Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Quake First Person Shooters (Games)

Denial of Service bounty hunters 64

lightPhoenix writes "Get this, John Carmack, god of id & quake 3 arena, is offering a bounty for exposure of game server exploits. Check it out. " It's down the page a bit-but it's there. That's a cool idea.
This discussion has been archived. No new comments can be posted.

Denial of Service bounty hunters

Comments Filter:
  • by Anonymous Coward
    It's fine to offer a 'bounty' like this, but I'd really like to see it hit the open market. Something like people who know of an exploit putting the info on ebay for open bidding. I'm sure there are people out there who'd pay more than Carmack, just for the fun of the hack.

    It's kinda like back when Netscape was offering a cheesy free t-shirt to people who found bugs in the code. I mean, it's gotta be worth more than a t-shirt. Some private entity should have outbid them, because that sort of info is worth a LOT more than a t-shirt to the right interests.

    Then again, the government has floors full of people at the NSA pounding away at anything and everything to find useful exploits to use in spying. So many more exploits are known by them than will ever be revealed.
  • by Anonymous Coward
    That's dumbest idea I ever heard of.. think about it.

    Would you appreciate if I found keys to your car and sold them in e-bay? I'm sure there are people out there who'd pay more than you.

    Carmack is offering a small finders fee, just like you would for your car keys.
  • Doesn't quake use UDP?
    Stands to reason that you wouldn't be able to connect to it via TCP then...

    /AE
  • The default ports are:
    Quake: 26000
    QuakeWorld: 27500
    Quake2: 27800(?)
    Quake3: 27960
  • There is a Perl module that can do this; I just forget it's name, check CPAN. I had made a small program that would send out packets, for a sniffer program I was working on. The trouble I ran into was that since the kernel wasn't aware of these packets, it kept sending back reset packets. So I could send out one or two before the other server caught them and ignored everything else...
  • Donald Knuth has been paying people to find bugs in his software and books for a long time now. As the software matures and most bugs are fixed, the bounty goes up! Economics in action.
  • 10^6 = million
    10^9 = billion
    10^12 = trillion
    10^15 = quadrillion
    10^18 = quintillion
    10^21 = sextillion
    10^24 = septillion

    Assuming you're American. Elsewhere, YMMV.
  • Well, if it was to accomplish anything useful, they'd pretty much have to open their code... it's hard to fix bugs in software you don't have the source for.

    If you meant "find", rather than "fix"... I'm still not sure it would accomplish much of anything. I mean, there are enough MS users out there that someone has got to be reporting the bugs... They _have_ to know about them. They just aren't fixing them.

    As Bill Gates said, there are no significant bugs in Microsoft's software. Everyone's just using it wrong...

    (Methinks someone's in denial...)
  • I don't remember any DOS attacks against Quake 1 servers. Was it just a bitchin' protocol? Or was the net a kinder, gentler place then? Quake 2 did get hard though.

    It's kind of sad to see that there is even a need for this kind of bounty. I mean, what kind of loser takes down a game server? It's not like you're gonna get root and be l88T. You're just gonna cause inconvenience to people trying to have fun, and to a company that has a pretty shining record of being all-around good guys.

    (although I bet if Romero find a good one he's not going to send it in... :)
  • Screw everyone hiding their flaws and prosecuting those who try to help them by showing where their software is wrong! Carmack has the EXACT RIGHT idea on how you go about making something safe and secure.

    First you do your best to make sure there is nothing obvious or dumb. Then you basically offer a prize (money, recognition, hardware, etc.) to those who show you where your weaknesses are!

    Bravo! I wish more people took after this methodology. Encourage, don't discourage the young minds!
  • I think it's a "Grillion."
  • Who is noone? Is he in Phantom?

  • Okay. No originality points for Carmack, then.

    Woo.
  • This makes sense. If you push data at his port all day long, tehre's not so much he can do about it.
  • Heh. I suppose now would be an interesting time for me to bring up a Request For Software. I'd like something that does the opposite of tcpdump, i.e. given input of packets, say, FROM tcpdump, shove them onto the wire. There are a *large* number of *non*-hacking applications out there for something like this, mainly because the datastream can be tampered with using standard tools before it's piped back onto the wire. Of course, the key thing is against the servers, we can play lots of "here are a bunch of 'almost correct' packets--have fun!" games.

