18:44  * ChillerDragon slaps fstd around a bit with a large fishbot
18:45 < fstd> ChillerDragon: yes?
19:00 < fstd> ChillerDragon: how can i help you?
19:12 < ChillerDragon> all fine thnks m8
19:14 < bridge_> [teeworlds] <ChillerDragon> fstd: it was u ingame ?
19:18 < fstd> ChillerDragon: in what game?
19:19 < dupek> is it just me or all the servers are full>
19:19 < dupek> the client shows me that there are 4700 players
19:19 < fstd> it's a DoS
19:19 < dupek> oh
19:19 < dupek> ok
19:20 <@heinrich5991> https://github.com/teeworlds/teeworlds/issues/235
19:53 < rand> you may drop clients that do not get state ONLINE
19:53 < rand> (and stay as pending)
19:55 < rand> something like this https://ptpb.pw/KEd7
21:16 <@heinrich5991> rand: doesn't really help, now they need to send two packets
21:16 <@heinrich5991> eeeee ported the fix from ddnet to vanilla
21:20 < rand> naaah
21:23 <@heinrich5991> mh?
21:23 < rand> though, i can join my server while beeing spamming
21:24 <@heinrich5991> because the attacker doesn't send two packets currently
21:24 <@heinrich5991> but it's trivial to attack your server as well
21:25 < rand> ofc
21:25 <@heinrich5991> what we need is some kind of challenge-response, that the attacker cannot predict
21:25 <@heinrich5991> server sends some kind of magic number and the client needs to repeat it back
21:25 < rand> but, we can't with actual clients do we ?
21:26 <@heinrich5991> as said, eeeee produced a hacky patch that does that
21:27 <@heinrich5991> it uses the snapshot acknowledging of the client
21:27 <@heinrich5991> (ddnet has done that for ages)
21:32 < rand> and where is this patch ?
21:33 <@heinrich5991> https://github.com/eeeee/ddnet/commit/47e4d2e860f6659fa084c42e216cbee61c7d56e6
21:34 <@heinrich5991> it still has this problem though (the same as in ddnet): https://github.com/ddnet/ddnet/issues/500
21:36 < rand> thx