empty 
UDP packet to that port, the server shuts down the port. Administrators can no 
longer send remote commands to the server, effectively causing a denial of 
service. The server must be restarted to re-open the port.

--
Affected Systems:
Halocon 2.0.0.81

--

Attack Scenarios: 
A script that generates empty UDP packets can be used to perform this attack.

-- 

Ease of Attack: 
Simple; public exploits exist.

-- 

False Positives:
None Known.

--
False Negatives:
None Known.

-- 

Corrective Action: 
No known patches or workarounds exist. System administrators may be able to 
reject these packets at their firewall, depending upon the abilities of the 
firewall system they use.

--
Contributors: 
Alex Kirk <alex.kirk@sourcefire.com>

-- 
Additional References:

--