07.05.2015, 18:14
My understanding of it is:
Since 0.3.7 players joining the server must first request a connection cookie, then confirm it to the server in order to take up a slot.
This prevents someone sending udp packets with fake ip's from filling the server (server full attack).
But the attacker could use a legitimate ip address to request the connection cookie first and then fill the server as above.
In this case we would be able to see the one "real" ip regularly requesting the connection cookie. We could also adjust how often the server changes the connection cookie (connseedtime) in order to narrow down the correct ip to ban.
Since 0.3.7 players joining the server must first request a connection cookie, then confirm it to the server in order to take up a slot.
This prevents someone sending udp packets with fake ip's from filling the server (server full attack).
But the attacker could use a legitimate ip address to request the connection cookie first and then fill the server as above.
In this case we would be able to see the one "real" ip regularly requesting the connection cookie. We could also adjust how often the server changes the connection cookie (connseedtime) in order to narrow down the correct ip to ban.