ID:132494
 
I know it's not a big problem atm, but shouldn't IPs be hidden when logging into a server/game?

I see too many pissed off players that get banned and try to get back at the server owners. I have been inactive for almost half a year and wasn't deep into coding so I didn't think much of it at first. Showing the IPs makes the hosts a very easy target and I think avoiding any kind of trickery (DDoS and whatever else someone may throw a bone at.) should be a big concern.

I'm not sure if this is in the right section, but I just thought I should bring this up.
Because you're directly connected to the server when you join a game, the IP address is already plenty visible, so this is moot. It's not really feasible to hide the IP address. DoS attacks can and should be reported to the ISPs of the attackers.

Lummox JR
In response to Lummox JR
Do you think anyone would try to flood a server with their own computer?

I'm sure there are some ways to at least it a little more difficult for someone to grab the servers ip.

(DDoS would most likely come from a botnet so that would make it even less likely that the person would be caught.)
In response to Lummox JR
In the mean time while you wait for the ISPs to do something (which can take awhile and I have no idea how you plan to retrieve their ISP...), your game is forced to be shutdown. A better alternative would just be a custom link for it, like "Thisismygame'scustomURL!" or something... I vaguely recall 3.5 or something being able to do that.
In response to Akushumi
Akushumi wrote:
I'm sure there are some ways to at least it a little more difficult for someone to grab the servers ip.

The problem you seem to have trouble understanding is the simple fact that your computer *has* to know the IP in order to communicate (similar to how you can't call somebody without their phone number). As there are utilities to show all network communication on your computer built in with every operating system that supports BYOND, it's kind of a moot point to suppress this data.
In response to Moonlight Memento
The lookup for ISP is usually a one or two google searches away, and ISPs take properly filed notice of breach of TOS very seriously.
In response to Schnitzelnagler
Can't remember the switches exactly for Windows, but bring up a command prompt and netstat -t I think. You'd want to close off other TCP using services and applications (IM clients, bit-torrent, browser, don't host something yourself etc) to reduce the noise, but it's there.

If you're into using botnets then a menial lookup such as this is not exactly tricky, as you can do it while still being banned, with the TCP state likely either TIME_WAIT or CLOSE_WAIT for a few seconds.

A quick google will of course provide a multitude of simple alternative mechansims for this lookup, also.
In response to Stephen001
Have you replied to the wrong person, or have you misunderstood what I intended to say, since I basically tried to point that out?
In response to Schnitzelnagler
It was building on your comment.
In response to Stephen001
You'd need some proof of it and giving an IP won't help them much when there could be several people using the same IP either by coincidence or by using proxies.
In response to Moonlight Memento
There won't be several end-points for the same unicast IP address, but yes, the address may be dynamic and thus passed between a number of households across a 24 hour period. Which is why a properly filed notice will contain appropriate information regarding duration and time of the disturbance, log-data of that disturbance etc. All information they must keep to meet their obligations with relevant police forces on child pornography, if your attacker is in the US (BYOND statistics suggest they would be). As for proxies, if the proxy is not on a specifically designed service for mitigating this responsibility, the proxy provider becomes liable for disconnection or penalty according to TOS.

Same goes that your ISP (should you be a business customer / on VPS hosting) can mitigate such attacks if properly notified of them also, should you find persuing with the offenders ISP in some way difficult or ineffectual.

If you're getting this on a home connection, there's usually a bit of debate about whether you've broken TOS by hosting a service on your connection in the first-place, as most TOS for home connections will have a clause for that. Wording becomes key, and the level of service they will provide to you to assist on a home connection will of course be at their discretion.

As your IP address and port involved in hosting are somewhat trivial to glean outside of BYOND, the point of what data BYOND displays or hides there does seem as Lummox and Schnitz notes, moot. Filed notices become your only practicable option regardless of how acceptable or viable you personally consider it.

BYOND doesn't onion route, or provide networking of least privilege by design, to do so would harm performance all round (and take a while to write).
In response to Stephen001
Have fun filing something against some random person's IP, taking the time to send it to the ISP, them having to receive it, them deciding to take action.

DDoSer still gets his way.
In response to Moonlight Memento
So what do you propose? This is not going to be a very constructive discussion if you're going to be like that. This is a forum remember, not a spitting contest.
In response to Moonlight Memento
Moonlight Memento wrote:
Have fun filing something against some random person's IP, taking the time to send it to the ISP, them having to receive it, them deciding to take action.

DDoSer still gets his way.

DoS and DDoS attacks are taken very seriously. I doubt in any case you're going to see DDoS attacks, because the typical angry idiot doesn't have access to a botnet--and frankly anyone who did would already know how to use netstat to get the IP even if steps were taken to try to obscure it further. (Mind you I'm not ruling that out; I do however think it's likely to be fruitless.) DoS attacks are much simpler to execute, but also simpler to report.

There are no easy solutions. This is the same Internet we all live with. We already mask the IP on one level and we could probably mask it a little more, but at the end of the day you're still connecting directly to the server and that's impossible to change. It's downright trivial to find out what IP addresses you're connected to; anyone who can use Google can find out this information in moments if they don't already know it. If you're railing against the difficulty of dealing with DoS and DDoS attacks, you're only preaching to the choir.

Lummox JR
In response to Stephen001
Stephen001 wrote:
So what do you propose? This is not going to be a very constructive discussion if you're going to be like that. This is a forum remember, not a spitting contest.

I'm sure that taking down a byond server wouldn't take that many bots and I know for a fact that you could pay someone to hit a byond server offline for small change if you find the right person. (Which wouldn't be hard.)

Reporting a couple hundred IPs or more won't be very ideal and I'm sure the person wouldn't get caught.

@The people who say that it's pointless to try and hide it...
The police try and stop crimes even though they still happen. Would you say that's pointless as well?

Just because it's still possible doesn't mean you can't make it a little harder.-
In response to Lummox JR
Why are we SHOWING the IP and port we're connecting to to the player though? Can we not just mask it as "Connecting to server..."?
In response to Moonlight Memento
To give other people the link to the server, and many other reasons that I can't think of right now.

On another note, shouldn't most firewalls protect against DoS attacks?
In response to Moonlight Memento
Because it's basic, useful information.
And as already pointed out numerous times, anyone that actually plans on attacking the server in any way will be able to easily find the IP address regardless of it being displayed in the client or not - rendering it simply counterproductive to not display it in the client.
In response to Kaioken
It isn't needed info. Again, in the old 3.51 I think? you were able to have the things be like:

byond://customlinkgoeshereinsteadofipandstillconnects

It was awesome, really.
In response to Moonlight Memento
You can still do that, StrayWoW.com:Port will connect you to any server hosted on my shell, because that address is registered there and translates into the IP
Page: 1 2