Menu
▾
▴
#508 Denial of service before MsgEnter
BZFS has a limited amount of file descriptors and slots (which seem to be assigned to players right away). It's very easy for an attacker to open up the approximately 200 TCP connections required to affect a denial of service (BZFS will hold it open until the client does MsgEnter). At that point, no one would be able to join.
This patch prevents duplicate IPs from waiting before doing MsgEnter. While an attacker could use a botnet, it raises the level of resources and skills to affect a denial of service. Other possible fixes include raising the file descriptor limit, which would be of limited value. Changing how slots work in BZFS would require extensive work, which means this is one of the most viable options.
This could, conceivably, be placed anywhere it would be ran often in the main server loop. I placed it here for strictly convenience as BZFS is a complicated beast which I have not yet fully grasped its style.
Please specify what impact this patch will have on -solo bots or players trying to join from the same IP, and also which codebase this patch is for and whether or not it is fixed in the other.
Thanks.