Quilkin should drop packets that are sent from itself.

[XAMPPRocky]

Quilkin currently doesn't do any checking of where the source is from, and the source ip and port can be easily forged, and common version of that forgery is to have the source of the packets also be the destination as the response can be larger than the request (see UDP amplification attacks), so the solution is to ban all traffic that is sourced from itself.

[iffyio]

I'm not following exactly how this applies in quilkin's case could you give an example? I'm thinking since quilkin doesn't send any response itself and doesn't forward a packet to a destination it doesn't already know about and can't formulate an attack atm

[XAMPPRocky]

I'm not following exactly how this applies in quilkin's case could you give an example?

I'll draw a diagram tomorrow.

[iffyio]

I see what this means, if the original packet's source is quilkin we can theoretically end up in a state where we're sending packets between quilkin and a legitimate upstream in a loop

[XAMPPRocky]

Imagine the following scenario, of a game server infront of Quilkin which has a protocol with a command that provides a large response, this could be something like streaming a game asset, the attacker sends the request from the game but assigns the source IP to be from Quilkin (I'm using localhost addresses for simplicity but these could easily just be public IP address of the server).

Quilkin will forward that command, but when Quilkin sends the response back, instead of sending it back to the attacker, it delivers it back to the server. At this point in most architectures the game server should send a bad response and terminate the session between it and Quilkin, however in some respects the damage is already done because we've now gotten a large amount of junk data filling up the buffers in the game servers, and if repeatable could be used for DDoS by having Quilkin exhaust its own resources and rate limits.

Also should be noted that for scenarios where the response is valid to receive on the both the server and client (such as in peer-to-peer games), then this gets much worse as it will basically start a loop where Quilkin will echo the game server's response directly back to it forever or until it sends an invalid response.