aixo

I agree with everything what Dizaka wrote, very well summarized, and as Dizaka described we spent significant time on some effort to track the username which was harvesting IPs at that time, Dizaka described the process how we did it and unlike him I believe we were able to narrow the username down. The question now is - How does that help? First of all, nobody would believe me that we did it honestly and correctly and with no offence most of the people do not even have technical knowledge to understand it to make correct judgement. Anyone could just say that we picked someone we didn't like. And second of all, the username was using VPNs to connect to the lobby, their IP kept changing and I bet they use multiple accounts. Block one username or IP address and the ddoser will just create a new account from different IP provided by a VPN. We can make it more challenging for the ddoser as Dizaka described but there is imo no ultimate solution with the way how the game hosting works/size of the community/no will of players to do anything to prevent the ddos and obviously anyone who's been doing that for more than a year has enough motivation to get through some barriers.

The guy is back under "Melusines" username. He exercises the same behavior and rethoric. I've seen many messages in lobby from him attacking various religious, ethnic and race groups (i.e. "I hate muslims", "Serbia", encouraging people to burn Serbia and many others I do not want to type), and usual talks about Jesus. Anyway, I am personally sure It's the same person (Melusines=pesem=other accounts) which would mean multiple accounts and hateful speech in lobby which is break of ToS. (I am reporting here since there is no responsive moderator in a24 lobby and to put stress on the background of the person.)

That's very useful, thank you.

Is it technically possible to enter the password and get the IP:PORT info without actually appearing in game lobby as a joined user? If so, does lobby have any logging possibilities which could show what users entered the password to a specific game? IMO It depends on the type of connection. I had public IP on my home router in the past, and I did get simple UDP flood DDOS attacks which targeted my public IP on various ports and caused internet link saturation and/or overloading my router. As I said I am currently behind Carrier NAT so I am exposed to the Internet only through my provider public IP which is hosted on some enterprise device with DDOS protection and that IP is shared by many users so you can get to "me" only through specific exposed port by NAT. It worked for a while and protected me from attacks but the attackers adjusted and started to attack the specific exposed port used by game with NTP/Memcache Amplification DDoS attacks which keeps my internet link okay, the game is registered to the lobby but since the game port is under heavy traffic the players drop from the game, all other Internet traffic is okay. My belief is that in my case you need to know IP:PORT to attack me successful (which means to make players to drop from the game), I do believe that the PORT is always different for each game I host and my game which had a password set got attacked. So my assumption is that the attacker had to enter the password and I do believe we could narrow it down. I know who appeared as joined in the game lobby (or I can sniff incoming traffic on socket opened by 0ad in future and collect IPs). But probably that would require some coordination behind the scene. And yes, something I am sure about for long time. The attacks are not made by an automatic script which would target random people but by someone who actively watches the lobby and does manual actions and I believe is an active member of community which is a shame.... someone grabbed the game password to get IP:PORT info because I do believe that in my case IP is not enough.

Hi, I wanna ask just something to have correct expectations. I am hosting a24 games behind Carrier NAT which means that I do not have a public IP on my home router. The game host IP is public IP of my provider shared with many others. That means that the IP:PORT of each game I host is different - the port always changes since It's the NAT. I set the password (new feature in a24) for joining the game lobby. I got ddosed. Does it mean that someone had to enter the password and joined my game to get the IP:PORT information? Am I right to expect that IP:PORT of games are exposed only after providing the password and joining the game in a24?

I've installed a24 from flathub on Fedora33 (https://flathub.org/apps/details/com.play0ad.zeroad) and seems to be working well, and since native Fedora repositories still have a23 and It uses different locations for userdata I can keep both versions side by side for now. It should work for any major distro of debian/fedora/opensuse flavors.

This is how tcpdump stdout with filter for incoming UDP packets, iptables dropping any UDP packet over 10 packets per 1 second per one source and being behind my ISP NAT (so targetting only one port) looks like under the attack