Jump to content

Are you aware of the scale of DoS attacks?


Recommended Posts

29 minutes ago, Grapjas said:

Being Ddos'd into oblivion as we speak. Was playing in @nani 's game. The usual thing, can't do anything for a few mins outside of 0ad too. Cannot even connect to the lobby for a good while even though internet works again. Network showing spikes too.

commands.txt 594 kB · 0 downloads metadata.json 136 kB · 0 downloads

Can confirm he couldn't rejoin. I was using mobile data and stun which makes ddosing the host (me) more hard/ineffective so he probably went for @Grapjas. I recommend people to use mobile tethering with data enabled for when playing a 0ad game as it seems to deter the attacker.

  • Like 1
Link to comment
Share on other sites

In addition to the answers of 4.2. ("What sources, methods or tools can we use to collect all the information about the previous and future attacks?"):

  • I don't know if WireShark could be used in this case. I have used it several years ago, but maybe we could see all the details of the malicious traffic. I will experiment with it, but please let me know if it is a dead end, or if you have tips how to use it effectively in this case.
  • Are replays useful, @user1?
    • Can we help you analyzing more?
    • Can we help you collecting more?
      • Should the developers implement automatic gathering of relevant data?
      • Should the users be asked more prominently to provide attack reports?
        • In the Multiplayer Lobby's right column's top?
        • In chat messages?
        • Something like this? "IF YOU GET DISCONNECTED, PLEASE READ THIS [LINK](link-to-replay-uploading)"
    • Should we attach additional information to the replays?
    • Do replays contain network data, error messages and all the relevant info?
    • Can we be sure that the attacker is unable to create misleading replays?
    • Can the attacker pretend to be someone else on the forum?
Link to comment
Share on other sites

u can use this way

1 - make a group in discord (or other messenger) and use it as lobby. players need to be online there if they want to play.
2- lets suppose there r 8 online players in the group and they want to play. then the host first must change his ip by a vpn ( there r many free vpns like hotspot or psiphon), after that the host should host out of the lobby. other players can join him by the ip.

  • Thanks 1
Link to comment
Share on other sites

Imagine you have a phone number. You call someone, who notes your number. Then he becomes annoying, calling you 42 times an hour. You regret using your phone number, so next time you want to talk with him, you call me instead and ask me to dial the annoying guy on my other phone so that you can talk with him without you calling him directly. This time he'll see my phone number, instead of yours. But here's the problem: he can call you anytime on your own phone number, because he has noted it during your first call. So hiding is pointless. But I'm not an expert, so I might be wrong.

EDIT
I will read this link too, to understand VPNs better:
https://www.quora.com/When-I-connect-to-a-virtual-private-network-will-my-IP-address-change

Edited by mralex
added link
Link to comment
Share on other sites

36 minutes ago, king reza the great said:

when u use vpn it changes ur ip! its why i asked to change ip by vpn before hosting

Problem is the VPN uses the original IP.  If DDOSer has original IP and you did not change original IP then DDOSing the original IP will knock out your VPN connection.

Though I believe you know that but just putting it out there.  VPN doesn't solve everything.  VPN is good for being a client.  But as a client your IP isn't compromised unless you host.

Link to comment
Share on other sites

On 10/12/2020 at 11:03 PM, mralex said:

What method would a central server use to withstand the attacks?
Why can't the same approach be applied to player hosts and clients?

Basic enterprise grade hardware can withstand a DoS. A DDoS on the other hand, while expensive to launch is also expensive to mitigate, which is why you rent virtual servers on the cloud.

The previous thread regarding this topic has somehow been locked down now, I am not sure if its global or just for me, but I can't reply to that in my own discretion now.

I would want to be once again the bearer of bad news, but I no longer care and its getting old at this point.

Link to comment
Share on other sites

1 minute ago, Dizaka said:

Though I believe you know that but just putting it out there.  VPN doesn't solve everything.  VPN is good for being a client.  But as a client your IP isn't compromised unless you host.

Seems like you don't need to host to incur the wrath of the DoS gods.

On 11/12/2020 at 1:02 AM, Grapjas said:

Being Ddos'd into oblivion as we speak. Was playing in @nani 's game.

