Most active commenters

    ←back to thread

    We outsmarted CSGO cheaters with IdentityLogger

    (mobeigi.com)
    379 points mobeigi | 11 comments | 16 Oct 24 18:18 UTC | HN request time: 0.602s | source | bottom
    1. beeboobaa3 ◴[16 Oct 24 19:10 UTC] No.41862678[source]
    > If a player joins with a different Steam ID but with an IP address that is already banned, the system now re-bans them

    This works great until you realize you're punishing innocent players because of CGNAT and IP addresses getting rotated. Cheaters usually know how to get their router to request a new IP address. That IP address then gets assigned to someone else later.

    replies(4): >>41862691 #>>41862695 #>>41862730 #>>41862737 #
    2. therein ◴[16 Oct 24 19:11 UTC] No.41862691[source]
    Yeah, you would think they would rely on their secret cookie in that situation instead, to minimize false positives like that.
    3. cwmma ◴[16 Oct 24 19:12 UTC] No.41862695[source]
    They addressed this in the section entitled "Problematic cases of IP address fingerprinting"
    replies(2): >>41862846 #>>41863340 #
    4. Vvector ◴[16 Oct 24 19:15 UTC] No.41862730[source]
    That was addressed in the article.
    5. mobeigi ◴[16 Oct 24 19:15 UTC] No.41862737[source]
    This scenario definitely did pop up and we would review it on a case by case basis to unban users or make exceptions. However, it was quite rare. Only a handful of reported instances over several months. If our servers were more popular we definitely would have run into it a lot more.
    replies(2): >>41862773 #>>41863171 #
    6. Alupis ◴[16 Oct 24 19:18 UTC] No.41862773[source]
    I would wager most people just move onto a different server - leaving you with useless/suppressed data on how many people this may have impacted.
    7. onli ◴[16 Oct 24 19:25 UTC] No.41862846[source]
    No, not specifically. That section is still written under the misconception that IPs are bound to households, or static networks like university networks. Instead they can swap at the very least country wide (or rather, however the provider manages the IP addresses it controls). Their mental model is just not how the internet works.

    By using IP as the ban id they created a system that constantly and regularly banned completely innocent steam IDs, thinking they are somehow linked when a new steam id uses a banned IP, which is nonsense. They just did not notice because the banned gamers did not complain.

    replies(1): >>41862916 #
    8. Ekaros ◴[16 Oct 24 19:31 UTC] No.41862916{3}[source]
    Being from country with lot of IPs for operators. I did some packet sniffing on DHCP broadcast traffic seen by my router(ISP should filter that...) and I saw at least 3 non-continuous public IP blocks... And that was just day or less of monitoring this traffic...

    So if the same connection(plug in wall) can end up with IPs from different blocks, well, trying to do anything sensible with this is too complicated.

    9. LudwigNagasena ◴[16 Oct 24 19:56 UTC] No.41863171[source]
    You would need to ban random people and see how many of them report it to estimate the real amount of such errors.
    10. lagadu ◴[16 Oct 24 20:12 UTC] No.41863340[source]
    I always found it funny how ip bans seemed to be so popular despite being apparently completely ineffective until I realized this was mostly a US thing. In my country (2 of them that I've lived in, in fact) ISPs always assign the client a dynamic address from their very large pools every time I reconnect. This was as true back in the 28.8kb dial up days as it is in the 10gbit FTTH days we live in. Having a static IP address here has always been a service you have to pay for.

    I remember this being hilarious when idiots would ip ban me back on the IRC days: "oh no, I have to press the reconnect button!"

    replies(1): >>41865326 #
    11. BlueTemplar ◴[17 Oct 24 00:41 UTC] No.41865326{3}[source]
    Is it ? I'm not in the US and I've always had a fixed IP.

    Which seems to have been best practice for IPv4 and is still best practice with IPv6 :

    https://www.ripe.net/publications/docs/ripe-690/#5--end-user...