Search Unity

  1. The Unity Pro & Visual Studio Professional Bundle gives you the tools you need to develop faster & collaborate more efficiently. Learn more.
    Dismiss Notice
  2. Want more efficiency in your development work? Sign up to receive weekly tech and creative know-how from Unity experts.
    Dismiss Notice
  3. Participate with students all over the world and build projects to teach people. Join now!
    Dismiss Notice
  4. Build games and experiences that can load instantly and without install. Explore the Project Tiny Preview today!
    Dismiss Notice
  5. Improve your Unity skills with a certified instructor in a private, interactive classroom. Watch the overview now.
    Dismiss Notice
  6. Want to see the most recent patch releases? Take a peek at the patch release page.
    Dismiss Notice

Banning IP ranges from joining your server.

Discussion in 'Connected Games' started by kennethcarrington2018, Dec 8, 2018 at 4:14 PM.

  1. kennethcarrington2018

    kennethcarrington2018

    Joined:
    Apr 12, 2018
    Posts:
    88
    I am creating a server system and so far things are working very well. I have however been concerned about people trying to change their IPs so they can evade an IP ban system I am trying to create. I have thought about not only banning the user's IP, but banning their router so that any computer connected to it will be unable to join the server. How can I ban their router?
     
  2. jackt_unity

    jackt_unity

    Unity Technologies

    Joined:
    Oct 30, 2018
    Posts:
    8
    Hi Kenneth,

    Banning whole subnets might not be advisable in this situation, as you could ban other players who use the same ISP. One suggestion would be to have the client generate a UUID, or pull one from a service like Steam, and use this to ban players instead. One example of Unity games that do this is Rust, as it is hard to spoof this value.
     
  3. TwoTen

    TwoTen

    Joined:
    May 25, 2016
    Posts:
    1,011
    Authentication is the most common tactie to stop this. However, I have to disagree somewhat with @jackt_unity.
    Authentication for this purpose (ignore the data collection part), can be broken down to some form of work that is needed to prove you are different to someone else. An example can be email verification, steam account verification etc. Just generating a UUID locally is not helping. But collecting emails and passwords is not something one should do themselves, thus services like Playfab exists. But the best option is to use your distribution platform to make it as easy as possible for the user. A great example is Steam, their SDK can be used for authentication. More advanced techniques include device fingerprinting etc, but it's generally left as it requires a lot of development in comparison to the benefits it will give you. One form of identity that actually requires work is Teamspeak3's "Identity Security Level" concept. Really interesting that does computation to "strengthen" an identity.


    Here is a good place to start reading: https://en.wikipedia.org/wiki/Hashcash
     
    Last edited: Dec 9, 2018 at 12:34 PM