Dizaka
-
Posts
482 -
Joined
-
Last visited
-
Days Won
5
Posts posted by Dizaka
-
-
Just did a quick search for DDOS on the forum. Looks like this has happened with players who get singled out. Example is Emperior:
Not really an issue to ignore. I also haven't seen Emperior around.
-
1
-
-
Specing game. Phyzik mentioned something about screenshots and Issh luled about them (ph4r em!). Wasn't involved in game (was spec).
This happened around 6:46 pm easter us time.
First ddos during this game around 6:46. This one disconnected me from game and sent me to lobby.
Received a 2nd ddos around 6:55 or so:
Banned from game for connectivity issues. Host is Bonesnscars. (He did the right thing)
Phyzik explicitly asked for ban. He directly stated his ph3ar of screenshots beforehand (before game started).
Double checked who else asked for my ban, out of curiosity:
-
1
-
-
6:27 pm eastern time.
Game lagged horribly. Sufficiently enough that it wasn't playable and host decided to end game. It's as if the ddos is being scaled down to prevent games but not disconnect them.
-
9:50 pm easter time (NY). DDOS again. Can't setup the monitoring yet ...
Honestly, anytime a player disconnects from a game I'd probably blame DDOS. It seems like few network connections these days are unstable ...
Note: I've offered to pay for counseling and therapy services for whoever is doing this. Please PM me.
-
1
-
-
16 minutes ago, badosu said:
Hmmm.. I was thinking of adding a software level package monitor like wireshark, so would that be ineffective? Should I at least be able to track I'm being flooded?
You would be able to verify what exactly it is. With my graphs its simply conjecture.
-
-
2 hours ago, smiley said:
Your ISP will never call, because they have no clue this is even happening. Their threshold will be set a lot higher.
Accordingly, it's safe to assume that me calling them for this small fish is pointless as there likely won't be a good enough response.
Dear small fish, you reading this? Go big or go home.
2 hours ago, smiley said:The game logs doesn't really help.
Conclusory statement. All of yesterday no attacks on me. Those one or two attacks could or couldn't have been something. Looking at my logs I couldn't figure it out as I was testing something else out that rendered the charts unusable. However, overall yesterday my 0ad experience was fairly stable, minus the one or two weird disconnects I had.
2 hours ago, smiley said:You can either run wireshark and find out what traffic is, where it's coming from, and null route it on your router or you can request a new public IP and never host a game on the lobby. The former will fix it regardless of whether it's a DoS attack or not. And I think your router is an EdgeRouter. Maybe enable logging, but given that its already dying, that might not be the best idea.
I mean it could be a SYN flood, an ICMP flood, a UDP flood (this might be the case because of how much traffic is going through), illegal TCP flood, etc. Or even unroutable IPs. Impossible to determine with the information available.
For a distributed denial of service attack running wireshark is likely to be a pointless exercise. If it's distributed it's coming from multiple devices under the attacker's purview that likely excludes the attacker's device(s). However, that is an assumption worth checking out.
2 hours ago, smiley said:Regardless, nothing much anyone else can do here.
Another conclusory statement that isn't necessarily true.
-
10:00 or so. No lag. No disconnects.
Chetnik connection is smooth. Lapacientos didn't lag out. No issues with anyone.
-
8:48 -- Borg disconnected.
Players IG:
8:52 -- Was lagging. Host kicked me.
8:59 -- Lapacientos lagged and was kicked.
9:00 -- Lapacientos rejoined. Game continues.
9:03 -- Borg kicked due to timeout.
9:09 -- Borg rejoins lobby. Must have been a somewhat strong ddos.
9:24 -- Something new. Game at a standstill. Noone showing as lagging. Eventually borg disconnects/times out.
9:24 -- Phyzik leaves the game.
Conclusion: Way too many disconnects and reconnects this game. Typical game has maybe a person disconnect and then come back fairly fast. This game was all over the place for whatever reason.
-
6:24 -- Go2die and Acero left spec.
6:27 -- Chetnik kicked for flimsy connection (Possibly on same IP as previously)
6:47 -- Ricsand joined game.
