Title

Network security isn't all fun and games: an analysis of information transmitted whilst playing Team Fortress 2

Document Type

Conference Proceeding

Publisher

Security Research Centre, School of Computer and Security Science, Edith Cowan University

Place of Publication

Perth, Western Australia

Faculty

Computing, Health and Science

School

Computer and Information Science, Centre for Security Research

RAS ID

5876

Comments

Originally published in the Proceedings of the 6th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia, 1st to 3rd December 2006.

Abstract

In the world of online gaming, information is exchanged as a matter of course. What information is exchanged behind the scenes is something that is not obvious to the casual user. People who play these games trust that the applications they are using are securely written and in this case, communicate securely. This paper looks at the traffic that is transmitted by the game Team Fortress 2 and incidentally the supporting authentication traffic of the Steam network. It was discovered through packet analysis that there is quite a lot of information which should be kept private being broadcast in the clear. Information discovered as a result of traffic capture and analysis included users IDs, and of greater concern, the remote console password. While this information may seem trivial, discovery of such information may lead to compromise of the game server, leaving it open to be controlled by someone with malicious intent.

 

Link to publisher version (DOI)

10.4225/75/57b5656cb8773