As John said, padding with zeros will be easier to mitigate (and less
resource intensive) for providers, and it solves the reflection.
Any word on the last bit of John's response regarding "abuse" of
BGP/Anycasting to reply to source engine queries from the closest
geographical location to the requester?
It's one thing for hosts to use edge locations to mitigate attacks,
allowing inbound filtering to be spread across multiple edge locations.
But people are taking it a step further and intentionally sending a
cached query response from those edge locations to benefit from players
thinking their server has the lowest latency in the server browser.
John! Good to hear from all old folks from years ago!
TL/DR: New proposal: the server requires /all/ 3 connectionless
packets from clients to be at least 1200 bytes.
I’ve gotten similar feedback from a few people now. The only reason
to consider allowing a smaller packet with a challenge is to give the
client a way to reduce the bandwidth sent when pinging a ton of
servers. But doing this would impair the ability to filter out these
packets further out, and it is also more complicated to implement. (I
wasn’t planning on changing the server browser in steamclient.dll to
do it, I was just going to do the simple thing of padding the
packet.) Given that it is 2020 The Year of Our Lord Gaben, probably
the extra bandwidth needed to ping a bunch of servers is just not
significant.
Regarding 1200: although this technically maybe not OK according to
RFCs from the mid 90’s, being larger than the absurdly small minimum
IPv4 MTU, I believe it is OK in practice in 2020 TYOOLG, especially
since the minimum MTU for IPv6 is 1280. In the SDR protocol used by
CSGO and Dota, clients always initiate their communication with a 1200
byte packet, and that has not caused any problems.
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/
