Multiplayer Network

Hello guys,

I’ve working on rts game and now i need add network support.

I’m using UDP Socket. I’ll have max 8~15 players per server instance and i’m doing this way to implement some security:

1- UDPClient connects to UDPServer, per session UDPServer creates one AESKEY and AESIV.
2- UDPClient sends packet requesting AESKEY and AESIV.
3- UDPServer sends packet containing AESKEY and AESIV to UDPClient.
4- UDPClient generates random string, encrypt it and sends packet to UDPServer. UDPServer decrypt and send a packet containing the decrypted string back to UDPClient.
5- UDPClient receives the packet and compare it with random string generated. If matches, the connection is OK and “SECURE” to transfer data.

  • All packets are sending with compression, to minimize network impact.

My problem is, how to identify UDP Flood (DDoS) on the server?

On my current test, i’m doing this way:

long NowTicks = DateTime.Now.Ticks,
        sub = NowTicks - session.LastPacketTime;
double TotalMiliseconds = TimeSpan.FromTicks(sub).TotalMilliseconds;

if (TotalMiliseconds < 100)

If the last packet (before actual), was send 0.1s before, i consider this packet as flood.
If the session reach 50+ flood packets, the server’ll not parse any more packets from the client.

I need to deny the packet from the client, and not stop parsing it. Anyone knows some way to do it on udp?

On the server i’m using System.Net.Sockets.UdpClient.
On the client i’m using System.Net.Sockets.Socket.

from a Networkers perspective, there is no way to acually block an UDP flooding on a single machine. UDP will arrive at your Network Card, no matter what the Software is doing. UDP floods intend to use more resources of your Hardware than you can provide. Usually UDP floods are blocked using specific Networking Hardware or multiple Servers. If you stop parsing the packets then you did everything you can do at your side of the Network Card. This will at least stop the flooding Player from participating and maybe loosing the fun doing it.

Well there is one Thing you can try, but it’s a hackers Thing: If the attacker is in the LAN, you can try to send spoofed ARP packets (OSI Layer 3!), telling the attacker your MAC would belong to another IP. then his packets will not reach your machine. This “Counter attack” worked a few years back, and in LAN only.

Sorry there is not more i can tell you.

Your answer was really helpfull. I had a little hope that it could be done ;-;

I’ll not use spoofed ARP packets… i’ll keeping not parsing “udp flooded” packets.

Thank you! My problem is solved! :smile: