diff --git a/internal/gameServer/tcp.go b/internal/gameServer/tcp.go
index 4ae3982..06ebd4b 100644
--- a/internal/gameServer/tcp.go
+++ b/internal/gameServer/tcp.go
@@ -131,6 +131,8 @@ func (g *GameServer) tcpSendReg(conn *net.TCPConn) {
 }
 
 func (g *GameServer) processTCP(conn *net.TCPConn) {
+	defer conn.Close()
+
 	tcpData := &TCPData{Request: RequestNone}
 	incomingBuffer := make([]byte, 1500) //nolint:gomnd
 	for {
@@ -350,6 +352,25 @@ func (g *GameServer) watchTCP() {
 		} else if g.isConnClosed(err) {
 			return
 		}
+
+		validated := false
+		remoteAddr, err := net.ResolveTCPAddr(conn.RemoteAddr().Network(), conn.RemoteAddr().String())
+		if err != nil {
+			g.Logger.Error(err, "could not resolve remote IP")
+			conn.Close()
+			continue
+		}
+		for _, v := range g.Players {
+			if remoteAddr.IP.Equal(net.ParseIP(v.IP)) {
+				validated = true
+			}
+		}
+		if !validated {
+			g.Logger.Error(fmt.Errorf("invalid tcp connection"), "bad IP", "IP", conn.RemoteAddr().String())
+			conn.Close()
+			continue
+		}
+
 		g.Logger.Info("received TCP connection", "address", conn.RemoteAddr().String())
 		go g.processTCP(conn)
 	}
diff --git a/internal/gameServer/udp.go b/internal/gameServer/udp.go
index 8c7cb8e..3370275 100644
--- a/internal/gameServer/udp.go
+++ b/internal/gameServer/udp.go
@@ -176,6 +176,18 @@ func (g *GameServer) watchUDP() {
 		} else if g.isConnClosed(err) {
 			return
 		}
+
+		validated := false
+		for _, v := range g.Players {
+			if addr.IP.Equal(net.ParseIP(v.IP)) {
+				validated = true
+			}
+		}
+		if !validated {
+			g.Logger.Error(fmt.Errorf("invalid udp connection"), "bad IP", "IP", addr.IP)
+			continue
+		}
+
 		g.processUDP(addr, buf)
 	}
 }
diff --git a/internal/lobbyServer/lobby.go b/internal/lobbyServer/lobby.go
index 3a722ab..eb5b4e9 100644
--- a/internal/lobbyServer/lobby.go
+++ b/internal/lobbyServer/lobby.go
@@ -321,8 +321,12 @@ func (s *LobbyServer) wsHandler(ws *websocket.Conn) {
 					g.Emulator = receivedMessage.Emulator
 					g.Players = make(map[string]gameserver.Client)
 					g.Features = receivedMessage.Features
+					ip, _, err := net.SplitHostPort(ws.Request().RemoteAddr)
+					if err != nil {
+						s.Logger.Error(err, "could not parse IP", "IP", ws.Request().RemoteAddr)
+					}
 					g.Players[receivedMessage.PlayerName] = gameserver.Client{
-						IP:     ws.Request().RemoteAddr,
+						IP:     ip,
 						Number: 0,
 						Socket: ws,
 					}
@@ -434,9 +438,13 @@ func (s *LobbyServer) wsHandler(ws *websocket.Conn) {
 						}
 					}
 
+					ip, _, err := net.SplitHostPort(ws.Request().RemoteAddr)
+					if err != nil {
+						s.Logger.Error(err, "could not parse IP", "IP", ws.Request().RemoteAddr)
+					}
 					g.PlayersMutex.Lock() // any player can modify this from their own thread
 					g.Players[receivedMessage.PlayerName] = gameserver.Client{
-						IP:     ws.Request().RemoteAddr,
+						IP:     ip,
 						Socket: ws,
 						Number: number,
 					}