|*KoG*| King of Gores - general

Last evening i played AipGores on a kog server, now this happened

2

11:52

can anyone help me? @Moderator

@fel

9

?

stop cheat

1

wtf

11:56

are you serious

chill I'll unban u

ok thx

11:57

can you tell me how did this happened

You're unbanned

11:58

You were in his IP banrange

11:58

thats why

oh lol

11:58

so someone in my near was cheating?

kinda

11:59

but this ban was outdated

ah ok

11:59

so

11:59

thx have a nice day

np you too

uhm

12:01

im not that unbanned

12:02

is it on aip gores?

yes

GG @zook, you just advanced to level 1 !

12:03

this one

try again

ok thx

12:05

im in

12:05

have a nice day

Xin

Click to see attachment 🖼️

bad q, you got ddn client version?

zook

Last evening i played AipGores on a kog server, now this happened

poggers legendre cheater POG

Kingston

bad q, you got ddn client version?

no idea what you mean but take this nobo version if you want

12:52

there isnt anyway to have a bot or smth against ddos?

tldr its too expensive to fully block

or develop a way to identify all clients using public/private keys

Nicky Larson

or develop a way to identify all clients using public/private keys

xddddddd this would be killing our servers too

no?

ddos happends hourly

When clients logins you just have a way to authenticate them im not talking about encrypting all paquets

Lets assume that we use 2048bit keys, now a server pre-generates a ton of them & spams a server with this keys

13:27

welcome to traffic hell

bro

13:27

Your servers

13:27

are dying

13:27

because of ddos

13:27

and you dont welcome solutions ?

13:28

every day

13:28

all your players are complaining

Before posting such solutions, please keep in mind that its not possible in teeworlds

every 30 minutes

Okay

13:28

And what shall we do?

It's possible what the hell are you saying even

13:28

You're not even thinking about it

13:28

you're just denying like

BECAUSE its not POSSIBLE

Did you even looked into it

DDNet is just a modification of teeworlds

now on my server you cant even move

13:28

bcz lags

Teeworlds protocol itself cant be touched by any community member

You would modify both client and sv, we dont care about older clients

....

13:29

‍♂️

13:29

You cant drop old clients

KoG is a huge community

13:29

if it's the price to pay to play in peace

13:29

I would rather have that

It is not

13:29

Even if we would use public/private keys, our servers are still under attack

And i'm sure there is a way to support older clients, it should be LOOKED into

13:29

considered

It does NOT fix a NETWORKING issue

1

Post it on DDNet Github as Issue

We already talked about it

13:30

And you said it was possible

13:30

what's wrong with you even

Its not possible

13:30

it wouldnt solve the problem of ddosing

13:30

it would solve the problem of accounts

It would, the more request you get

13:31

you just ask for a proof of work

Then go for it

see

13:31

now you're not saying it's not possible anymore

13:31

you just don't care about your servers

Go for it

and you don't want to find a solution

Show us the proof of concept

1

13:32

https://www.akamai.com/uk/en/resources/denial-of-service-attacks-dos.jsp

13:32

https://www.cloudflare.com/de-de/learning/ddos/glossary/user-datagram-protocol-udp/

I never work on the codebase so it would take a lot of time, but it wouldn't take so long for someone familiar with it, It's stupid to even talk about implementation

13:32

it should be fucking discussed at this point

13:32

you don't want to discuss a solution to fix your servers

13:32

why are you even admin?

Nope

13:33

Its useless to discuss with you about a topic which does not fix a networking problem

You can't fix the networking problem, so you find an alternative

You cant solve networking issues with certificates

You think tw is the only game in the world with ddos issues ?

Oh goooood pleaseeee

13:33

Send brain

13:34

No, but other big games do have MONEY

13:34

DDoS Protections are expensive as hell

13:34

Go ask cloudflare

13:34

as Riot games

13:34

ask epic games

13:34

ask blizzard

13:34

All of them do have networking engineers & protocols & filters & techops

You're a waste of time

there is not a way to find who is ddosing?

2

No its not

http://ithare.com/udp-for-games-security-encryption-and-ddos-protection/

"No Bugs" Hare

UDP for games – security (encryption and DDoS protection) - IT Hare...

