Hearthstone IP DDoS

Hey, I was wondering…

I don’t know how many of you have played Hearthstone, but tl’dr online card game.

The game suffers from constant disconnects - for me it disconnects me from my router : /.
Anyway some people are complaining that when they are winning a ranked match they are getting disconnected - and are accusing the other player of disconnecting them.

In hearthstone you have a connection to the hearthstone game servers, but also a connection to the opponent that is used to send emotes and show you mousing over stuff and what not. Since you have a connection to the other player not via the game servers, could you not get their IP from this and then DDoS them?

I ask purely because the tech support stated factually no one can cause you to disconnect and I thought this would be possible?

Yes, you have your opponent’s IP if it works as you describe.

But setting up connections between two clients usually leads to problems since many people are on a private network using NAT behind a firewall.

1 Like

If you are getting DDOSSed then I recommend either disabling the peer to peer connections or using a proxy (ie. a VPN) with DDOS protection.

There are ways around that (link, link).

This is how it works. I have this connection that is brilliantly stable - unless I play this game. I don’t think I could disable the peer to peer…? Anyway I was more interested in just knowing if it’s possible so I can argue with support rather than actually solving it.

Usually, if it’s not clearly written that the game require it, those systems have some sort of fallback when the p2p connection is not possible (since as said above, even if there are ways to open a connection even if people are behind NATs those are not 100% valid solutions, but workarounds that could still lead to problems with some routers/configurations) , so if you manage to deny it, the game could route your p2p traffic through another server to allow you to play.
I don’t know how you could archive this… maybe you could try to deny all the udp traffic through the ports used by this game for the p2p connection, admitting that they are always the same or inside a known range…

But this is only speculation, the game could just keep you from playing if your system blocks p2p.

In any case, as @john01dav has suggested, with a vpn you should be okay.

Would you say its true though that people could abuse this system to DDoS? I’ve been told its entirely impossible.

It’s not an easy question.
If there is a direct connection between two peers (and in some kinds of attack, even if there is none), they can attack each other.
And this is a sure thing, but the key point is: what do you mean with abuse this system to DDoS.
Layer? Which system? What kind of attack?

The answer is neither yes or no.
What i would suggest is, instead of arguing with the support about what kinds of attack are possible or not on their game, you could monitor the incoming traffic and see if you receive any attack while playing. And then if you are 100% sure it’s their fault, contact the support with the logs.

Also take in account that most probably it’s not their system that is wrong, because have a game that uses p2p is totally acceptable. The problem here is the way internet works, that has some inevitable flaws.
I don’t know how this specific game works but even if what you said is 100% accurate , if they don’t give your ip to everyone (as skype did in the past) but only to people which you want to play with, you can’t blame them of anything.

Yeah I’m definitely not blaming them for this (imo they have some other unforgivable issues with their connection stuff which I very much enjoy arguing with them about) I’m just trying to argue that it is actually possible. There 100% is a connection between the players, the diagram has been posted by blizzard employees to explain why a separate bug was occurring. I’m not even suggesting they do anything about it if DDoS attacks are even happening (thought I dont think the player to player connection is necessary in this game) - I’m just annoyed that they flat out deny its at all possible.

Tbh I know nothing about ddos, so I don’t really know layer/system/kind of attack.

reading the title of this topic, i had the hope for a very brief moment that heartstone was made with jmonkeyengine.

Now i am sad :cry:

1 Like

I guess you have to seperate out “Leaking IP” vs DDoS.

In short: DDoS is when thousands to millions of computers are flooding your machine with requests, messages, whatever. This is regardless of the game you play.
The thing is, DDoS is expensive, and as such appart from “the fun when your connection drops”, I don’t see a reason why somebody would risk that effort just to annoy you.

Other than that: Ofcourse, when they know your IP they could DDoS you (which they couldn’t without). However as I said it’s pretty unrealistic that someone does that.

Maybe your issue is something different? Try to monitor your traffic to see what actually happens (Thousands of Incoming Connections with a SYN state?)

I’ve never really thought about it, its actually others complaining that they are being attacked. It seems to be happening a lot in “Arena” mode, in which wins can result in pretty big rewards card wise (otherwise you gotta pay for them).

Anyway thanks for the replies, think I have what I wanted.

It really isn’t. Considering that the majority of home connections are not DDoS protected, then a low amount of DDoS traffic can easily take down the majority of home connections. A $5 booter (usually rented by the hour) could easily do it.

Use a tool to look at outbound traffic and tell you the IPs that the traffic is going to, and then check if the IP doesn’t lead to one of the game servers (basically, look up the IP on google), and viola - You have the IP of the opponent you’re playing against.

As I mentioned earlier, booters are cheap - So yes, it would be very possible that people are DDoSing their opponents.

As @john01dav (Hi john, btw!) said, the best way is to use a DDoS protected VPN, so that even if they do DDoS you, you won’t be disconnected.

Of course, this is all presuming that the other person is sending a DDoS attack - It is of course possible that the servers are just buggy and disconnecting players randomly for no reason. I’ve seen it before on other games.

I’ve never played the game… I assume it’s turn based?

…somewhat odd to maintain permanent connections in that case, then.

This isn’t quite true:

Additionally, I once implemented a Swing clone of Settlers of Catan and I had it use permanent connections to a master server when then proxied requests to other players. This allowed for very neat and clean code that didn’t need to worry about keeping it’s own sessions (just create a Player object that has a Socket member + a thread or two for networking).

Yeah it’s turn based, there is no chat feature though, the connections exists purely to show them mousing over their cards and spamming “Well Played” emotes. I’m not a professional programmer, I learned from the internet and a book - pretty much everything I know is game related.

Having said that it just blows my mind. This game is HUGE with insane revenue, and there must be some pretty experienced devs since they made WoW. Depsite this, the game still has one of the most infuriating bugs of all - you get disconnected from the game server, but not your opponent, and as a result the “You’ve been disconnected” message never shows up. So you sit there watching your opponent mouse over his cards thinking it’s his turn when in reality it’s your turn and you’ve probably already been handed an automatic loss.

Just a side note/rant, nothing to do with topic. Like I said maybe this is totally understandable to someone in the industry perhaps I am wrong but how does shit like this happen, it’s been in the game for at least 2 years now.

Well, the rest of the thread has implied that there is also a persistent connection to the server during the game and that if it drops then you lose the game.

A request/response type of setup (even using HTTP) seems like it would have been more scalable and avoid this issue. Presuming the game is turn based.

I think sometimes even experienced devs go with what they know and if they’d been doing real time networking before then they probably just continued using those same tools. Still, I see a lot of games that are similar that are using web requests under the hood. I know this because occasionally I see javascript errors popup when their servers are going south. (Looking at you Gems of War)

1 Like

Yeah, a nice little token based REST interface. Make a call to the server to start a new game, get a token back, server can then keep track of moves and game state. Hypermedia might even work nice in this case.