Jump to content

When playing 0ad whole network disconnects. Network otherwise stable.


Dizaka
 Share

Recommended Posts

Weird issue.  I can't play 0ad because of this ...

When in the 0ad lobby, or in a game, what will happen is I'll time out with a "stun endpoint error."  What will happen afterwards is that my WHOLE network will disconnect from the web.  This only happens with 0ad.

I thought maybe it's my computer.  So I formatted, did most recent windows updates, and installed 0ad.  Same thing.

 

Anyone have ideas on how to troubleshoot?  When I write the whole network disconnects I literally mean that the the whole network disconnects from the internet.  Nani experienced my disconnects when he was a host of a game I joined.  This has started recently (like late this week).  Has the network code changed for this game somehow recently?

[edit]

See this thread:

 

Edited by user1
Link thread to upload replays
  • Sad 1
Link to comment
Share on other sites

  • 2 weeks later...

I went through my router logs.  The only odd thing I've found is this:

<table style="width:100%">
  <tr>
    <th>Threat Management Alert 1: A Network Trojan was Detected. Signature ET MALWARE Win32/Zonebac Traffic Redirect. </th>
    <th>From: X.X.X.X:57153, </th>
    <th>to: 173.239.8.164:80, </th>
    <th>protocol: TCP	</th>
    <th>9:21 am	09/11/2020</th>
  </tr>
  <tr>
    <th>Threat Management Alert 1: A Network Trojan was Detected. Signature ET MALWARE Win32/Zonebac Traffic Redirect. </th>
    <th>From: X.X.X.X:54879, </th>
    <th>to: 173.239.8.164:80, </th>
    <th>protocol: TCP	</th>
    <th>8:34 am	09/11/2020	</th>
  </tr>
  <tr>
    <th>Threat Management Alert 1: A Network Trojan was Detected. Signature ET MALWARE Win32/Zonebac Traffic Redirect. </th>
    <th>From: X.X.X.X:50000, </th>
    <th>to: 213.247.47.190:80, </th>
    <th>protocol: TCP	</th>
    <th>2:43 pm 09/05/2020	</th>
  </tr>
  <tr>
    <th>Threat Management Alert 1: A Network Trojan was Detected. Signature ET MALWARE Win32/Zonebac Traffic Redirect. </th>
    <th>From: X.X.X.X:57829, </th>
    <th>to: 173.239.8.164:80, </th>
    <th>protocol: TCP	</th>
    <th>8:14 pm	09/03/2020</th>
  </tr>
</table>

Are the "to" IPs associated with any user logins?

Those "threats" are the main reasons for formatting my machine ...  It's also weird but the above logs are from around the time from when disconnects of the WHOLE network started.

 

Additionally, maybe this will be useful, but the disconnects, to date, have only happened in a "game lobby" (before a game starts but not in main chat lobby) or in a "hosted/started game."
 

Edited by Dizaka
  • Like 2
Link to comment
Share on other sites

Looking at my traffic logs for today (don't have previous logs, unfortunately) I can see that my networks gets hit with a lot of traffic in a short period of time.  This is the WAN port on my router.  I believe at around 6:00 I was in a game lobby trying to play with bbleft and bonescape(sp?)  I couldn't play as my whole internet connection went out again.

 

Note:  The traffic is over a time period of 20-25 minutes.

 

image.png.683ea749d493a49c9cfa6f83b4057e80.png

Edited by Dizaka
  • Like 1
  • Thanks 1
  • Sad 1
Link to comment
Share on other sites

Players ig:  thankfor pie, sabdala, furqan, randomid, Dizaka, Ivaylo_Uzunov, TheIlusiveman, Exvtheow

Specs:  Issh, Boudica, Ricsand, felixix

image.thumb.png.af9f5701b26fabe63c6d17616e77ef94.png

 

Had a minor attack (Didn't disconnect from game lobby, just game).  After I reconnected my guess is host got hit.  Game disconnected completely.  Gametime was around 11:00 am eastern time zone (US/NYC).

 

image.png.544bfea07e84c8ab4d859da40fde5968.png

 

 

Edited by Dizaka
  • Thanks 2
Link to comment
Share on other sites

Well, call your ISP I guess. They are supposed to prevent DDoS attacks. (I guess that's dependent on the ISP, to be fair, most analytics will ignore a few gig spikes). I expect all of them to give you a comprehensive report upon request though. Or just run wireshark locally and see where it's coming from.

Sure thats not a download or something? those graphs show a very wierd DDoS attack, it instantly falls of a cliff.

Edited by smiley
  • Like 1
Link to comment
Share on other sites

1 hour ago, badosu said:

@DizakaWhat are you using to monitor? Gonna try setting something up and see from my end too...

Looks like his router's dashboard I think.

8 minutes ago, Loki1950 said:

He appears to be using Windows default Task Monitor WireShark should give you more detailed info.

I don't think so, the windows default thing suck big time and is almost useless beyond seeing why a download is being somewhat slow.

  • Like 1
Link to comment
Share on other sites

Specing a game.  Players were felixix, Rauls, Ivayo_Uzunov, ffm, PhyZic, thankforpie, eskro141, Edwarf 

Host was randomid.

Specs were Issh, Carthage, Myself.

First disconnect was Rauls.  Rejoined game.

 

Had a conversation w/ Phyzik (approximation below):

Me:  First blood at min 18.

Him:  Happy?

Me:  No, can you smile for camera?

 

......... disconnect.  Checking logs ....

 

image.png.0a7be218683401f265cf007ef9dbc276.png

 

This was around 4:00 pm Eastern time, US time.

 

(Courtesy jab:  Phyzik's allies resigned.)

 

Edited by Dizaka
  • Thanks 1
Link to comment
Share on other sites

4:16, game hosted.  

Players:image.thumb.png.1528f5410630e4e9a617dc9e04891abb.png

4:18 pm eastern time.:  On launch kristian disconnected.  Probably nothing.

 

(Inbetween Phyzik asks me to stop raging / get mental help. )

4:23 pm eastern time:  Kicked by randomid for lagging.  Logs below.

 

image.png.cc52c5f55796c8f051af47a0f81c418e.png

Edited by Dizaka
  • Thanks 2
Link to comment
Share on other sites

Lagged out around 4:55 Eastern Time.  Logs again show a spike in traffic.

 

Honestly, no idea who it is.  This was from a game lobby as randomid started hosting.  However, the spikes don't appear to be random/unintentional and are related to 0ad.  

Game chat provided below to list players inside the lobby.  Note, I haven't reset my public IP so I can be bombed even if the person is not in 0ad.

 

image.png.79e486b59c0b6137c17fbe19e6fb2a15.png

 

 

image.png

Edited by Dizaka
  • Thanks 2
Link to comment
Share on other sites

Actually totally offline on home network.  5:13pm.  Rejoined randomids game but immediately lagged out and internet died.  I think biggest timeframe regarding downtime.

As expected internal network works fine.  It's just an issue with WAN receiving a hug of love.

Edited by Dizaka
  • Sad 1
Link to comment
Share on other sites

Actually waiting for them to call me.  I know if I call them it's not a problem really and won't take it seriously.  If they call me then they'll take it seriously and at least have a record of this in their system. 

If whoever is doing this lives in the USA they have the CFAA to worry about.

Currently still needs offline.

Back online 5:40 pm eastern time.

Edited by Dizaka
  • Like 1
Link to comment
Share on other sites

  • Guest changed the title to 10/9/2020 - 00:30 Central European Time - Possible DDoS (IP address may be compromised, will change later)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...