Quote:"Yes, you DO need to encrypt your UDP traffic. And no, using UDP is NOT a valid excuse to skip encryption"Another Quote:"Personally, I prefer to think of it as of insurance - when I'm paying my premiums in hope that my money will go to waste."[→]

13:35

Read this

13:35

Then maybe your opinion will change

13:35

I read it last time

13:35

And I don't see why it couldn't be applied to tw

Encryptions add compute power

13:35

compute power has to be paid

13:36

DoS attacks are attacking your compute power by sending requests to your server

13:36

the server has to decrypt the packages -> high cpu usage -> crash the server

13:36

encryption adds overhead

13:36

encryption DOES NOT solve the problem of dos attacks

@crack das war ich nicht

2

@Nicky Larson

When speaking about security, it is always about various attacks. For (properly) encrypted connections, dealing with attacks after connection is established, is usually not too difficult - http://ithare.com/udp-for-games-security-encryption-and-ddos-protection/

To bad that UDP is connless

13:38

https://www.akamai.com/uk/en/resources/denial-of-service-attacks-dos.jsp https://www.cloudflare.com/de-de/learning/ddos/glossary/user-datagram-protocol-udp/

13:38

Please read them

Avolicious good parameters

We're working against dosing our servers, upgrade your clients to 15.5 so your ip wont get leaked to honeypot servers

13:39

But without the help of companies who provides firewalls for us, we cant do a lot

13:39

Most of our servers are very good for teeworlds purpose, but during an attack cpu raises & networking cards gets flooded

13:40

Even implementing public/private keys or any sort of encryption does not solve this problem as encryption has to be computed. ( This would also add a lot more effort for firewalls to compute them )

13:41

Public/private keys are a good way to impement accounts but keep the data at players hands ( atleast this is my opinion )

I read everything (and my link again), by connection they probably meant encrypted packets. In the link I sent you it is said that encryption is only expensive if you use asymetric crypto, and that would only be needed when establishing the connection. The following paquets could use symetric crypto which is far less expensive. The proof of work is super interesting because it forces new connections (= new udp paquets which are not encrypted yet) to spend time solving a challenge (client side) that requires cpu resources. As the load increases during DDOS, you can dynamically ask for a more complicated challenge. Of course this means legitimate clients/requests would also have to solve this challenge before joining a server which is being ddosed but this isn't so bad if you have to wait a few more seconds

Avolicious

We're working against dosing our servers, upgrade your clients to 15.5 so your ip wont get leaked to honeypot servers

That's great, and I'll make sure I have an up to date version, but will this solve ddos issues that we have currently?

In the link I sent you it is said that encryption is only expensive if you use asymetric crypto, and that would only be needed when establishing the connection. The following paquets could use symetric crypto which is far less expensive.

Encryption/Decryption is CPU intensive, because you have to encrypt/decrypt each package.

The proof of work is super interesting because it forces new connections (= new udp paquets which are not encrypted yet) to spend time solving a challenge (client side) that requires cpu resources.

You have to verify the challenge & its reverseable as the protocol is open source.

As the load increases during DDOS, you can dynamically ask for a more complicated challenge.

And who is gonna implementing that stuff in DDNet/Teeworlds clients? dynamic sounds easy doenst it? Well it isnt.

Of course this means legitimate clients/requests would also have to solve this challenge before joining a server which is being ddosed but this isn't so bad if you have to wait a few more seconds

The server itself checks if the request is valid. So adding an encryption layer would need more compute power

Nicky Larson

That's great, and I'll make sure I have an up to date version, but will this solve ddos issues that we have currently?

It is just helping a bit by not exposing your client ip to honeypot servers. So attackers can spoof ip addresses & attack our servers, because the client does not ping all servers

You have to verify the challenge & its reverseable as the protocol is open source.

14:21

Of course not

Yes it is

This would be too easy otherwise

14:22

Did you read my link ?

It is pretty easy

14:22

Thats why dos ampflication currently works

14:22

If the protocol wouldnt be open source, it would be harder to understand

14:22

would take more time to reverse engineer the protocol

14:22

right now oyu can open github & check how the protocol works

>And who is gonna implementing that stuff in DDNet/Teeworlds clients? dynamic sounds easy doenst it? Well it isnt. I don't know and I never said it was easy but it would be a viable solution which is, well nice

Okay, before we go into detail. You have to consider that everything that will/has be done for teeworlds made by volunteers. No one is payed.