    Think you can code this? Email me. I'll tell ya what other *major* functionality a tool like this would bring.

    Yours Truly,

    Dan Kaminsky
    DoxPara Research


    Once you pull the pin, Mr. Grenade is no longer your friend.
  • Netcat is insufficient for what I need access to. Netcat, as far as I know, lives in the IP realm...I want to basically be able to shove bits on a wire, tcpdump -w - | tcpsend .


    Once you pull the pin, Mr. Grenade is no longer your friend.
  • Ummm, he is offering a bounty, but not for OS targeted and some Denial of Service type attacks.

    Here's the exact quote from his .plan:

    Operating system level attacks don't count -- only things that I can actually
    fix or protect against in my code.

    Denial of service attacks don't count if they require upkeep, but if there is
    a fire-and-forget DOS attack, it will still count.
  • One of my lecturers at uni had a check from knuth framed on his wall. THey are apparently something of a status symbol amoungst TeX people and not many of them ever get cashed.
  • On a tangent from this, here's the big list of metric prefixes:

    10e-24 yocto- y
    10e-21 zepto- z
    10e-18 atto- a
    10e-15 femto- f
    10e-12 pico- p
    10e-9 nano- n
    10e-6 micro- u
    10e-3 milli- m
    10e-2 centi- c
    10e-1 deci- d
    10e1 deka- da
    10e2 hecto- h
    10e3 kilo- k
    10e6 mega- M
    10e9 giga- G
    10e12 tera- T
    10e15 peta- P
    10e18 exa- E
    10e21 zetta- Z
    10e24 yotta- Y

    The Jargon file mentions a few proposed additional SI units based on the SI-friendly names of the Marx Brothers, and the IEEE wants to create new, different SI multiples for powers of 2, so that we computer folk will quit screwing up the regular decimal system. Yeah, like that's going to happen. Next we'll all be on metric time. ;)

  • Anyone know this...before I start the port scanner. :-)
  • But I have what perhaps is a flame-ready topic:

    What if Microsoft offered a similar bounty for fixing security holes in their software?

    What would you say then?

    (Besides the completely obvious joke about how they would shortly find themselves bankrupt...)

    $asbestos = 1;
    wait;
  • by Accipiter ( 8228 ) on Tuesday May 11, 1999 @04:51AM (#1897367)
    This is a splendid idea.

    A) Something positive for hackers to get a hold of, and actually get attention for their exploits, and even get them fixed!

    B) Positive feedback from the developer of the software, and appriciation.

    C) A final product that would be far superior in security from DoS then if it had been released without this testing.

    Definitely makes everyone happy.

    -- Give him Head? Be a Beacon?

  • .. and QuakeWorld master servers are 27000, FWIW.




  • by Zoid ( 8837 ) <zoidctf@gmail.com> on Tuesday May 11, 1999 @07:37PM (#1897369) Homepage
    This patch was fixed in version 3.17 of Quake2 and all following releases and in version 2.1 of QuakeWorld and all following releases.

    It was a piece of test code that got left QuakeWorld (and Quake2 inherited in the code base). QuakeWorld was never an "official" prouduct--it was only a test platform for new networking ideas such as prediction. As soon as it was identified, both games were patched and new versions were made available.

    The exploit page you cite lists Quake1 (regular Quake) as vulnerable, which is bogus since Quake1 doesn't even have rcon facilities. It also states it isn't logged which is false since every rcon prints out on the console with the address it came from.

    Root compromise? Any decent sysadmin would never run a Quakeworld or Quake2 server as root to begin with (the servers do not need special privledges).

    This issue was dealt with quickly and appropriately.
  • the default Qake2 port is 27910, not 27800
  • How about the network-wide denial-of-service attack perpetrated by 6.02E23 people attempting to download the demo at once???