Join failed. Looks normal though.
6:59 -- FrankStallone left game
7:01 -- game ended.
Honestly, this was a normal 0ad game. No multiple critical-player disconnects, etc. It's possible that Chetnik did a whole net disco from DDOS as his IP was previously compromised. Either way, uneventful game and done. Ricsand probably had issues reconnecting midgame to a max 200 4v4 game with movement on all units.
-
Game hosted by badosu.
Chetnik, RIP bro.
(Managed to rejoin later, see below)
Players IG:
Players that left before getting screenie: Phyzik (see below)
-
1) Kristian solo disconnect.
Either a potatoe for a PC or ... . Previously, and in general, his potatoe PC doesn't have issues with his games.
2) Kristian/Cesar duo disconnect.
Game ended afterwards. No sure if Cesar/Kristian or other team was winning or whether it was close to end of game. Was banned by Phyzik for being a silent spec. Don't have replay on what happened.
-
1
-
-
Cesar did:
Then he disconnected twice:
1:
2:
Note: Wouldn't have posted if he'd have disconnected just once.
-
1
-
-
Wasn't really on ... But something happened here around 9:45 pm.
Checked with family and no one really did anything. Hoping that no machine is compromised.
-
1
-
-
9:13 pm eastern time, or so. Finished a 4v4. No lag. No disconnects. None.
-
1
-
-
8:32 pm eastern time, or so. Finished a game 4v4. No lag. No disconnects. None.
-
1
-
-
6:57: dpikt lagging in another game.
Users:
Global chat:
Update: Seems like Ricsand became lagsand?
Looks like lagsand 2x.
-
1
-
-
6:10 pm Eastern Time. Net down. Private no specs game with Nani.
Update: 6:24 net still down. Maybe a new record?
Update: 6:32 net still down.
Update: 6:34 ...
Update: 6:46 ...
Watching Netflix through a diff network ...
Update: 6:49 back online
Pic below is the start of the DDOS. There's no middle b/c it was another big one.
-
1
-
-
Tried playing a 1v1 wtih rollo. Rollo lost connection. People inlobby:
5:56 pm easter time.
-
1
-
-
Update:
People in game (I was a spec):
It started around this time. My guess the peak isn't shown b/c the person was going for an all time world record? Guinness book of world records?
-
1
-
-
Actually waiting for them to call me. I know if I call them it's not a problem really and won't take it seriously. If they call me then they'll take it seriously and at least have a record of this in their system.
If whoever is doing this lives in the USA they have the CFAA to worry about.
Currently still needs offline.
Back online 5:40 pm eastern time.
-
1
-
-
Still down. Someone going for the gold medal here.
-
1
-
-
Actually totally offline on home network. 5:13pm. Rejoined randomids game but immediately lagged out and internet died. I think biggest timeframe regarding downtime.
As expected internal network works fine. It's just an issue with WAN receiving a hug of love.
-
1
-
-
Lagged out around 4:55 Eastern Time. Logs again show a spike in traffic.
Honestly, no idea who it is. This was from a game lobby as randomid started hosting. However, the spikes don't appear to be random/unintentional and are related to 0ad.
Game chat provided below to list players inside the lobby. Note, I haven't reset my public IP so I can be bombed even if the person is not in 0ad.
-
2
-
When playing 0ad whole network disconnects. Network otherwise stable.
in Gameplay Discussion
Posted · Edited by Dizaka
On 10/5/2020 between 9:00 pm and 11:00 pm eastern time the lobby users are being hit hard by who ever is the DDOS child. I'm being ignored for some reason. Mgically, a number of users who rarely, if ever, log in logged in. The first topic on these user's mind was DDOS. Peculiar but just speculation.
Below is a WAN chart of traffic since 9/11. Most peaks, if not all, except between 9/15 and 9/16, are when I disconnected from 0ad due to, what I believe, were ddos attacks.
Below is the corresponding LAN chart. Notice how traffic between 9/15 and 9/16 can be seen on LAN? That's because it goes past the router and isn't blocked/discarded like a DDOS attack. The 9/15-9/16 traffic is a 4 tb download.