Are you aware of the scale of DoS attacks?

[Dizaka]

25 minutes ago, pulli23 said:

Logging gives very little information that is useful: the ip ranges won't be from the attacker, instead - for ddos at least - it's just a list of infected people. The attacker never really connects to you, they'll be sitting high and dry and let infected hosts attack you.

This.  

Logging the information is likely useless.

The only way to catch this person and/or at least to be able to narrow it down to who it is is by changing how hosting works.  From my understanding there is already some stuff being made by someone.

[Dizaka]

In a different thread I mentioned that there are different types of attacks on 0ad (see here, see below).  I think I've found something weird that may be another attack but will test more and see if it continues to happen in games starting today (new IP, hasn't happened yet).

• You have a compromised IP and the attacker attacks port 20595 to be stealthy.  This causes you from disconnecting not from the "internet" or the "multiplayer lobby" but only a "game lobby" and "in-game."  I've been unable to see excessive traffic during these "attacks" (weird ... ).  However, this has only happened while (1) waiting for/playing a  0ad game (port-specific) and (2) there is no real reason why it should be happening (port forwarding is done correctly) and (3) the issue has been alleviated by changing my public IP (so far).
  • Note:  I have not hosted any games.  If this is related to the DDOS then it's likely the DDOS person is an active player and I joined their host sometime since resetting my IP.

 

On 27/11/2020 at 6:48 PM, Dizaka said:

• Small attacks to make you lag so that host boots/kicks you.   Maybe you're annoying enough to them.
• Larger attacks to make your connection seem unstable.  You can drop from game.  You could be pushing the right buttons.
• Even large attacks if you anger particular players.  You likely will drop from game and/or unable to access internet for 2-5 mins.  At this point DDoSr is emotionally invested.
• Largest attack has been about a 25-35 min disconnection from the internet on commercial-grade equipment using a 200mbit connection.  Probably because the DDoS'er has no emotional self control.
• Attacks on host to disconnect everyone.  Maybe because they wanted to get in on a game but don't want to wait for one to end?
• Random night attacks.  My guess whoever does this has a script running through IPs at night to agitate other players with blind shots.  This could be just to deflect attention from them and onto players for "having bad internet connections."  Interestingly, there's a limited number of players in lobby mocking others for "crappy internet."

 

Edited December 23, 2020 by Dizaka

[maroder]

probably unrelated, but i was looking a few times at the progress in trac in the last weeks and often get a 503 error, saying that the service is unavailable due to capacity problems.

Is this normal for trac or is there just that much traffic going on? / or is it just my problem?

Edited December 23, 2020 by maroder

[Silier]

Hi,
it is not just your problem and it is not also normal. I dont know what is happening, but it happens more often these days.
Just wait a bit and reload the page again. We have similar issue with phabricator sometimes when there are "many" people doing requests to it, so it could be trafic, but cant say for sure.

[woodpecker]

On 19/12/2020 at 8:49 AM, smiley said:

So does your router. A compromised machine forging L3 packets would do more harm than a DoS ever could. Your router would be blindly routing all of them.

Yes, but there is no access to that data log in my router atleast.