Rule: 

--
Sid: 
100000102

-- 
Summary: 
This event is generated when an empty UDP packet is sent to port 2305, where Halocon game servers typically listen.

-- 

Impact: 
After receiving such a packet, the server will no longer listen on this port, denying the administrator the ability to send remote commands.

--
Detailed Information:
Halocon servers listen to UDP port 2305 for commands. Upon receiving an empty UDP packet to that port, the server shuts down the port. Administrators can no longer send remote commands to the server, effectively causing a denial of service. The server must be restarted to re-open the port.

--
Affected Systems:
Halocon 2.0.0.81

--

Attack Scenarios: 
A script that generates empty UDP packets can be used to perform this attack.

-- 

Ease of Attack: 
Simple; public exploits exist.

-- 

False Positives:
None Known.

--
False Negatives:
None Known.

-- 

Corrective Action: 
No known patches or workarounds exist. System administrators may be able to reject these packets at their firewall, depending upon the abilities of the firewall system they use.

--
Contributors: 
Alex Kirk <alex.kirk@sourcefire.com>

-- 
Additional References:

--
