Can exploiters "spoof" their ping to trick the server?

Not sure if this is the right place to be asking this, so let me know if I need to change the topic category, please.

So, I’m working on a platformer fighting game right now and had set up a knockback system for client and server-sided use. (My game uses AI and players) I know client knockback can be modified and exploited, so I set up a system to detect if for:

1. My knockback system has to use the player to handle the knockback, and…
2. If they’re in the correct position according to calculations and kinematic formulas.

From testing, it seems to work well for people with good latency. I do know that my game would come across players with higher ping, (like myself currently) so I was going to also add to my formula on using the player’s current ping to make sure they’re in the right position or not. I could just also move them to the right position even if they’re lagging, so maybe I would throw this out the window.

So, I was going to add it to my formula, right? But, I came to this thinking of exploiters possibly exploiting this too somehow, by emulating a ping to the server that they’re not actually having. (Like setting their ping to 500 ms to the server, when in reality it’s just 70 ms) Can exploiters actually do this, or am I just overthinking this? Wanting to know, since I’m still trying to study the different ways exploits could occur in an advanced level.

I’m not looking for just “yes, they can do that” or “no, they can’t”, I do want some information or something to research on since I can’t seem to find that information on the forum anywhere. If you do reply, thank you for your input/response ahead of time. :^)

The real answer is a bit tricky, but thankfully, you aren’t alone.

What you are talking about has multiple names; the most well-known one is “lagswitching”. The idea is that a hacker interrupts the packet stream for a few seconds in order to gain some benefit from misuse of code. In minecraft for example, people who are lagswitching can break blocks unopposed, because when they end their lagswitch, all of the block-break events will trigger at once. They can also swing at players (though minecraft anti-cheating prevents more then one lagswitch swing at once) and run to safety before ending their lagswitch state to trigger free combat hits.

The best way to watch for this is to monitor the player’s average ping over a few minutes. If their ping spikes at random intervals, it’s probably a bad connection, but you can probably find a way to tell when a hacker is lagswitching because their connection will suddenly jump to a predetermined value every time they need an advantage.

You can also tell when a hacker is taking advantage of lagswitching because they’ll pause in place, then fire a whole bunch of packets all at once, resulting in potentially over a thousand position updates in less then half a second.

In addition to lagswitching, you can easily make scripts using programs like Fiddler to artificially raise your ping. The hacker’s environment would be real time, but their reactions could be delayed up to a certain point. This one is simple to figure out, though. Measure the hacker’s response to certain in-game events (such as getting damaged) and if they’re using Fiddler or similar hacking tools to present an artificial ping, there’ll be a constant delay between the hit landing and the player character responding.

However what makes it tricky to answer “yes or no” exactly is the fact that ping is just a measure of delay between packets. Hackers can’t “set 500ms when it’s only 70ms” because that would imply they’re somehow receiving the same packet twice. Which, to be fair, is possible, but it requires a level of network shenanigans that no admin would ever permit, even if they were the hacker wanting an advantage.

So hackers using artifical delay will always report a ping, say, above 200. Hackers lagswitching will briefly show maximum ping. Hackers abusing ping delay will have absurd roundtrip times (very high ping but low reaction time compared to that ping).

It’s a game of cat and mouse, but it’s also a game of cat-and-mouse with solutions for the cat.

Presumably, yes exploiters can spoof their ping. That’s the reason lag switches exist. Commandhat’s explanation is amazing. But, I would not recommend trying to detect lagswitching.

I would recommend having a set distance from the server position and client position and if that distance is exceeded then just force the client to follow the server path.

So, based on what I’m getting here is they can do this, if they need to. I knew it was a thing on other games, I just don’t know if it’s possible on Roblox. I didn’t even know there was a name for this, to be fair. Not only that, but I do think that when they do have it on, they’re also in a disadvantage since they would also be dealing with delay with their attacks and whatnot.

I should’ve worded it correctly, my bad. I meant to say their actual ping without the lagswitch is 70ms, whilst with it is 500ms.

Overall, I got all that I needed. Thank you both for these answers. Whilst I won’t be doing anything to check if they’re “lagswitching” per se, since I’m already going to set them to the server’s calculated position if they do get too far from the path, I still was curious since I wanted to know if it was possible to do it on Roblox or not.

P.S.: I will still check on this, since I do know that would be a major part of my game for exploiters who try to do this exact thing. I do know a way of how I could detect lagswitching since my game is programmed in a way where there are certain types of events that take place in the game that’s dependent on the client’s network capacity, and punish them if they do this one too many times during games. (Strikes, then bans)

There is some good information here, but please keep in mind, it’s all depending on how it is you check their ping.

If you are doing the “classic” method of sending two events back and fourth and calculating the time it took, then this can easily be spoofed without a lag switch, by just delaying the time it takes to send the event.

I don’t even need to use remotes to check their ping, for that same exact reason. IIRC, just using Player:GetNetworkPing() at certain events of my gameplay could detect it. But when I mean “events”, I’m not talking about the use of remotes, but rather the events that’s currently taking place in the game. (KnockbackStarted, PlayerGotHit, etc.)

Thank you for your input, though.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.