• Announcements

    • khawk

      Download the Game Design and Indie Game Marketing Freebook   07/19/17

      GameDev.net and CRC Press have teamed up to bring a free ebook of content curated from top titles published by CRC Press. The freebook, Practices of Game Design & Indie Game Marketing, includes chapters from The Art of Game Design: A Book of Lenses, A Practical Guide to Indie Game Marketing, and An Architectural Approach to Level Design. The GameDev.net FreeBook is relevant to game designers, developers, and those interested in learning more about the challenges in game development. We know game development can be a tough discipline and business, so we picked several chapters from CRC Press titles that we thought would be of interest to you, the GameDev.net audience, in your journey to design, develop, and market your next game. The free ebook is available through CRC Press by clicking here. The Curated Books The Art of Game Design: A Book of Lenses, Second Edition, by Jesse Schell Presents 100+ sets of questions, or different lenses, for viewing a game’s design, encompassing diverse fields such as psychology, architecture, music, film, software engineering, theme park design, mathematics, anthropology, and more. Written by one of the world's top game designers, this book describes the deepest and most fundamental principles of game design, demonstrating how tactics used in board, card, and athletic games also work in video games. It provides practical instruction on creating world-class games that will be played again and again. View it here. A Practical Guide to Indie Game Marketing, by Joel Dreskin Marketing is an essential but too frequently overlooked or minimized component of the release plan for indie games. A Practical Guide to Indie Game Marketing provides you with the tools needed to build visibility and sell your indie games. With special focus on those developers with small budgets and limited staff and resources, this book is packed with tangible recommendations and techniques that you can put to use immediately. As a seasoned professional of the indie game arena, author Joel Dreskin gives you insight into practical, real-world experiences of marketing numerous successful games and also provides stories of the failures. View it here. An Architectural Approach to Level Design This is one of the first books to integrate architectural and spatial design theory with the field of level design. The book presents architectural techniques and theories for level designers to use in their own work. It connects architecture and level design in different ways that address the practical elements of how designers construct space and the experiential elements of how and why humans interact with this space. Throughout the text, readers learn skills for spatial layout, evoking emotion through gamespaces, and creating better levels through architectural theory. View it here. Learn more and download the ebook by clicking here. Did you know? GameDev.net and CRC Press also recently teamed up to bring GDNet+ Members up to a 20% discount on all CRC Press books. Learn more about this and other benefits here.
Sign in to follow this  
Followers 0
zy007

how to restrict client connect?

8 posts in this topic

Hi everyone.
as a server, i only wanna accet some client( i know their ip address) connect , is there any idea for restrict the others?
i know i can use a array to cache them, after the fun Accept() get the client' IP , and close it if i want. or maybe i can do it by setting the firewall.
any better idea?
0

Share this post


Link to post
Share on other sites
Having a firewall is the way to preemptively drop such connections. Otherwise you'll have to adopt the other approach of closing the connections after they've been accepted.
1

Share this post


Link to post
Share on other sites
If you are using Winsock you can use WSAAccept which conditionally accepts a connection based on the return value of a condition function. However, it is still accepting the connection (and automatically closing based on your conditional function return)
1

Share this post


Link to post
Share on other sites
[quote name='?Post' timestamp='1300091327' post='4785510']
Hi everyone.
as a server, i only wanna accet some client( i know their ip address) connect , is there any idea for restrict the others?
i know i can use a array to cache them, after the fun Accept() get the client' IP , and close it if i want. or maybe i can do it by setting the firewall.
any better idea?
[/quote]

accept() will give you the IP address of the remote peer. You can then choose to close() the connection or keep it open. Beware if you're using reverse proxies for load balancing, though: The IP address that accept() sees is the proxy address.
If you want to reject connections before they even get to the server, you need a firewall, or a kernel-level rule such as "iptables" on Linux or ipfw on Windows.
1

Share this post


Link to post
Share on other sites
I have a problem similar to this, lets say that someone writes a program that makes many connections to my server over and over again. This can stop my server from accepting new clients, this attack also works on commercial games and voip ventrilo servers. Is there anyway to protect against this?
0

Share this post


Link to post
Share on other sites
[quote name='Essentric' timestamp='1300361098' post='4786950']
I have a problem similar to this, lets say that someone writes a program that makes many connections to my server over and over again. This can stop my server from accepting new clients, this attack also works on commercial games and voip ventrilo servers. Is there anyway to protect against this?
[/quote]

Yes, at your carrier/ISP/network provider. Have multiple independent connections, when DoS occurs, they are the ones who can filter.

If attack is distributed, then blocking doesn't really work, and adding more servers to handle the extra load until it exceeds the attacker's bandwidth is about the only way.

Of course, one should be at least smart enough to design server in such a way to add only minimal load before client properly establishes connection. This does not prevent unidirectional attacks (just flooding the ports or SYN packets or similar), but prevents attackers from exerting load on back end infrastructure, so they'll only exhaust the bandwidth. If attacks are smart and establish full connection, they can be blocked at that point and the scale will be much larger, since attacker will need considerable computing and network resources.

But in general, anyone on internet can send a packet to any IP:port, so bandwidth exhaustion is always a potential threat, especially with commodity servers, where a simple slashdot effect is enough.
1

Share this post


Link to post
Share on other sites
[quote name='Essentric' timestamp='1300361098' post='4786950']
I have a problem similar to this, lets say that someone writes a program that makes many connections to my server over and over again. This can stop my server from accepting new clients, this attack also works on commercial games and voip ventrilo servers. Is there anyway to protect against this?
[/quote]

When your game is small, you have to go through the abuse channels of your upstream ISP. When the attacker has a DDoS network handy, this can be quite challenging. Also, you need to be running this on a hosting center that cares about you, which means that you're probably paying real money each month for real hosting.

As you grow in size, you start getting pipes that are bigger, and thus much harder to saturate, unless your attacker has real resources, at which point ISPs are really going to be interested, and it may even come to federal law enforcement levels, depending on what's going on.

For small games, about the best you can do is to detect if the same IP connects more than two times during any one minute, and add a firewall rule for that IP source. This means that the SYN packets will still be coming in, but at least your CPU won't be overwhelmed. In this case, though, beware ISPs that run proxies for all their users -- cell phones, AOL, etc.
1

Share this post


Link to post
Share on other sites
I use fail2ban to automate this at the load balancer/proxy level (Linux and iptables). I work for an ITSP and we get hammered on our public session border controllers all the time from all over the world. Not too many DDoS attacks but SIP REGISTER and ssh dictionary attacks are common in short bursts. Not much we can do about it except mitigate the load it puts on our systems as the source generally comes from countries where there is no recourse.
1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0