Protocol for reports of DDOS

[ufa]

Is it documented anywhere, formally or informally, what the protocol for reports of DDOS is, if anything? What sort of/how much evidence is needed? Who decides what the resulting action is? Why, in the case of my attempts to "do something" about a DDOSing player—which is what in-games mods instruct you to do upon identifying a DDOSer—after months and months with multiple reports, does nothing happen?

I ask because I've been exchanging private messages with (what I believe to be) a moderator, Norse_Harold, about a blatant case of DDOSing (from Larsvandijk, we all know)—confirmed by many, many other players, with evidence—to no avail. The point of this thread isn't to throw dirt on Norse_Harold, I just want to express frustration as a player for what is a totally opaque process which is seemingly not configured to attend to this rare but annoying aspect of 0AD's online play. Again, my desire isn't to throw dirt on Norse, in fact if I had to guess I imagine he isn't sufficiently equipped to handle this sort of thing, hence the questions at the top of the thread.

If the answer is: there is none, could there be? Or is DDOSing just something players have to hold their nose around and get through?

 

[ufa]

Okay, query basically answered: either there is none, there isn't anyone anyone actively enforcing it (nor responding to or documenting basic questions surrounding it), or both. I insist I'm not asking or trying to point this out as a means of throwing dirt on anyone or the game, but it's a pretty glaring reality I think will need to be reckoned with at some point.

[Gurken Khan]

At least players shouldn't feel left alone if they try to help.

I don't know if @Norse_Harold could answer to any of this?

[Norse_Harold]

On 18/10/2023 at 12:43 AM, ufa said:

Is it documented anywhere, formally or informally, what the protocol for reports of DDOS is, if anything?

No, it's not documented anywhere. Ideally the quality of evidence that we obtain provides proof of guilt "beyond reasonable doubt". If it is determined that it is not possible for us to accomplish that level of quality then we might have to compromise and adjust our expectations about that.

For a demonstration of a method of collecting evidence that I consider the absolute minimum to demonstrate that a DDoS has occurred, please see the forum threads where I posted evidence about times that I have been DDoSed with Wireshark I/O graph statistics here, and Ginnungagap posted Wireshark I/O graph screenshots here. Without that level of effort, a disconnection of a host could simply be a game crash, network outage, power outage, etc. Regarding how to narrow down who is doing the actual DDoSing, that is being discussed privately with trustworthy volunteers.

On 18/10/2023 at 12:43 AM, ufa said:

Who decides what the resulting action is?

As far as I know, Dunedan and I decide it.

On 18/10/2023 at 12:43 AM, ufa said:

Why, in the case of my attempts to "do something" about a DDOSing player—which is what in-games mods instruct you to do upon identifying a DDOSer—after months and months with multiple reports, does nothing happen?

I disagree with your assessment of what has happened. You have not made tangible effort to provide direct evidence of even DDoSing letalone DDoSing by a suspect. And, it is not true that "nothing" has happened. There has been gradual progress on secret projects related to collecting evidence and eventually improving our ability to resist DDoSing. There is a lot of work to do, and so far there are very few volunteers. If you want things to progress faster then you, and others, need to volunteer to help.

The other questions that you have asked are of a sensitive nature. If answered then they might aid the DDoSer(s). People who want to help must contact me privately to get instructions about how to help. Farabundo has contacted me privately, he sent one screenshot with a second-hand statement about a suspect, and the rest was just words, no action from him. He stopped providing tangible help or evidence. That's where we have left off regarding Farabundo's actual efforts toward solving the problem.

The door is still open for people to volunteer to help. Again, contact me privately. Thank you.

Edited October 26, 2023 by Norse_Harold

[ufa]

Thanks for the thorough response @Norse_Harold.  I won't keep this going too long—I'll let you get on with your "private discussions" and "secret projects," both of which I hope lead to a better game experience.

As I hope I communicated, I realize it's a difficult task and despite my frustrations I do appreciate the progress (alluded to) being made. I'll just clarify that the core of the issue  I wanted to identify remains, which is hopefully just a temporary issue in lieu of something more robust in the future, which is: I, as an end user—even one statistically way more involved than the average, to "care" and be posting on the forums—am (likely) not going to download third party software and conduct/prepare forensic reports with regards to DDOS attacks, let alone with (up until this thread) zero documentation, protocol, or even common knowledge towards the plausibility of whether a DDOSer will be disciplined. I'd simply propose that, if possible and in addition to all the work you're doing, the gap between "things everyone knows and can demonstrate albeit with the rudimentary means available in-game" and "things needed to take action on people who ruin the game" be reduced, even a little.

In the context of the evidence I presented, I'd offer that (screenshots of) a player admitting multiple times they are DDOSing, (screenshots of) counting down to a DDOS, and (screenshots of) entires games dropping/being disconnected (aka being DDOS'd) should suffice, or at least pass the bar for a minimum demonstration to be investigated/expanded upon, ideally by other players too. If charts with red lines spiking are necessary, that's at least great to know, and the purpose behind this thread.

[Norse_Harold]

farabundo, thank you for finally saying something positive about me and my actions. I didn't notice you acting negatively toward user1, and he did not even suggest that he was working on the issue of DDoS mitigation. It kind of feels like you're punishing the kind of person who is more likely to do what you are hoping for.

Software development and evidence collection is necessary to (attempt to) mitigate the DDoS problem with 0 A.D. You have stated multiple times that you will not help, and you will not even put a tiny amount of effort into collecting evidence by installing Wireshark. You haven't paid money for 0 A.D, to my knowledge. Think about it. Do you have the right to act entitled in this situation?

I think that you don't know how free (as in freedom) software projects are supported. It's not magic slave labor. You seem to have the attitude that "free labor means you can use as much as you want".

"The Hard Parts of Open Source" by Evan Czaplicki
Check out this video to learn how to interact with free software developers in a constructive way.
https://www.youtube.com/watch?v=o_4EX4dPppA

Free Software Life
This is a satirical video about a starving free software developer. It helps explain why people who contribute nothing yet make demands are out of line.
https://www.youtube.com/watch?v=mAmqPG_AAV4

The bottom line is that you should have no expectations whatsoever about results or timing thereof if you're not involved in the work to accomplish the tasks.

 

Edited October 31, 2023 by Norse_Harold