When playing 0ad whole network disconnects. Network otherwise stable.

[Dizaka]

6:10 pm Eastern Time.  Net down.  Private no specs game with Nani.

Update: 6:24 net still down.  Maybe a new record?

Update: 6:32 net still down.

Update: 6:34 ...

Update: 6:46 ...  Watching Netflix through a diff network ...

Update: 6:49 back online

Pic below is the start of the DDOS.  There's no middle b/c it was another big one.

Edited September 14, 2020 by Dizaka

[badosu]

Yeah, it's looking like malicious behavior from what we've seen so far

[Dizaka]

6:57:  dpikt lagging in another game.

Users:

 

 

 

Global chat:

 

Update:  Seems like Ricsand became lagsand?

 

Looks like lagsand 2x.

Edited September 14, 2020 by Dizaka

[Dizaka]

8:32 pm eastern time, or so.  Finished a game 4v4.  No lag.  No disconnects.  None.

 

Edited September 15, 2020 by Dizaka

[Dizaka]

9:13 pm eastern time, or so.  Finished a 4v4.  No lag.  No disconnects.  None.

[Dizaka]

Wasn't really on ...  But something happened here around 9:45 pm. 

Checked with family and no one really did anything.  Hoping that no machine is compromised.

 

[Dizaka]

 

Cesar did:

 

Then he disconnected twice:

 

1:  

2: 

 

Note:  Wouldn't have posted if he'd have disconnected just once.

Edited September 15, 2020 by Dizaka

[Dizaka]

 

1)  Kristian solo disconnect.

 

 

Either a potatoe for a PC or ...  .  Previously, and in general, his potatoe PC doesn't have issues with his games.

 

2)  Kristian/Cesar duo disconnect.

 

Game ended afterwards.  No sure if Cesar/Kristian or other team was winning or whether it was close to end of game.  Was banned by Phyzik for being a silent spec.  Don't have replay on what happened.

Edited September 15, 2020 by Dizaka

[Dizaka]

Game hosted by badosu.

 

Chetnik, RIP bro.

(Managed to rejoin later, see below)

Players IG:

Players that left before getting screenie:  Phyzik (see below)

Edited September 15, 2020 by Dizaka

[Dizaka]

 

6:24 -- Go2die and Acero left spec.

 

6:27 -- Chetnik kicked for flimsy connection  (Possibly on same IP as previously)

 

6:47 -- Ricsand joined game.

Join failed.  Looks normal though.

6:59 -- FrankStallone left game

7:01 -- game ended.  

 

Honestly, this was a normal 0ad game.  No multiple critical-player disconnects, etc.  It's possible that Chetnik did a whole net disco from DDOS as his IP was previously compromised.  Either way, uneventful game and done.  Ricsand probably had issues reconnecting midgame to a max 200 4v4 game with movement on all units.

 

Edited September 15, 2020 by Dizaka

[Dizaka]

8:48 -- Borg disconnected. 

 

Players IG:

 

8:52 -- Was lagging.  Host kicked me.

 

8:59 -- Lapacientos lagged and was kicked.

9:00 -- Lapacientos rejoined.  Game continues.

9:03 -- Borg kicked due to timeout.

9:09 -- Borg rejoins lobby.  Must have been a somewhat strong ddos.

9:24 -- Something new.  Game at a standstill.  Noone showing as lagging.  Eventually borg disconnects/times out.

9:24 -- Phyzik leaves the game.

 

Conclusion:  Way too many disconnects and reconnects this game.  Typical game has maybe a person disconnect and then come back fairly fast.  This game was all over the place for whatever reason.

Edited September 16, 2020 by Dizaka

[Dizaka]

 

10:00 or so.  No lag.  No disconnects.

 

Chetnik connection is smooth.  Lapacientos didn't lag out.  No issues with anyone.

[smiley]

Your ISP will never call, because they have no clue this is even happening. Their threshold will be set a lot higher.

The game logs doesn't really help.

You can either run wireshark and find out what traffic is, where it's coming from, and null route it on your router or you can request a new public IP and never host a game on the lobby. The former will fix it regardless of whether it's a DoS attack or not. And I think your router is an EdgeRouter. Maybe enable logging, but given that its already dying, that might not be the best idea.

I mean it could be a SYN flood, an ICMP flood, a UDP flood (this might be the case because of how much traffic is going through), illegal TCP flood, etc. Or even unroutable IPs. Impossible to determine with the information available.

Regardless, nothing much anyone else can do here.