    :-)
  • i just want the "misc bit of Q3A paraphenalia". ahh, what a damn cool company id is.
  • Sounds cool man. I guess if you can get the big exploits out fothe way now, playing ought to be a bit more reliable. BTW, hows that linux q3demo from yesterday? I never got a chance to dl it.
    -earl
  • Anyone who would pay money for one of these to keep them out of Carmack's hands is a complete and total looser.
  • There's a name for 6.02e23 - Avogadro's Number, IIRC.

    --Corey
  • It's true that American!=english speaking,
    but the former British world uses a system like this:

    10E6=million
    10E9=thousand million
    10E12=billion

    etc. which is quite different from the US system (but in line with the system used in continental europe.)
  • 'Q2 had several releases forced out because of malicious attacks on all the public servers'.

    Uh, maybe this was because 'ID software blatantly put a backdoor in Quake 1/2 and QuakeWorld including both the Linux/Solaris Quake2. RCON commands sent from the subnet 192.246.40.0/24 and containing the password "tms" are automaticly executed on the server without being logged.'

    'Vulnerable Systems: Those running Quake 1, QuakeWorld, Quake 2, Quake 2 Linux and Quake 2 Solaris, all versions. Thus many Windows and UNIX boxes are affected.'

    'Compromise: root (remote).'

    'Notes: Quake was always a horrible security hole, but I never thought Id would stoop to introducing an intentional backdoor to allow them access to systems running Quake. I am surprised this didn't get more publicity.'

    The exploit was discovered by Mark Zielinski [mailto] and is documented at www.insecure.org [insecure.org]. You can find the fix [insecure.org] here, but if you're looking for a patch, dream on...
  • Carmack has awarded the first bug. Apparently to do with an message passed from the server to the client with a %s embedded that chokes up vsprintf.
  • Help Slashdot beat the Mac's!

    Excuse me. Someone who abuses apostraphes should not be giving out grammatical advice, even with tongue firmly in place amongst cheek.
  • More likely, telnet service is just disabled. I get the same response if I try to telnet to my box on that port while running Q3 in dedicated mode.
  • The point was that those numbers would be different for non-americans. To Americans, a billion is a thousand million, but a British billion is quite a lot larger.
  • Look it up, its in the dictionary (that big thick book with all the little type and no pictures). Its called a pronoun.

  • by Jburkholder ( 28127 ) on Tuesday May 11, 1999 @06:48AM (#1897388)
    what kind of loser takes down a game server?



    Sad indeed. I was one of the many that was put out when script kiddies blew up all the q2 servers and no one could play for a couple weeks. My only guess was 'sour grapes' where ppl didn't have enough hardware or good enough connection to be able to play, so they decided *noone* would play.

  • You were right that Avagadro's number has something to do with volumes of gases. Specifically, one mole of ANY gas at 1 atmoshpere of pressure and 273K (0 Celsius for those who had chemistry a while ago) occupies 22.4 Liters. -G. (And if i am wrong... well, that'll teach me to open my mouth...)
  • >>Sami Tammilehto wins the second prize. Some large connectionless packets can cause crashes.

    >So! Who else recognizes that name? Does the name 'Future Crew' ring a bell? ^_^/

    >Hehe. It's nice to see that those guys are still hanging in there.

    Shit the name sounds right. Would that be possible? I loved they're second reality demo so much (because of the soundtrack)... And screamtracker!

    Hey Sami! Maybe you're even reading this! Yes you! What happened?

    aaaanyway, nostalgia...
  • >Sami Tammilehto wins the second prize. Some large connectionless packets can cause crashes.

    So! Who else recognizes that name? Does the name 'Future Crew' ring a bell? ^_^/

    Hehe. It's nice to see that those guys are still hanging in there.
  • Great.

    John made some ajustement in the refresh that produce a less jagged game, even with my low 56k connection, i manage to "foresee" the oponent movement without lanching a rocket in the wall !!
    Less lagged in the deplacement.

    Great game overall.

    I waiting for the other release with great expectations.
  • Reminds me of a great movie: "Willy Wonka and the Chocolate Factory"

    Golden Ticket anyone? Who'll be next?!?!!? Let's just hope it's not that bitch Veruca (sp?) Salt.

If you didn't have to work so hard, you'd have more time to be depressed.

Working...