• Announcements

    • khawk

      Download the Game Design and Indie Game Marketing Freebook   07/19/17

      GameDev.net and CRC Press have teamed up to bring a free ebook of content curated from top titles published by CRC Press. The freebook, Practices of Game Design & Indie Game Marketing, includes chapters from The Art of Game Design: A Book of Lenses, A Practical Guide to Indie Game Marketing, and An Architectural Approach to Level Design. The GameDev.net FreeBook is relevant to game designers, developers, and those interested in learning more about the challenges in game development. We know game development can be a tough discipline and business, so we picked several chapters from CRC Press titles that we thought would be of interest to you, the GameDev.net audience, in your journey to design, develop, and market your next game. The free ebook is available through CRC Press by clicking here. The Curated Books The Art of Game Design: A Book of Lenses, Second Edition, by Jesse Schell Presents 100+ sets of questions, or different lenses, for viewing a game’s design, encompassing diverse fields such as psychology, architecture, music, film, software engineering, theme park design, mathematics, anthropology, and more. Written by one of the world's top game designers, this book describes the deepest and most fundamental principles of game design, demonstrating how tactics used in board, card, and athletic games also work in video games. It provides practical instruction on creating world-class games that will be played again and again. View it here. A Practical Guide to Indie Game Marketing, by Joel Dreskin Marketing is an essential but too frequently overlooked or minimized component of the release plan for indie games. A Practical Guide to Indie Game Marketing provides you with the tools needed to build visibility and sell your indie games. With special focus on those developers with small budgets and limited staff and resources, this book is packed with tangible recommendations and techniques that you can put to use immediately. As a seasoned professional of the indie game arena, author Joel Dreskin gives you insight into practical, real-world experiences of marketing numerous successful games and also provides stories of the failures. View it here. An Architectural Approach to Level Design This is one of the first books to integrate architectural and spatial design theory with the field of level design. The book presents architectural techniques and theories for level designers to use in their own work. It connects architecture and level design in different ways that address the practical elements of how designers construct space and the experiential elements of how and why humans interact with this space. Throughout the text, readers learn skills for spatial layout, evoking emotion through gamespaces, and creating better levels through architectural theory. View it here. Learn more and download the ebook by clicking here. Did you know? GameDev.net and CRC Press also recently teamed up to bring GDNet+ Members up to a 20% discount on all CRC Press books. Learn more about this and other benefits here.
Sign in to follow this  
Followers 0
lerno

Game server DoS / DDoS mitigation strategies?

29 posts in this topic


A normal "flood" of too much traffic for your upstream bandwidth can be conducted by almost anyone with enough money. It is very difficult to defend against this using a "normal" unicast single-point-of-presence IPv4 routing scheme. This normally only affects "real money" games, i.e. gambling, who are heavily attacked for extorsion purposes. A flood attack doesn't even need to establish connections, they can just send random, spoofed-source TCP packets with otherwise valid port numbers, flags etc, so you can't block (all of) them with simple firewall rules upstream.

 

Mmmm yeah, I know of extortion attempts on several gaming sites and providers (casino and poker). For my service I'm not going to spend too much time on preventing DDoS, but obviously it needs to be able to survive a coordinated attack from a few computers (more of a DoS than DDoS scenario).

 

I hope to at least add fundamental countermeasures, creating a framework on which one could then build additional protection if it would be necessary at some time in the future.

0

Share this post


Link to post
Share on other sites

 


 I've dug deep into cryptography to design a protocol which I feel fairly confident in. Mostly because it's basically an implementation combining two well known protocols. Still, I know it's a risk.

 

No.

 

Don't do this.

 

Seriously, this is a bad idea.

 

Either use a well known cryptographic solution, which has been subject to peer review, or, if you are a cryptographer, and you see a need for a new approach, publish a paper on it, and if the paper holds up after a few years, then use it.

 

But rolling your own cryptography almost inevitably leads to a much much worse outcome than using something that has actually been subject to peer review.

1

Share this post


Link to post
Share on other sites


Seriously, this is a bad idea.
 
Either use a well known cryptographic solution, which has been subject to peer review, or, if you are a cryptographer, and you see a need for a new approach, publish a paper on it, and if the paper holds up after a few years, then use it.

 

I'm wondering if you read what you quoted?

 

In particular, the login server uses a SIGMA-R implementation and the game/lobby servers uses a Kerberos-type ticket retrieved from the login server. So, except for potential errors in the implementations of these protocols, the weakness of the scheme should simply be that of the two protocols mentioned.

 

(The modifications I've made are: a) the standard SIGMA-R described uses two-way authentication, I only need to authenticate the server b) the login on the TGS (my login server) isn't using symmetric keys as in Kerberos standard, since user authentication isn't necessary)

 

Of course, there is also the selection of encryption/authentication/signature primitives. And here I've tried to follow NIST recommendations as far as possible.

 

Naturally, I've tried to get as much feedback as possible on my particular selections and reductions.

 

So, is this wholly safe? - No, that would be foolish to believe.

 

Is it a worthwhile trade-off for the flexibility it allows me, compared to the possible loss when someone breaks the protocol? - Yes, I think so in my particular case.

0

Share this post


Link to post
Share on other sites
Wow, I'm away a few days, and this thread migrates from "DDoS prevention" to general hack prevention. Both are important, but they are very different :-)

To answer a question aimed at me:

What would I gain by filtering but my game port? Assuming I have a firewall closing everything else, what would they get by bombarding other ports, as opposed to simply the game port?


Many attack tools use amplification vectors such as DNS, VoIP, or media streams to flood the network. Those tools do not have the option of specifying the port to attack -- it'll be whatever port the amplifying vector uses.

If your upstream provider can know that, no, your servers will never make public DNS requests (because you run DNS over a VPN to somewhere else) and your servers will never take place in a VoIP or media stream, then the network link will never get saturated by that traffic.
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0