Jump to content

When playing 0ad whole network disconnects. Network otherwise stable.


Recommended Posts

image.png.184dd6e73d296b180a06343311b2e979.png

 

1)  Kristian solo disconnect.

image.png.b9e2e2cbda317ceba8f39eeecc57490c.png

image.png.692a6a01da71b3e464e74c5e0e27fbaa.png

image.png.b3774c8fadff61cec7d4a73eaca30373.png

 

 

Either a potatoe for a PC or ...  .  Previously, and in general, his potatoe PC doesn't have issues with his games.

 

2)  Kristian/Cesar duo disconnect.

image.png.e6dca4176a7beda43389b5d3e4fd1267.png

image.png.46447db21f2501c5f6db477f69bd9c00.png

image.png.d4f510722cc60bafc6c29febed839248.png

 

Game ended afterwards.  No sure if Cesar/Kristian or other team was winning or whether it was close to end of game.  Was banned by Phyzik for being a silent spec.  Don't have replay on what happened.

image.png

Edited by Dizaka
Link to post
Share on other sites

image.thumb.png.be120038172e52e3f8200df5ad5effae.png

 

6:24 -- Go2die and Acero left spec.

 

6:27 -- Chetnik kicked for flimsy connection  (Possibly on same IP as previously)

image.png.31863391fe4cfbd948374fdbbaf9c5c5.png

 

6:47 -- Ricsand joined game.

image.png.e8c39a65f765781f5149d25fc3d34dbe.png

Join failed.  Looks normal though.

image.png.01f6e1e5315952a73b175b2cedee08a1.png

6:59 -- FrankStallone left game

7:01 -- game ended.  

 

Honestly, this was a normal 0ad game.  No multiple critical-player disconnects, etc.  It's possible that Chetnik did a whole net disco from DDOS as his IP was previously compromised.  Either way, uneventful game and done.  Ricsand probably had issues reconnecting midgame to a max 200 4v4 game with movement on all units.

 

Edited by Dizaka
Link to post
Share on other sites

8:48 -- Borg disconnected. 

 

Players IG:

image.png.001a20bd92237917330da563fc49673e.png

 

8:52 -- Was lagging.  Host kicked me.

 

8:59 -- Lapacientos lagged and was kicked.

9:00 -- Lapacientos rejoined.  Game continues.

9:03 -- Borg kicked due to timeout.

9:09 -- Borg rejoins lobby.  Must have been a somewhat strong ddos.

image.png.3676a0ebc4bb91dc6943904656916c16.png

9:24 -- Something new.  Game at a standstill.  Noone showing as lagging.  Eventually borg disconnects/times out.

9:24 -- Phyzik leaves the game.

 

Conclusion:  Way too many disconnects and reconnects this game.  Typical game has maybe a person disconnect and then come back fairly fast.  This game was all over the place for whatever reason.

Edited by Dizaka
Link to post
Share on other sites

Your ISP will never call, because they have no clue this is even happening. Their threshold will be set a lot higher.

The game logs doesn't really help.

You can either run wireshark and find out what traffic is, where it's coming from, and null route it on your router or you can request a new public IP and never host a game on the lobby. The former will fix it regardless of whether it's a DoS attack or not. And I think your router is an EdgeRouter. Maybe enable logging, but given that its already dying, that might not be the best idea.

I mean it could be a SYN flood, an ICMP flood, a UDP flood (this might be the case because of how much traffic is going through), illegal TCP flood, etc. Or even unroutable IPs. Impossible to determine with the information available.

Regardless, nothing much anyone else can do here.

Link to post
Share on other sites
2 hours ago, smiley said:

Your ISP will never call, because they have no clue this is even happening. Their threshold will be set a lot higher.

Accordingly, it's safe to assume that me calling them for this small fish is pointless as there likely won't be a good enough response.

Dear small fish, you reading this?  Go big or go home.

 

2 hours ago, smiley said:

The game logs doesn't really help.

Conclusory statement.  All of yesterday no attacks on me.  Those one or two attacks could or couldn't have been something.  Looking at my logs I couldn't figure it out as I was testing something else out that rendered the charts unusable.  However, overall yesterday my 0ad experience was fairly stable, minus the one or two weird disconnects I had. 

 

2 hours ago, smiley said:

You can either run wireshark and find out what traffic is, where it's coming from, and null route it on your router or you can request a new public IP and never host a game on the lobby. The former will fix it regardless of whether it's a DoS attack or not. And I think your router is an EdgeRouter. Maybe enable logging, but given that its already dying, that might not be the best idea.

I mean it could be a SYN flood, an ICMP flood, a UDP flood (this might be the case because of how much traffic is going through), illegal TCP flood, etc. Or even unroutable IPs. Impossible to determine with the information available.

For a distributed denial of service attack running wireshark is likely to be a pointless exercise.  If it's distributed it's coming from multiple devices under the attacker's purview that likely excludes the attacker's device(s).  However, that is an assumption worth checking out.

 

2 hours ago, smiley said:

Regardless, nothing much anyone else can do here.

Another conclusory statement that isn't necessarily true.

Edited by Dizaka
Link to post
Share on other sites
16 minutes ago, badosu said:

Hmmm.. I was thinking of adding a software level package monitor like wireshark, so would that be ineffective? Should I at least be able to track I'm being flooded?

You would be able to verify what exactly it is.  With my graphs its simply conjecture.

Link to post
Share on other sites

Guyes who really experienced DDOS while playing 0ad? I did, and i can tell you all disconnected (nothing worked, no website able to visit, no phone on wifi could get data even connected to wifi).. and it took like 10-15 minutes when it dissapeared. 

On other hand I had many "left" from hosted game without any issues of my connectivity (everything else worked well) and usually i can rejoin game after. This is probably not related to attack. What i noted if there is big attack all players got disconnected (or most of them) so it looks like they are not under attack but "host" of the game is.

 

How to monitor it? How to detect it on regular  laptop? Other that i described symptoms?

Edited by go2die
Link to post
Share on other sites

9:50 pm easter time (NY).  DDOS again.  Can't setup the monitoring yet ...

image.png.1e6a997389ae33a7bf666005b3c6e6a3.png

 

Honestly, anytime a player disconnects from a game I'd probably blame DDOS.  It seems like few network connections these days are unstable ...

 

Note:  I've offered to pay for counseling and therapy services for whoever is doing this.  Please PM me.  

Edited by Dizaka
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...