Unreal Tournament 436 Linux denial-of-service fix
-------------------------------------------------

8/20/2002


- Replace your old IpDrv.so with this one (MAKE A BACKUP!)
- At your discretion, add these to your .ini file:

(In the [IpDrv.TcpNetDriver] section)

AllowPlayerPortUnreach=(True or False)
LogPortUnreach=(True or False)

The defaults are okay for most people!

"AllowPlayerPortUnreach" will continue talking to a legitimate player 
after she sends an ICMP port unreachable packet. The new DoS fix will 
immediately stop talking to an IP address when it gets such a packet, 
but here it will keep talking to that IP if it was already a valid 
player before that ICMP packet. Note that this is a fix for buggy 
firewalls and flakey net connections; most people should _not_ set this, 
since, if the player crashes out (and thus sends port unreachable 
packets), you usually don't want to keep flooding them. This has no 
effect on a player that leaves a game normally, since we know to stop 
talking to them.

"LogPortUnreach", when set to true, will report (and write to your log 
files) when you get ICMP port unreachable packets. Enabling this will 
give you a good idea about whether someone is trying to use the DoS 
exploit on you, but since each spoofed UDP packet writes a line to the 
file, this can make your logs balloon with a quickness. You should only
enable it if you suspect you're getting hit.

