My coworker and I are developing an authoritative server for

My coworker and I are developing an authoritative server for an MMO. We can\'t agree on how to handle \"misbehaving\" clients. Misbehaving, in this case, means clients who send \"odd\" requests that might indicate a compromised/altered client, or even a nefarious user injecting data directly into the communication stream.

One of us believes that the offending request should be aborted, the client\'s data saved, and the client\'s connection forcibly closed (\"killed\"). The other believes the request should be aborted and a \"failed\" response returned to the client.

We\'re at an impasse because we can\'t decide which approach is best. We\'ve both generated arguments, but nothing has been sufficient to sway either of us.

For reference, here are some things we\'ve considered:

Being disconnected results in an annoyance for legitimate users if we make a mistake coding the \"misbehavior detection\"
Killing the client eliminates the need for \"clean up\" response code.
If we don\'t kill the client, we might make a mistake and continue processing the bad request.
Killing the client prevents a compromised client from sending other potentially bad requests, at least until they log back in.
A disconnection may not do much to deter cheaters, whereas a denial response may elicit a \"big brother is watching\" feeling.

Any feedback on our arguments? Are there any other reasons for choosing one over the other? Is there some industry standard, or even a best practices consensus?

Solution

With proper code review, mistakes like these can be avoided.

Although it is important to \"kill\" a malicious client in order to prevent further issues, personally, I would suggest gathering as much information about the malicious source prior to \"killing\" the client connection.

Without shunning the malicious activity, you risk further exploitation.

This would ultimately depend on the architecture and the design of the game, but without knowing much details about the proposed MMO, this action would definitely be an immediate mitigation but it is important to log the source of the attack (date/time/src IP/dst IP/ports/protocols/attack type) for incident response. Although cyber attacks are inevitable, collecting the aforementioned data can help you detect, contain and eradicate any further threats.