Packet Flood Check

General flood protection monitoring total packet volume across all types.

What It Does

While Rate Limit monitors individual packet types, Packet Flood monitors the total number of packets a player sends regardless of type. This catches sophisticated flood attacks that distribute packets across multiple types to bypass per-type limits.

How It Works

GAPE maintains a counter of all packets from each player:

  • Count ALL packets received from a player
  • Track total packets within a time window (e.g., last 5 seconds)
  • If total exceeds limit, increase violation level
  • Cancel excess packets
  • Reset counter when time window passes

Why It's Needed

Attackers can bypass Rate Limit by distributing their flood across packet types:

  • Send 15 movement packets (under limit)
  • Send 15 interaction packets (under limit)
  • Send 15 inventory packets (under limit)
  • Total: 45 packets in 1 second = flood attack

Packet Flood detects this by looking at the total volume.

Difference from Rate Limit

Aspect Rate Limit Packet Flood
Scope Per packet type All packets combined
Granularity Fine-grained Broad
Purpose Catch type-specific abuse Catch total volume abuse
Best for Targeted exploits Distributed floods

What It Protects Against

Distributed Flood Attacks

Attackers send packets across many types to stay under per-type limits while overwhelming the server overall.

Total Resource Exhaustion

Even if each packet type is within limits, processing 100+ packets per second from one player consumes excessive resources.

Sophisticated Exploit Clients

Modern exploit clients intelligently distribute packets to avoid simple rate limiting.

Multi-Vector Attacks

Attacks that combine multiple exploit types simultaneously to maximize server load.

Configuration Options

Total Packet Limit

Maximum packets of any type per time window:

  • 50 per second: Strict, catches most floods
  • 100 per second: Balanced (default)
  • 200 per second: Lenient, for complex gameplay

Time Window

  • 1 second: Strict, prevents short bursts
  • 5 seconds: Balanced (default)
  • 10 seconds: Lenient, allows larger bursts

Violation Threshold

  • 5: Strict enforcement
  • 10: Balanced (default)
  • 15: Lenient

Exclude Types

Optionally exclude certain packet types from the flood count:

  • Keep-alive: Automatic heartbeat packets
  • Position: Movement packets (if allowing fast movement)

Typical Packet Rates

Normal Gameplay

  • Standing still: 5-10 packets/second
  • Walking: 20-30 packets/second
  • Active gameplay: 30-50 packets/second
  • PvP combat: 40-60 packets/second

Attack Patterns

  • Basic flood: 100-500 packets/second
  • Moderate flood: 500-2000 packets/second
  • Severe flood: 2000+ packets/second

Layered Protection

Packet Flood works best in combination with other checks:

  • Rate Limit: Catches type-specific abuse
  • Packet Flood: Catches total volume abuse
  • Oversized Packet: Catches individual large packets
  • Specific checks: Catch targeted exploits

Together, these create comprehensive flood protection.

Performance Impact

  • Per packet: ~50ns overhead
  • Memory: ~100 bytes per player
  • Runs on: Every packet

Very lightweight check with minimal overhead.

False Positives

Potential legitimate causes:

  • Intensive building: Fast creative mode building
  • Inventory sorting: Rapidly organizing inventory
  • Lag spikes: Client sending buffered packets after reconnect
  • Minigames: Some minigames involve rapid actions

Solution: Increase total limit or time window.

Monitoring Packet Rates

Track packet rates to tune your configuration:

  • Enable debug logging to see packet counts
  • Monitor during different gameplay scenarios
  • Identify peak packet rates during legitimate play
  • Set limits 20-50% above normal peaks

Server-Specific Tuning

PvP Servers

Higher limits needed for combat:

  • 150-200 packets/second limit
  • Shorter time windows (1-3 seconds)
  • Higher violation threshold

Creative Servers

Higher limits for building:

  • 200-300 packets/second limit
  • Longer time windows (5-10 seconds)
  • Don't count block place/break packets

Survival Servers

Standard limits work well:

  • 100-150 packets/second limit
  • 5 second window
  • Default violation threshold

Hub/Lobby Servers

Stricter limits appropriate:

  • 50-75 packets/second limit
  • Lower threshold
  • More aggressive enforcement

Best Practices

  • Start with default 100 packets/second limit
  • Monitor false positives during peak hours
  • Adjust based on your server's gameplay style
  • Use in combination with Rate Limit for layered protection
  • Enable alerts for extreme violations (200+ packets/second)
  • Consider excluding keep-alive packets from count
Note: This check works in combination with Rate Limit. Packet Flood monitors total packet rate across all types, while Rate Limit monitors per-packet-type limits.
Tip: This check complements Rate Limit. Keep both enabled for comprehensive flood protection.