Fake player flooding

Home

A lesser known attack than HL-Boom, fake player flooding floods Half-Life with connections that emulate a valid client. As a result, all the free slots are taken and no one else can play. Half-Life guards against this with its auth server; to launch an attack you would have to have 32 valid CD keys, and eventually they'd be banned. The BAD news: No matter what the game, emulating the client to hog up a server's connection should be possible, and if the attacker has the coding knowledge, drive, and bandwidth to effectively make a remote bot, the only way to really prevent this is to have some sort of hard to obtain but easy to revoke unique identifier. Like a key. On a CD, or something. That costs money. The GOOD news: You can't launch this attack and spoof IP addresses (not unless you have some way to outsmart HL's random number generator). Banning an attacker's IP range effetively kills his ability to launch the attack. The workarounds: One way to prevent this attack is to reserve the name 'myname' (using adminmod or something similar) so that nobody using that name can connect to the server. While this won't work against anyone with basic coding knowledge, it will stop script kiddies in their tracks. Another technique is to use bots that automatically log off when a real user completes the connection process. If banning a whole country isn't an option, these might protect your server long enough to make the attacker lost interest.