Mirror icon indicating copy to clipboard operation
Mirror copied to clipboard
verified publisher icon MirrorNetworking

maxconnections exploit maybe

Open miwarnec opened this issue 4 years ago • 2 comments

copy paste from discord:

"here's an exploit: connect maxConnection clients, send ping/pong (low performance cost) but not ready/addplayer. boom no new clients can join the server"

miwarnec avatar Mar 11 '21 04:03 miwarnec

Good fix would be to not count unauthenticated connections towards the limit + timeout if you don't auth within x seconds - that at least raises the barrier a bit

imerr avatar Mar 11 '21 13:03 imerr

Good fix would be to not count unauthenticated connections towards the limit + timeout if you don't auth within x seconds - that at least raises the barrier a bit

yes, that's what I do in Mirror 2 code as well.

  • connecting
  • lobby
  • world

3 different connections, with 3 different limits and timeouts.

miwarnec avatar Jan 29 '23 04:01 miwarnec