On 5/10/2019 12:31 AM, Calvin J wrote:
And how has that worked out for them? Let's see
1. Implemented the requirement for servers to have a token which
linked to the owner's steam account.
2. They banned weapon skin addons.
And now the servers just shuffle tokens while running the skin addons.
Seems like Valve lost that one.
There was some success for awhile. But then, Valve seemed to stop
particularly caring.
I was saying that if they chose to care here, they could certainly do
something. There are options.
Let's not say someone is misusing terms when you stated yourself you
didn't look into what GFL were doing.
I am referring to the way that it is being used in these emails. I was
specific about the definition that I (and industry standards) disagree with.
Utilizing anycast you can have your endpoint completely unprotected,
but have traffic routed through a protected network. It doesn't have
to be just for filtering query attacks, they're already leveraging the
vultr anycast, why wouldn't they use vultr/choopa's mitigation as well?
There is not a conflict with other mitigation systems involved here.
What I was saying is that it isn't necessary for GFL or GMC to respond
at the network edge to spoofed Source queries; the response can be
effectively handled at the endpoint server machine, or close to it. If
the stated reason for them remotely proxying queries is DDoS mitigation,
then I do not see that as valid.
If Vultr/Choopa/Gameservers/whoever were doing this on their behalf as
part of a larger mitigation system, that might make more sense. But from
the materials, that is not what is happening.
Furthermore, if you actually feel that GFL are acting maliciously you
could always kick them off your network. If nothing else, it would
prove a point.
216.52.148.47:27015
216.52.143.162:27015
74.91.113.207:27015
74.91.119.54:27015
72.5.195.96:27015
64.74.97.182:27015
66.85.80.67:27015
Opinions that I expressed in my email included:
* Another person has indicated concerns about responses to proxied queries.
* Valve has some options available to stop this behavior.
* Advertising IP space from multiple PoPs is fine from an operational
perspective.
* Spoofed query attacks are not very common and not very large, so they
can be defended close to the endpoint and don't need to be remotely proxied.
* The term "anycast" is not being used correctly when it is being used
to mean "advertising a prefix from multiple places and forwarding
traffic to a single endpoint".
I have not yet judged whether the proxying-in-order-to-show-a-low-ping
behavior crosses an ethical line. If it does, it would have to be a
particularly serious one for me to consider terminating a client who is
not doing it through our network. There is no statement in our TOS/AUP
that would justify taking an action against a customer for something
they are doing at another host.
I don't think that it makes sense to make this about me, or you, or our
own companies. I believe that it is better to focus on the thread topic.
-John
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/
