I'm working on the server for a game. Some users have previously barraged me with DOS attacks which have slowed it down and crashed it several times.

They mainly sent the attacks to my account sign up and login logic for my server, which makes everything else mess up, as I said.

My question is if I make a datatype specifically used to store and time the requests sent to these (and possibly other) logic gateways will that be enough to supress the attacks?

VB Code:
  1. Private Type AntiDoS

  2.     HD As Long

  3.     lastTICK As Long

  4. End Type

  5. Dim AntiDoSsignup() As AntiDoS

  6. Dim AntiDoSLogin() As AntiDoS

the HD is the harddrive hash obtained from the client.

I was thinking that each time they try signing up, the AntiDoSsignup array would get larger and store that information.

the last tick will be the time from GetTickCount. my logic would be:

if they send an attempt more than 3 times within ~1-2 seconds, they will be blocked.

Is there anything I am overlooking? I was thinking perhaps of analyzing the packets sent from the client to further determine if they were malicious or not.

Thanks.