Unreal Engine 4.26 Documentation

Unreal Engine 4.27 Documentation

Unreal Engine 5.0 Documentation

Unreal Engine 5.1 Documentation

Unreal Engine 5.2 Documentation

Unreal Engine 5.3 Documentation

> Unreal Engine API Reference > Runtime > NetCore > Net > Core > Misc > FDDoSDetection > FDDoSDetection::FDDoSDetection

Light Theme

Dark Theme

FDDoSDetection::FDDoSDetection

Default constructor

Windows

MacOS

Linux

References

Module	NetCore
Header	/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h
Include	#include "Net/Core/Misc/DDoSDetection.h"
Source	/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp

Syntax

FDDoSDetection()

Remarks

Default constructor

DDoS Detection

DDoS (Distributed Denial of Service) attacks typically hinder game servers by flooding them with so many packets, that they are unable to process all of the packets without locking up and/or drowning out other players packets, causing players to time out or to suffer severe packet loss which hinders gameplay.

Typically these attacks use spoofed UDP packets, where the source IP is unverifiable, and so IP banning is usually not an effective or advisable means of blocking such attacks.

This DDoS detection focuses specifically on this situation, detecting/mitigating DDoS attacks based on spoofed UDP packets, which do not originate from an existing NetConnection. Flooding attacks coming from an existing NetConnection are a separate issue, as (due to the stateless handshake required before creating a NetConnection) the IP will be verified, and so such attacks should be dealt with through IP banning - this and other types of DoS attacks are not dealt with by this code.

Implementation:

DDoS attacks are detected by setting configurable thresholds for the number of packets per second, and milliseconds per frame spent processing packets, beyond which the DDoS detection will escalate to a higher severity state.

Each severity state has a different set of thresholds before it will escalate to the next state, and can also place a limit on the number of packets processed per second, and/or milliseconds spent processing.

The stronger the DDoS attack, the higher the severity state will escalate (based on the thresholds), and the stronger the limitations places on incoming packets will be, in order to try and maintain good server performance.

Limitations:

Heavy DDoS: While the code can withstand a heavy, locally hosted, multithreaded DDoS, past a certain point network hardware and bandwidth capacity will become a limit, and even with strong enough hardware, the OS kernel calls for receiving packets, will become a limit (for Linux, recvmmsg may be used to alleviate this later).

So this code just deals with as much of the DDoS as it can, at an application level - if you're getting hit with a bad enough DDoS, then you're going to have to look at measures at the network infrastructure level - for example, IP filtering at the edge of your network, communicating with the game server to only allow packets from existing NetConnection IP's.

Tuning thresholds per-Game: You will need to manually tune the packet thresholds specifically for your game, even for each different gametype within your game, and maybe even community server admins will need to retune, if hosting a server with mods etc..

Blocking new connections: If a DDoS is expensive enough, that you choose to drop non-NetConnection packets after a threshold (a wise move, for performance...), then new players will be blocked from entering the server. FDDoSDetection

Help shape the future of Unreal Engine documentation! Tell us how we're doing so we can serve you better.

Take our survey

Dismiss