File: 100000104.txt

package info (click to toggle)
snort 2.9.7.0-5
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid, stretch
  • size: 55,000 kB
  • ctags: 38,464
  • sloc: ansic: 266,667; sh: 12,508; makefile: 2,908; yacc: 497; perl: 496; lex: 261; sed: 14
file content (64 lines) | stat: -rw-r--r-- 1,289 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Rule: 

--
Sid: 
100000104

-- 
Summary: 
This event is generated when an empty UDP packet is sent to port 27777, where 
Amp II 3D game servers typically listen.

-- 

Impact: 
After receiving such a packet, the server will fall into an infinite loop, 
potentially consuming all resources on the host system. The administrator will 
need to restart the game server, and possibly the host system.

--
Detailed Information:
Amp II 3D servers listen to UDP port 27777 for commands. Upon receiving an 
empty UDP packet to that port, the server falls into an infinite loop, possibly 
consuming all resources on the host system. The administrator must restart the 
game server and/or the host system.

--
Affected Systems:
Amp II 3D Game Engine
Amp Gore: Ultimate Soldier 1.50

--

Attack Scenarios: 
A script that generates empty UDP packets can be used to perform this attack.

-- 

Ease of Attack: 
Simple; public exploits exist.

-- 

False Positives:
None Known.

--
False Negatives:
None Known.

-- 

Corrective Action: 
No known patches or workarounds exist. System administrators may be able to 
reject these packets at their firewall, depending upon the abilities of the 
firewall system they use.

--
Contributors: 
Alex Kirk <alex.kirk@sourcefire.com>

-- 
Additional References:

--