Australian Information Security Management Conference

Document Type

Conference Proceeding


Security Research Centre, School of Computer and Security Science, Edith Cowan University, Perth, Western Australia


Originally published in the Proceedings of the 6th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia, 1st to 3rd December 2006.


In the world of online gaming, information is exchanged as a matter of course. What information is exchanged behind the scenes is something that is not obvious to the casual user. People who play these games trust that the applications they are using are securely written and in this case, communicate securely. This paper looks at the traffic that is transmitted by the game Team Fortress 2 and incidentally the supporting authentication traffic of the Steam network. It was discovered through packet analysis that there is quite a lot of information which should be kept private being broadcast in the clear. Information discovered as a result of traffic capture and analysis included users IDs, and of greater concern, the remote console password. While this information may seem trivial, discovery of such information may lead to compromise of the game server, leaving it open to be controlled by someone with malicious intent.