 

Link to comment
Share on other sites

@smiley Just get a new IP address assigned from your ISP.  You're good until you host a game.  When you host a game you expose IP to lobby.  That's how DDOSr primarly targets games.  If you don't change IP addresses after hosting that is how you get targeted as a client.

Also, by changing IP addresses you narrow down who can be DDOSing you b/c you know who was previous host.

The general rules are:

1)  Lobby knows host IP addresses.

2)  Host knows client IP addresses but not lobby.

 

Clients always safe until they host (or somehow end up in the DDOS'rs game and get compromised this way).  If clients host you expose your IP to all in lobby.

Edited by Dizaka
Link to comment
Share on other sites

On 10/12/2020 at 7:03 PM, mralex said:

What method would a central server use to withstand the attacks?
Why can't the same approach be applied to player hosts and clients?

You would use a CDN (such as cloudfare) to make the site available from several points on the internet - thus using the underlying T1 internet infrastructure to mitigate this problem. This would mean that only nation-wide ddos attacks would be succesful, as anything less just means an increase in ping (of the lobby). A cdn also includes often processes to notice attacks, and then mitigate it by temporary banning ips higher upstream.

As a private person, getting a cdn is.. Non trivial, it's both not cheap, as well as hard to get. A cdn often needs a verification of ownership of hte IP address, so you would need to find someone who trusts you enough even though the owner is an ISP and the ISP might change at will.

What would happen is that you have a central server everyone knows - but that is protected and identity is guaranteed by something like cloudfare. All communication in the lobby happens through the main server, so no one can see each other. Writing such a lobby shouldn't be too much of a task, a simple built in browser and some javascript I have made similar applications and that would take me like 2-3 months fulltime.

Then upon agreeing to a game, your lobby process would either disconnect (or not not really relevant). And the people who agree to start a server a server are given the host's ip address, while the host is (because the players connect to him) the players address. And they have a "private" game that is hidden from the lobby. This part, I have no idea how long it would take to implement I've not looked into 0ad code nor am I versed enough with c++ to say anything. (Been 10+ years since I touched c++)

 

That way for an attacker to actually do a ddos on a game, he's have to join the game (either as spectator or player). This makes it much harder to automate, as well as give a layer where we can "find" the ddos. If you would still get ddos one of the players must be the attacker - or be infected by a worm from the the attacker or something.  This could then be reported back to the lobby host who can analyze the data and find the actual attackers.

Similarly other defense mechanism could be added, like adding newest recaptcha to the lobby site to enable the power of google to find automated bots.

 

Making a dedicated lobby is the *only* step towards a solution that can be taken. (Further steps are playing the whole game on the server and not having p2p gaming at all - like modern games do).

Link to comment
Share on other sites

Ideally setup a linux machine between your router and WAN to log all connections with wireshark or something with the same functionality. I cant do it as i share wan with my neighbours. 

Log will reveal IPs, connectiontype and a whole lot of other good info. Wireshark is pretty easy to setup and use. But you must intercept all traffic to your network outside any fiŕewall. The router in my house stops the incomming connections but they still choke the line when it happens. The router does not have tools to gain the info you get with wireshark. Use no firewall on the wireshark/logging computer that as you want to log it all. Linux is good, stable and pretty secure. But dont use a machine with any personal info or things you care about. Kali Linux is probably the best OS for the task.

Best regards Woody

Edited by woodpecker
Link to comment
Share on other sites

2 hours ago, woodpecker said:

Ideally setup a linux machine between your router and WAN to log all connections with wireshark or something with the same functionality. I cant do it as i share wan with my neighbours. 

Log will reveal IPs, connectiontype and a whole lot of other good info.

So does your router. A compromised machine forging L3 packets would do more harm than a DoS ever could. Your router would be blindly routing all of them.

Link to comment
Share on other sites

Logging gives very little information that is useful: the ip ranges won't be from the attacker, instead - for ddos at least - it's just a list of infected people. The attacker never really connects to you, they'll be sitting high and dry and let infected hosts attack you.

  • Thanks 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...