14:24

So adding such complicated types challenges is not done easily & very time/test consuming

14:24

In addition you have to add fallback support for older clients

14:24

In addition you have to update all teeworlds mods to accept this type of protocol feature

Avolicious

It is pretty easy

https://en.wikipedia.org/wiki/Proof_of_work This is used in plenty of use cases, it doesn't make any sense to say "it can be easily broken"

Proof of work

Proof of work (PoW) is a form of cryptographic zero-knowledge proof in which one party (the prover) proves to others (the verifiers) that a certain amount of a specific computational effort has been expended. Verifiers can subsequently confirm this expenditure with minimal effort on their part. The concept was invented by Cynthia Dwork and Mon...

This is a Proof-of-Work

14:24

or the description about it

14:24

Proof-of-works can be done for everything

14:25

You can proof-of-work that a banana is green and will get yellow after some days

how old are you

https://de.wikipedia.org/wiki/Proof_of_Concept

Proof of Concept

Im Projektmanagement ist ein Proof of Concept (PoC) ein Meilenstein, an dem die prinzipielle Durchführbarkeit eines Vorhabens belegt ist. Vielfach ist der positive oder negative Machbarkeitsnachweis das Ergebnis einer Machbarkeitsstudie. In der Regel ist mit dem Proof of Concept meist die Entwicklung eines Prototyps verbunden, der die benötigte ...

14:25

https://en.wikipedia.org/wiki/Proof_of_concept#:~:text=Proof%20of%20concept%20(PoC)%2C,or%20theory%20has%20practical%20potential.

Proof of concept

Proof of concept (PoC), also known as proof of principle, is a realization of a certain method or idea in order to demonstrate its feasibility, or a demonstration in principle with the aim of verifying that some concept or theory has practical potential. A proof of concept is usually small and may or may not be complete. These collaborative tria...

14:25

my bad

14:25

second one

Proof of work is not something you can "lookup the source code and reverse engineer"

14:26

The server has a secret key

14:26

you need this key

14:26

to have the answer of the work

14:27

you can't guess it

Proof of work at scale requires huge amounts of energy, which only increases as more miners join the network.

14:27

If you would use such feature in cryptocurrencies

14:28

Keep in mind that our servers arent running on bare-metal hyperexpensive I9-19900XE with 5 Ghz

Yes

Go and post it on DDNet Github

14:29

Or even on teeworlds github itself

Anyway you're attitude is depicable, everything I say you shut it down without making any research

GG @Nicky Larson, you just advanced to level 7 !

https://github.com/teeworlds/teeworlds/issues

All your answers are full of negativity

No they're not, but I know that this is very time consuming & its a client-server side feature ( we are obv. just hosting the server-side ). In addition it wouldnt solve our ddos probem

You could think of something like during ddos older clients cant join (because they cant do this proof of work)

But if you think you could solve this issue with such techniques, please go forwards & post them on ddnet (https://github.com/ddnet/ddnet/issues) or teeworlds (https://github.com/teeworlds/teeworlds/issues)

Otherwise anyone can join

14:30

There are solutions for sure... with compromises sure

^

14:31

Move your discussion in those repositories

I'll take a look

14:32

And yes it would solve your ddos issue

14:32

Mitigate it

14:32

= solve it

One more time, it would NOT solve our current ddos issue. You dont understand how networking works, right?

14:34

Even if you would use any sort of filter (like iptables, xdp or somethign similar) you have to drop such packets on the server our server is running on.

14:34

Our servers are at 100% peak CPU if a ddos hit our servers

14:34

If you would add encryption it would be even more heavier to decrypt them & then filter them

14:35

Right now we're able to look into packages directly & can filter some out

You didnt read my link did you

14:36

And still dont get proof of work

Are you even reading my texts?

14:37

Please check how packets are being sent

They are at 100% peak

Its annoying to write the same text over and over again

because the server is reading whats inside

14:37

and trying to interpret it

14:38

and do something with it

‍♂️

14:38

No

14:38

Right now we're able to look into packages directly & can filter some out

14:38

If you would add encryption it would be even more heavier to decrypt them & then filter them

14:38

Even if you would use any sort of filter (like iptables, xdp or somethign similar) you have to drop such packets on the server our server is running on.

Yes, you're reading whats inside

14:38

this is what i just said ?

Yes, but the client is asking the server what challenge he should solve, right?

I said connection requests are not encrypted

There we go again

14:39

Okay, gonna stop this discussion at this point. Please move your discussion to ddnet's developer discord or in any of those github repositories

Yes he is asking, with an extremely simple format

as said in the link, that you did not read

14:39

because you're a dumbass