Jump to content
  • Advertisement
Sign in to follow this  
Anddos

How does a ban ip system work in network programming

This topic is 3086 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I am wondering how you block an ip with udp if udp is connectionless then how do you stop them from connecting , is the join/connect code tcp then changed to udp?

Share this post


Link to post
Share on other sites
Advertisement
The packets are connectionles, but they have an IP address associated with them. And typically you are going to have some kind of mid/high level protocol built on top of UDP, so you have a special "start of connection" packet that you can choose to ignore if the sender is in the list of banned IP addresses.

If you go for only dropping that initial packet rather than doing a ban-list check for every packet, you should ensure that there is no way for a client to allocate state on the server without that packet. Non "start of connection" packets that aren't from clients with state should also be ignored.

Share this post


Link to post
Share on other sites
Would it not be better to have a firewall block it instead of letting it go through to the application?

The application would tell the firewall "block everything coming from this address".

How practical is that? How would you go about implementing that? And is there a way to do it without having administrator privileges for the application process?

Share this post


Link to post
Share on other sites
Don't bother. It's just fine filtering IPs at application level. I doubt you'd have a lot of incoming requests from banned IPs in the first place.

Share this post


Link to post
Share on other sites
Quote:
Original post by reptor
Cool. But how would one do it?


Buy a professional router, then configure that. These routers provide access lists, routing tables and more. How it's done precisely depends on vendor and model.

Problem with this approach is that such blocking is fairly slow, and does nothing for spoofed sender IP. Typical DoS will also flood the connection, so blocks must be added higher, usually in data center or with ISP, often it requires failover connections as well, since the ones under attack will likely be saturated. It's not something one can do locally.

Automating such blocks is not the best idea. One could just spam packets with spoofed addresses, and application would start adding them to block lists. Over time, legit users would find themselves unable to connect.


To block individual user, server keeps a hash table. Each time a packet arrives, it checks if sender's address is in that table, and ignores the packet if so.


Now the important question becomes - how to determine who needs to be blocked and why.

Share this post


Link to post
Share on other sites
Quote:
Original post by reptor
Cool. But how would one do it?
That entirely depends on what firewall hardware / software you're using.

Share this post


Link to post
Share on other sites
Indeed - it could be pretty difficult to determine who should be banned.

The reason why I was asking about it is because I've seen some multi-player server administrators talk about doing it. So I figured if they feel they should be doing it maybe they would appreciate it if the game itself had the capability to help them do that.

Sort of like automating a task that has previously been manual for them. Now, is it worth it, is another question. This is not something I bother myself with too much - I was just being curious if it's actually being done in games and of how much trouble it creates.

Good advice - thanks!

Share this post


Link to post
Share on other sites
Quote:
Original post by reptor

Sort of like automating a task that has previously been manual for them. Now, is it worth it, is another question. This is not something I bother myself with too much - I was just being curious if it's actually being done in games and of how much trouble it creates.


Automatic banning is possible. For various undesirable activities such as botting, farming, spamming, etc. it is already done automatically, at least by the big names. But it helps to have several million users, comprehensive logging of all actions, a good data mining system and conservative criteria.

Then it's just a matter of statistical analysis to determine who fits the profile of undesirable behavior.

There isn't much published about it, since it's part of internal operations, and because same systems are used for other purposes. Ability to analyze social behaviors of large samples is often the business advantage of today's online providers, so it's not something companies like to advertise.

And the second problem is that mathematical models for this process are fairly generic statistics, then it's just a matter of encoding them into whatever infrastructure one runs, and processing results relevant to operator. It's all about having data and analyzing it, the implementation is relatively trivial.

Another reason why these practices aren't publicized much is because they invariably deal with privacy issues. For example, it's possible to correlate number of times user types 'lol' vs. what kind of stuff such user buys in online store, then this can be used to tailor advertising for them.

All big online services are monitored for just about every single detail of user interaction, and bans are by far the most trivial ones. The real value lies in monetization. Network loads and such are much less relevant for companies with solid revenue streams, unless it's a coordinated attack against entire service.

Share this post


Link to post
Share on other sites
To answer the original question at a more technical level:

For TCP sockets, accept() returns the IP address of the remote user.

For UDP sockets, recvfrom() returns the IP address of the remote user (you have to use this, else you don't know where to return the response to).

Just keep a list of banned IPs and check against that. Typically, this will be a simple hash table. You probably want to store the table in a file or database for backup, but use an in-memory table at runtime for efficiency.

Note that some users will move around, because their ISPs give out dynamic addresses with DHCP. For those users, banning an account, and making sure that accounts cost money to get, is a better option.

Also, the most common kind if IP to ban is an IP of a known open proxy -- some server that lets users anywhere in the world bounce of the proxy to seem as if they're coming from somehwere else than what they are. For sophisticated griefers, they'll just move to another proxy when you ban the first one. Thus, in the end, account-based bans tied to monetary value is the best option. (Plus community ratings built into the game mechanics.)

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!