[Dizaka]

2 hours ago, smiley said:

Your ISP will never call, because they have no clue this is even happening. Their threshold will be set a lot higher.

Accordingly, it's safe to assume that me calling them for this small fish is pointless as there likely won't be a good enough response.

Dear small fish, you reading this?  Go big or go home.

 

2 hours ago, smiley said:

The game logs doesn't really help.

Conclusory statement.  All of yesterday no attacks on me.  Those one or two attacks could or couldn't have been something.  Looking at my logs I couldn't figure it out as I was testing something else out that rendered the charts unusable.  However, overall yesterday my 0ad experience was fairly stable, minus the one or two weird disconnects I had. 

 

2 hours ago, smiley said:

You can either run wireshark and find out what traffic is, where it's coming from, and null route it on your router or you can request a new public IP and never host a game on the lobby. The former will fix it regardless of whether it's a DoS attack or not. And I think your router is an EdgeRouter. Maybe enable logging, but given that its already dying, that might not be the best idea.

I mean it could be a SYN flood, an ICMP flood, a UDP flood (this might be the case because of how much traffic is going through), illegal TCP flood, etc. Or even unroutable IPs. Impossible to determine with the information available.

For a distributed denial of service attack running wireshark is likely to be a pointless exercise.  If it's distributed it's coming from multiple devices under the attacker's purview that likely excludes the attacker's device(s).  However, that is an assumption worth checking out.

 

2 hours ago, smiley said:

Regardless, nothing much anyone else can do here.

Another conclusory statement that isn't necessarily true.

Edited September 16, 2020 by Dizaka

[smiley]

I didn't suggest wireshark to find the attacker, but to find the methodology so you can have appropriate defences in your router.

Feel free to do what you think is right. I don't stand to gain anything here.

[Dizaka]

[badosu]

Hmmm.. I was thinking of adding a software level package monitor like wireshark, so would that be ineffective? Should I at least be able to track I'm being flooded?

Edited September 16, 2020 by badosu

[Dizaka]

16 minutes ago, badosu said:

Hmmm.. I was thinking of adding a software level package monitor like wireshark, so would that be ineffective? Should I at least be able to track I'm being flooded?

You would be able to verify what exactly it is.  With my graphs its simply conjecture.

[Dizaka]

9:50 pm easter time (NY).  DDOS again.  Can't setup the monitoring yet ...

 

Honestly, anytime a player disconnects from a game I'd probably blame DDOS.  It seems like few network connections these days are unstable ...

 

Note:  I've offered to pay for counseling and therapy services for whoever is doing this.  Please PM me.  

Edited September 21, 2020 by Dizaka

[badosu]

cc @user1

[thankforpieOfficial]

i have same issue. same machine and internet can host game servers 24/7 (of not 0ad, other game) yet if im in 0ad lobby or 0ad game (mostly game, but lobby too  it happened) my wifi will stop working for a while, after a while (after random,short time)

 

could be ddos but its hard to believe someone does this stuff regularly to different 0ad players each day

Edited September 24, 2020 by thankforpieOfficial

[thankforpieOfficial]

its impossible to tell who does this because at most you can get IP of hacked/used machine you would have to then investigate such machine personally to search for malicious software or get court warrant to make policeman do this.

doubt you can do anything else with just IP of hacked machine

[Dizaka]

 

6:27 pm eastern time.

Game lagged horribly.  Sufficiently enough that it wasn't playable and host decided to end game.  It's as if the ddos is being scaled down to prevent games but not disconnect them.

Edited October 4, 2020 by Dizaka

[Dizaka]

Specing game.  Phyzik mentioned something about screenshots and Issh luled about them (ph4r em!).  Wasn't involved in game (was spec).

This happened around 6:46 pm easter us time.

First ddos during this game around 6:46.  This one disconnected me from game and sent me to lobby.

 

 

Received a 2nd ddos around 6:55 or so:

 

Banned from game for connectivity issues.  Host is Bonesnscars. (He did the right thing)

 

Phyzik explicitly asked for ban.  He directly stated his ph3ar of screenshots beforehand (before game started).

 

 

Double checked who else asked for my ban, out of curiosity:

 

 

Edited October 6, 2020 by Dizaka

[Dizaka]

Just did a quick search for DDOS on the forum.  Looks like this has happened with players who get singled out.  Example is Emperior:

 

 

Not really an issue to ignore.  I also haven't seen Emperior around.

Edited October 5, 2020 by Dizaka