KingAl wrote:You're essentially reiterating what I just said. Naturally, the host essentially mediates the transfer of information. If the host provides false information, then the client which believes otherwise - i.e. the client of the player whose units it affects - falls out of sync. Similarly, if a client sends information claiming that a unit has done the impossible, the host will detect that and they will fall out of sync. Discarding of duplicate packets may not be happening, but in most cases it will have no significant beneficial effect for the offending player. Players cannot get extra nukes or have units appear where they shouldn't, because both server and client keep track of them (# of units, speed, position, path, firing speed etc), and any disparity causes them to fall out of sync.
Thus, it seems the only way in which the system could be manipulated is if the host sends false information about a player's moves and essentially controls that other player. This is true of all network based games, as if there is to be one host through which all messages are sent, the host can naturally manipulate information.
Ok, I think we both agree it is possible in theory. And going by the understanding of current gaming mechanics -including cheat prevention- we can safely deduct the attack would be possible in practice as well.
However, I do not agree with "Thus, it seems the only way in which the system could be manipulated is if the host sends false information about a player's moves and essentially controls that other player. This is true of all network based games, as if there is to be one host through which all messages are sent, the host can naturally manipulate information."
It seems like common sense that a host can manipulate information passing through it, but there are previsions against that. Notice that in our discussion, it's not the host itself that is manipulating information. It is passing on manipulated information, which is something you can account for I'd say.
Let's make the discussion a bit less abstract.
Imagine Player 1 nuking Paris from 1 fixed silo at a known (to the clients, not necessarily players) location and shooting at a known target looks like this (in line with xander's explanation of not transmitting nuke flight path but only lift-off and impact coordinates) (but probably highly oversimplified):
XYZ,ABC,silo
silo coordinates,target coordinates,reconfirmation of unit type for range deductions and counting of nukes
Every time the player fires a nuke from that silo to that target a "XYZ,ABC,silo" packet is transmitted to the server ; thus to all clients, who start substracting a nuke from the defined number of nukes for a silo (10).
If we create a fake packet XYZ,ABC,silo it will be calculated and tracked by all clients.
Q1: as the attacked client did not originate this packet, but possibly gets confirmation broadcasted by the server, would it then determine for itself it is out of sync already?
If the client does not fall out of sync and continues to play, at some point he is bound to try an illegal move as he's got 1 less nuke according to the other clients than he himself believes to have.
--> the client falls out of sync at this point.
To complicate matters further, what happens if his silo gets hit 1 or two times in between, halving the number of nukes he had before he tries an illegal move? Would this be something that could save him from falling out of sync?
But on to the actual point (yes, sorry for disgressing....):
Imagine the packets looked like:
XYZ,ABC,silo,nuke10/10
You could still easily forge a packet to look like it's the next in the sequence so that would offer no protection.
You'd need a value -a checksum as it were, or an initialisation vector (IV)- that can be checked so the packet would look like:
XYZ,ABC,silo,157849467806941036
(or possibly XYZ,ABC,silo,nuke8/10,157849467806941036).
Now, if only the client and customer can verify this number the other clients can't be left to blindly trust everything from the server, or indeed your assumption anything can be manipulated is correct. On the other hand, if that level of 'trust' can already be achieved, you eliminate the possibility of being able to desync any other client when you are just a client (not the server though).
If however you had interclient -as opposed to client-server-client - communication, upon receipt of the packets you could perform a verification of the checksum at the originating client itself. Implementing such a system would a bit defeat the central server purpose and advantages though
But yeah, that's why if you have a central server which is under control of no player you can further mitigate the risks of such attacks occuring.
(not to continue a discussion that might possibly bore you, but other invalid moves -if the unit type is also transmitted- could be to change a sub in a silo and so on. Making the attacked client fall out of sync immediately, instead of when it itself tried the "illegal" move... )
And actually do other stuff 
However, as security is my hobby, main area of interest AND profession what I read about the lagging and the clients seeing everything immediatelly triggered me into starting to cover all possible "what ifs" 
)
What in heavens name happened to my thread?