Jump to content

  • Log In with Google      Sign In   
  • Create Account


#ActualKnolanCross

Posted 20 November 2012 - 11:33 AM

My point is that what it seems to me by your explanation is that your game loop depends on the receiving of messages or a disconect exception by the client. If none of those arrives, it will be in blocking state forever. You said that the client will send a message every 500 ms, but then you are assuming that the clients will play fair, this may lead to security issues.

Let me try to explain the problem this may cause with an example:
Assuming you will have multiple single threaded servers running multiple instances (each instance is a match where one or more players can play). I can create a hacked client that will:
1) Mimic the behavior of an original program until I get into a new world for myself. Up to here I am a normal client.
2) By the point I should start sending messages to the server, I just don't send anything.
3) The server is in a blocking state, waiting for info that will never arrive.

In this scenario the client will not be dropped because the hacked client can send TCP keepalive packages, which will keep the connection up. This is a "vandalism hacking attack" that your server may be susceptible.
You should set a server-side timeout on this so it will take actions every few ms even if no client sent any messages to avoid this kind of attack. As I said, I don't know anything about C# (I am a C/python programmer), but I believe the method you should look is this one:
http://msdn.microsof...8(v=vs.80).aspx (NetworkStream.ReadTimeout)

#1KnolanCross

Posted 20 November 2012 - 11:32 AM

My point is that what it seems to me by your explanation is that you game loop depends on the receiving of messages or a disconect exception by the client. If none of those arrives, it will be in blocking state forever. You said that the client will send a message every 500 ms, but then you are assuming that the clients will play fair, this may lead to security issues.

Let me try to explain the problem this may cause with an example:
Assuming you will have multiple single threaded servers running multiple instances (each instance is a match where one or more players can play). I can create a hacked client that will:
1) Mimic the behavior of an original program until I get into a new world for myself. Up to here I am a normal client.
2) By the point I should start sending messages to the server, I just don't send anything.
3) The server is in a blocking state, waiting for info that will never arrive.

In this scenario the client will not be dropped because the hacked client can send TCP keepalive packages, which will keep the connection up. This is a "vandalism hacking attack" that your server may be susceptible.
You should set a server-side timeout on this so it will take actions every few ms even if no client sent any messages to avoid this kind of attack. As I said, I don't know anything about C# (I am a C/python programmer), but I believe the method you should look is this one:
http://msdn.microsoft.com/en-us/library/bk6w7hs8%28v=vs.80%29.aspx (NetworkStream.ReadTimeout)

PARTNERS