Flashpoint global blacklist

[RN Malboeuf 12]

the 1st ban list we ever really bothered with was back in the old radish and frag house and RN server dasys, there were not many other main stream servers, one admin on radish's banned me off of thier server for something i posted about ID changing (this was about two years ago) when the ban ID was shared between a few servers i found my ID was banned on all of them, with in minutes of contact the ID was removed from each server. we pretty much dropped the sharing of Bans past that point

the RN server has a list of the names of the players and the reason for the ban

we rotate them off as time goes by for a clean slate

but since I can alter my ID to any ID (one can asume many others can still do this even with 1.96) whats stopping me/them from using any ones ID to have then banned? (note this same post is what got me banned off of radish - the admin tolerated NOOOO cheting even for testing purposes)

[Certa 0]

The approach of IP is simple because it's generic for almost all multiplayer games. I'm not planning to write an OFP specific tool.

I have a dynamic IP myself but I cannot change it at will. Even efter an IP release and IP renew I get the same IP back and I think thats the case for most people.

My IP is bond to my cable modem or NIC's MAC address. The default behaviour of most DHCP servers are to return the same IP to the same MAC address if possible.

I do know some people can change IP at will. However, all people with the right tools can for some games change ID at will. The notorious cheaters and hackers are the people most likely to posses these tools. Some games doesn't even have ID's.

It's not a complete solution because there are not complete solutions at this date, unless we talk about massive online multiplayer games where people have to authenticate at a central server. However, 25% or 50% is better than nothing.

Draft of an IP block filter and IP blacklist network

[mads bahrt 0]

My rant isn't about the problems of missing someone - it's about the fact that you'll eventually hit someone innocent because they'll end up using a previously banned ip address.

[Certa 0]

I understand your concern.

There are billions of IP addresses and let's say there are a hundred addresses in the blacklist. Just for the sake of it, assume one large popular ISP got ten thousand IP's. The odds are still not that high of accidents.

However, more likely some cheater is behind a NAT router at a student home or internet café. He gets the public IP of that router banned perhaps locking out 1000 potential players.

But this is already the case for games like Quake3 (or anything based on that engine) where ban is based on IP.

In my draft I consider a maximum blacklist time of one month so that faulty IP's are flushed out. It's better to free than to convict. Added to that, a method of contacting the administrator could also help resolving accidents.

[benu 1]

So basically this concept is flawed inherently because we have a lot of very pathetic admins who shouldn't be in a position of responsibility to begin with?

Then make it work both ways. Report which servers have irresponsible admins that should be banned from being able to submit IDs.

I guess i would be one of the first admins reported as there seems to be at least one guy out there that is pissed about me. He entered my server admin contact email into at least a dozen mailing lists etc. I suspect who it is, but well... could also be any other player i banned from the server. But as i do not plan to use banned ids from other admins or submit mine the point is moot for me anyway...

IP-Ban: sorry, that is totally unusable. I just checked my logs, i never got the same ip in all the last month. So is everyone else here. I can get a new ip within approximately two seconds and will never get the same ip again (several b-nets with some 100.000 ips). So, i see no use in an ip ban and only disadvantages, as the next guy getting one of the banned ips is most probably someone else

[Certa 0]

ID's are weak and IP's do change.

The best solution I can come up with is based on ID's and must be integrated into the games from start. It's based on public/private key pair verification.

The game package comes with a code that equals a 64 or 128 bit randomized GUID.

One central server kept by the publisher or developer is needed. When setting up the game for online game play (registering), the GUID is verified against the database of generated ID's kept by the server. This only has to happen once.

The server will send back a private key signed copy of the same serial number that will work as the final ID against game servers.

The game server can then authenticate that the ID was signed by the publisher/developer private key using the public key built in to the game server.

Now, a public/private key system can have different encryption strength. The encryption has to be strong enough so that it's not likely it will be cracked during the expected life time of the game. In theory, this isn't so hard, just add enough bits to the key system and even CIA will have problems.

Something for OFP2?