Seems to me if we aren't all connected to a game server and there is a P2P model in place, that you could sniff the I.P of people on your island ? Could lead to shenanigans...If so is this not a massive security flaw in ED ? 
Is P2P gaming a security issue ?
- Thread starter Dr Zachary Smith
- Start date
in short: interwebs = no safe and there a varying dregees of not safe that are not in the control of FDEV, your ISP or yourself for that matter.
played central server system for years with rampant hax, scamming, doxing and all that... so in all it doesn't matter and it is not a massive security flaw.
played central server system for years with rampant hax, scamming, doxing and all that... so in all it doesn't matter and it is not a massive security flaw.
Absolutely unsafe. Things people will do:
- spawn friendly NPCs
- spawn so many items the game crashes
- refuse to register damage to their ship
- modify rate of fire or nature of projectiles
- cause lag to make themselves hard to hit
- cause lad to maker hard for opponents to avoid them or escape them
- cause lag so crimes do not register
- launch other types of attacks directed at the ip addresses of their peers
- etc.
P2P is a hideous idea.
- spawn friendly NPCs
- spawn so many items the game crashes
- refuse to register damage to their ship
- modify rate of fire or nature of projectiles
- cause lag to make themselves hard to hit
- cause lad to maker hard for opponents to avoid them or escape them
- cause lag so crimes do not register
- launch other types of attacks directed at the ip addresses of their peers
- etc.
P2P is a hideous idea.
Every website you connect to knows your IP unless you are using TOR. We are connected to a game server for the matchmaking element. I am sure that your concerns have been considered.
What exact "shenanigans" are you referring to? Knowing someone's IP does not count for a lot if they are using a router with a hardware firewall and Windows with a software firewall and an antivirus program.
The server will have the final say on game objects and assets so I am sure that cheating can be detected.
What exact "shenanigans" are you referring to? Knowing someone's IP does not count for a lot if they are using a router with a hardware firewall and Windows with a software firewall and an antivirus program.
The server will have the final say on game objects and assets so I am sure that cheating can be detected.
Last edited:
You can easily DOS someone if you hav their ip, freeze them in place for a few seconds and you get a free kill. That is the easiest scenario, I think I could write a python script that does this reliably and automatically with hot key activation in less than an hour. (COULD, not would... I'm a white hat)
If you DOS the server (the only ip known to you in C2S), first the game freezes for everyone (so you can only use it defensively in the first place), and then Frontier can ban you based on server logs.
If you DOS the server (the only ip known to you in C2S), first the game freezes for everyone (so you can only use it defensively in the first place), and then Frontier can ban you based on server logs.
Last edited:
well just of the top of my head you could be dos by another player or just port scanned for vulnerabilities... imho i.p's should remain as private as possible in a game and your opponents i.p should not be sniffable it's bound to end in tears imho
ninjad by tygrrrrrr
Do you mean DDOS?
DDOS a single person will not only freeze them in place but will also freeze you as well as the connections are interconnected. You would have trouble launching a DDOS attack on an entity using only a single machine. DDOS attacks normally require the use of many machines.
Nah, he meant bring up an MS-Dos prompt to ping the IP address really fast. It's what all the script kid "white hats" do on the interwebs
well just of the top of my head you could be dos by another player or just port scanned for vulnerabilities... imho i.p's should remain as private as possible in a game and your opponents i.p should not be sniffable it's bound to end in tears imho
ninjad by tygrrrrrr
We have no idea how the P2P portion is set up. For all we know they could be using some form of anonymous P2P. Speculating and worrying people is not really helpful.
No, just DOS. No need for multiple machines... I have a 100 megabit pipe (not that uncommon these days) and I could freeze most lower bandwidth connections alone by flooding them and have ample bandwidth to keep playing.
Also, you can make the game crash, also a type of denial of service, by sending broken packets or packets that make the game pause and wait for data that never comes. Since the connections are Peer to peer, it is easy to forge and inject packets.
Also, you can make the game crash, also a type of denial of service, by sending broken packets or packets that make the game pause and wait for data that never comes. Since the connections are Peer to peer, it is easy to forge and inject packets.
Last edited:
some people have more than one machine, I think the idea is that you dos the person when your not using your connection or you find a nearby unsecured wireless and do it from there of a laptop or sumsuch, I mean we don't need to go into the nitty gritty lets just say like crossing the streams in ghost busters, that random people you may have upset having your i.p probably isn't a good thing
Last edited:
No, I have seen it connect to IPs all over the world.... It is not anonymous (how could it be). A potential griefer also would only target one or all other players anyway, so no real need to identify who they are connected to, but that should be easy to do by inspecting the packets nonetheless.
They can encrypt the packets but the bottom line is if you are connected p2p to someone there are tools freely available to see all connected computers
actually you can do it with a dosbox i think it's netstat command
Last edited:
Nah, he meant bring up an MS-Dos prompt to ping the IP address really fast. It's what all the script kid "white hats" do on the interwebs
Most modern routers can be configured to provide protection against this kind of attack. Also the attack will be logged in your router with the origin IP which will give them away when reported to FD as they will be connected to the game with that IP.
Actually, you should.
That's why we are here helping to test the game.
So do it and then report back.
VPN, internet cafe, neighbours unsecured wireless...
They can encrypt the packets but the bottom line is if you are connected p2p to someone there are tools freely available to see all connected computers
That is not the way that anonymous P2P works. It involves far more than packet encryption.
It is also possible that they could change IP addresses for some other kind of unique identifier. Your IP address will be seen only by the server but not by any other client.
That's a bit grey hat then and I would only do this with consenting individuals. And FD's consent.
The the others, DoS is denial of service, and DDoS is distributed denial of service, the goal is the same - to make the other persons machine not get the results they need to use or enjoy the game, the distributed part means you just utilize many machines across the world to flood another machine that has too fast a connection for yourself to flood, and you have no exploit that would allow you to cause denial of service by sending broken data instead.
Non-distributed DoS is what is possible with most Peer to Peer games. Even if you just introduce random "my position is xyz" packets to cause rubber banding and make yourself hard to hit, that is a type of DoS. (And also a cheat).
A server would instead receive directional data and tell you and all other players in the instance where you are. If the sanity checks are sufficiently well programmed, you have only very little rubber banding and can identify cheaters by sending certain types of invalid packets.
In P2P, the onus of these checks would be with each player, and since they are all equal peers, another attack would be to claim the other player was cheating, and to correct their position on your side. Soooo many scenarios of attack...
Last edited:
The only way they could hide your i.p would be to use a proxy between the players, which would cost money and bandwidth and I guess it would no longer be P2P then, the clue is after all in the name Peer to Peer, there is no getting round it at all I'm afraid if you connect to someone, they can see you if they know how.
There are security issues on dedicated server as well... using the internet is a security risk
For better or worse FDEV has chose peer-2-peer.
It's not going to change, they made it clear this is what they planned from the beginning.
If you would like to donate 5m£ they would likely consider creating an entire new net architecture for the game just for you. but face it... this is already past-tense. It's not going to change before the game comes out and the entire code base is written for peer-2-peer.
So no matter what "YOU" want at this point relating to this... it ain't gonna happen. That ship sailed loooong ago.
For better or worse FDEV has chose peer-2-peer.
It's not going to change, they made it clear this is what they planned from the beginning.
If you would like to donate 5m£ they would likely consider creating an entire new net architecture for the game just for you. but face it... this is already past-tense. It's not going to change before the game comes out and the entire code base is written for peer-2-peer.
So no matter what "YOU" want at this point relating to this... it ain't gonna happen. That ship sailed loooong ago.