diff --git a/code/qcommon/net_chan.c b/code/qcommon/net_chan.c
index a03628f1..df7dbb4e 100644
--- a/code/qcommon/net_chan.c
+++ b/code/qcommon/net_chan.c
@@ -325,7 +325,12 @@ void Netchan_TransmitNextFragment( netchan_t *chan, netprofpacketlist_t *packetl
 	// send the qport if we are a client
 	if ( chan->sock == NS_CLIENT ) {
 		MSG_WriteShort( &send, qport->integer );
-	}
+    }
+
+#ifdef LEGACY_PROTOCOL
+    if (!chan->compat)
+#endif
+        MSG_WriteLong(&send, NETCHAN_GENCHECKSUM(chan->challenge, chan->outgoingSequence));
 
 	// copy the reliable message to the packet first
 	fragmentLength = FRAGMENT_SIZE;
@@ -402,12 +407,17 @@ void Netchan_Transmit( netchan_t *chan, size_t length, const byte *data, netprof
 	MSG_InitOOB (&send, send_buf, chan->remoteAddress.type == NA_LOOPBACK ? MAX_PACKETLEN : MAX_REMOTE_PACKETLEN);
 
 	MSG_WriteLong( &send, chan->outgoingSequence );
-	chan->outgoingSequence++;
 
 	// send the qport if we are a client
-	if ( chan->sock == NS_CLIENT ) {
-		MSG_WriteShort( &send, qport->integer );
-	}
+	if(chan->sock == NS_CLIENT)
+		MSG_WriteShort(&send, qport->integer);
+
+#ifdef LEGACY_PROTOCOL
+	if(!chan->compat)
+#endif
+		MSG_WriteLong(&send, NETCHAN_GENCHECKSUM(chan->challenge, chan->outgoingSequence));
+
+	chan->outgoingSequence++;
 
 	MSG_WriteData( &send, data, length );
 
@@ -469,6 +479,17 @@ qboolean Netchan_Process( netchan_t *chan, msg_t *msg, netprofpacketlist_t *pack
 		qport = MSG_ReadShort( msg );
 	}
 
+#ifdef LEGACY_PROTOCOL
+	if(!chan->compat)
+#endif
+	{
+		int checksum = MSG_ReadLong(msg);
+
+		// UDP spoofing protection
+		if(NETCHAN_GENCHECKSUM(chan->challenge, sequence) != checksum)
+			return qfalse;
+	}
+
 	// read the fragment information
 	if ( fragmented ) {
 		fragmentStart = MSG_ReadLong( msg );
diff --git a/code/qcommon/qcommon.h b/code/qcommon/qcommon.h
index 53b176de..dd06a54a 100644
--- a/code/qcommon/qcommon.h
+++ b/code/qcommon/qcommon.h
@@ -255,11 +255,14 @@ void		NET_LeaveMulticast6(void);
 void		NET_Sleep(int msec);
 
 
-#define	MAX_MSGLEN			49152		// max length of a message, which may
+#define	MAX_MSGLEN				49152		// max length of a message, which may
 											// be fragmented into multiple packets
 
-#define MAX_DOWNLOAD_WINDOW			8		// max of eight download frames
-#define MAX_DOWNLOAD_BLKSIZE		2048	// 2048 byte block chunks
+#define MAX_DOWNLOAD_WINDOW		48	// ACK window of 48 download chunks. Cannot set this higher, or clients
+						// will overflow the reliable commands buffer
+#define MAX_DOWNLOAD_BLKSIZE		1024	// 896 byte block chunks
+
+#define NETCHAN_GENCHECKSUM(challenge, sequence) ((challenge) ^ ((sequence) * (challenge)))
  
 
 /*