Friday Facts #149 - Deep down in multiplayer
Posted: Fri Jul 29, 2016 10:50 pm
www.factorio.com
https://forums.factorio.com/
It's definitely still Friday here, at least.Zirr wrote:Interesting read. I love the technical Friday (saturday? ) Facts.
From what I read, I assumed that the slower player will just keep receiving packets, will never catch up and the player will be forced to click the disconnect button, mean while the players playing will continue playing and be blissfully unaware of the slow players problems.bk5115545 wrote:Probably the most interesting Friday Fact yet.
I especially like the flow charts.
Question: What will happen if the newly-connected client can't finish the "catch-up" phase;
Tick rate decrease or disconnect or something else (maybe even undecided)?
Thanks for clearing that up! Its something that annoy's me as well; its as if people have never heard of an apostrophe so they either leave it out or add one at random where they think its appropriate. The apostrophes property's are confusing but its easy to learn.self-same-spot wrote:I've kept my mouth shut the first twenty times this happened in the blog and changelogs, but I can't anymore. Sorry for pedantry:As the peer-to-peer network model is being removed, this is not needed anymore and every communication has it's own numbering,
I learned it that way, that everynonstickfrypan wrote:Thanks for clearing that up! Its something that annoy's me as well; its as if people have never heard of an apostrophe so they either leave it out or add one at random where they think its appropriate. The apostrophes property's are confusing but its easy to learn.self-same-spot wrote:I've kept my mouth shut the first twenty times this happened in the blog and changelogs, but I can't anymore. Sorry for pedantry:As the peer-to-peer network model is being removed, this is not needed anymore and every communication has it's own numbering,
Actually it was - according to the forum time stamp Kovarex's post was at 22:50 UTC on Friday 29th July.Ratzap wrote:Technically it wasn't on a Friday but we'll let you off.
The attacker can't respond as he fakes the victims IP or he would DDOS himself .Blubberbub wrote:So if the attacker knows the server ID, he/she can still run the same attack by sending 2 instead of 1 packet to the server? Or is the server ID random and different for every player?
Why would the attacker not be able to respond if he knows the response?Loewchen wrote:The attacker can't respond as he fakes the victims IP or he would DDOS himself .Blubberbub wrote:So if the attacker knows the server ID, he/she can still run the same attack by sending 2 instead of 1 packet to the server? Or is the server ID random and different for every player?
He would get one packet send to the victim for 1 packet sent by himself instead of 700 for 1.
If the attacker would connect himself he would get his own clientID but he would need the clientID of the victim which he can not get as it is sent to the victims IP.Blubberbub wrote:Why would the attacker not be able to respond if he knows the response?Loewchen wrote:The attacker can't respond as he fakes the victims IP or he would DDOS himself .Blubberbub wrote:So if the attacker knows the server ID, he/she can still run the same attack by sending 2 instead of 1 packet to the server? Or is the server ID random and different for every player?
He would get one packet send to the victim for 1 packet sent by himself instead of 700 for 1.
- Attacker connects to server by himself and figures out the server-id.
- Attacker sends first spoofed package with client-id
- Server sends first response to victim. Will probably be discarded.
- Attacker waits a little
- Attacker sends second spoofed package with client-id + server-id
- Server starts sending a lot of data to the victim
Loewchen wrote: If the attacker would connect itself he would get his own clientID but he would need the clientID of the victim which he can not get as it is sent to the victims IP.
The client id is randomly chosen by the attacker, so it does not add anything to the ddos prevention. The wording of "his unique random id" suggests, that the id is unique to the server. For the prevention to work the server id has to be different and unique for every client and not unique for every server. Maybe its just a wording issue. I hope it is.The client first generates (randomly) his id, and sends it to the server as part of the request. The server generates his unique random id as well, and sends it back to the client.
Indeed, that would make it necessary for the ServerID to be unique between the clients.Blubberbub wrote:The image suggests, that the client presents its client-id to the server.Loewchen wrote: If the attacker would connect itself he would get his own clientID but he would need the clientID of the victim which he can not get as it is sent to the victims IP.