MirrorNetworking / Mirror

#1 Open Source Unity Networking Library
https://mirror-networking.com
MIT License
5.19k stars 768 forks source link

maxconnections exploit maybe #2626

Open miwarnec opened 3 years ago

miwarnec commented 3 years ago

copy paste from discord:

"here's an exploit: connect maxConnection clients, send ping/pong (low performance cost) but not ready/addplayer. boom no new clients can join the server"

imerr commented 3 years ago

Good fix would be to not count unauthenticated connections towards the limit + timeout if you don't auth within x seconds - that at least raises the barrier a bit

miwarnec commented 1 year ago

Good fix would be to not count unauthenticated connections towards the limit + timeout if you don't auth within x seconds - that at least raises the barrier a bit

yes, that's what I do in Mirror 2 code as well.

3 different connections, with 3 different limits and timeouts.