←back to thread

We outsmarted CSGO cheaters with IdentityLogger

(mobeigi.com)
379 points mobeigi | 3 comments | 16 Oct 24 18:18 UTC | HN request time: 0.197s | source
Show context
snarfy ◴[16 Oct 24 19:21 UTC] No.41862807[source]
For UT2004, you can ban by player GUID (a hash of the CD key) or IP. With the game abandoned by Epic, a number of key generators have cropped up, which makes GUID bans useless. IP bans only go so far with VPNs costing $2 these days.

The main solutions we have today are IP ban + VPN blocking using a database of known VPN subnets and adding them all to the firewall, and a similar fingerprinting technique which scans their folder structure of certain system folders.

replies(12): >>41862963 #>>41863123 #>>41863371 #>>41864302 #>>41864313 #>>41864340 #>>41864577 #>>41865500 #>>41865762 #>>41866999 #>>41867262 #>>41885146 #
1. gosub100 ◴[16 Oct 24 20:14 UTC] No.41863371[source]
Just curious if IP bans work with IPv6 or if they are fundamentally incompatible?
replies(2): >>41863837 #>>41866966 #
2. ghxst ◴[16 Oct 24 21:02 UTC] No.41863837[source]
IP bans are fundementally flawed since you can't assume a static IP in the vast majority of cases anymore, if you rely on an IP blocklist then it's inevitable that you will end up hurting the experience of small amount of unlucky but innocent players. I suppose this might be more of an issue on ipv4 than it could be on ipv6, but really you should always expire IP bans to avoid issues like these, or you want to combine another data point with the IP such as a hardware ID (or a hash of a combination of hardware IDs). Cheaters do know this so even if we could assign everyone a static ipv6 they would likely just disable ipv6 support on their NIC and rely on their ipv4 exit ip.

Edit: If you don't think this is an issue I urge you to Google "pokemon go belgium ip ban" for a fun rabbit hole.

3. toast0 ◴[17 Oct 24 06:32 UTC] No.41866966[source]
Sort of. Doesn't make sense to ban a single v6, you'd start by banning at the /64 level and move on to banning shorter prefixes from there.

You quickly run into the same kinds of problems you do in v4 though; most users have access to a shared pool of addresses, and you may need to ban the whole pool to ban an abuser, but then you also ban everyone else in that pool, and the abuser is more likely to have ability and motivation to use other pools.

It's better if you have multiple factors... if you don't like the IP, don't ban it, but be stricter on other measures, etc. So a well behaved client from a 'bad ip' can still play, but enough suspicious things and you can't play anymore.