Jump to content

pyrogenesis.exe use whole network bandwidth


woodpecker
 Share

Recommended Posts

some times pyrogenesis.exe use whole network bandwidth according to resource monitor in windows 11. it can be confirmed by my router that download speed is maxed out at prox 100mbps. this is very much like ddos but it is pyrogenesis that use the bandwidth not some external attack. i tried to disable a mods but behaviour is the same. must be a serious bug or exploit in the software. someone must really look into this...

  • Thanks 1
Link to comment
Share on other sites

9 minutes ago, woodpecker said:

some times pyrogenesis.exe use whole network bandwidth according to resource monitor in windows 11. it can be confirmed by my router that download speed is maxed out at prox 100mbps. this is very much like ddos but it is pyrogenesis that use the bandwidth not some external attack. i tried to disable a mods but behaviour is the same. must be a serious bug or exploit in the software. someone must really look into this...

interesting, happens often? ones in a while? all the time?

Link to comment
Share on other sites

31 minutes ago, woodpecker said:

I have also experienced that the game freeze the my pc and force closing is impossible. it usually happens when above mentioned problem occur. 

Could be DDOS if you are playing multiplayer when that happens.

Link to comment
Share on other sites

Yes it is during multiplayer games. Frequency varies. But some times many times during a day/night. Other times no at all. Earlier when I experienced ddos the traffic was stopped by the router and I could not see abnormal network activity on the PC. But today I could see pyrogenesis.exe occupy the whole bandwith.

Link to comment
Share on other sites

@woodpecker, when Windows determines which process to attribute UDP network traffic to, I think that its algorithm is very simple. I think that Windows just looks for a process with the same source port open as that of the incoming network packets. The symptoms that you have described sound very much like a ddos attack (100% network utilization) and a dos attack (game freezing). I've seen the same symptoms at times. Pay attention to who is online at the times that these problems occur.

I recommend that you install Wireshark and capture traffic. If you're comfortable with using the command line then I advise starting by only capturing traffic with dumpcap (part of Wireshark) since it requires administrative privileges. Once the traffic capture is stopped, display the traffic with Wireshark as an unprivileged user, since Wireshark sometimes has security flaws. Here are example commands for capturing traffic. You can store these commands in a Windows batch script file (make the extension .bat or .cmd), then simply run the batch file as Administrator each time you want to start capturing traffic.

 

C:
cd "\Program Files\Wireshark"
dumpcap -D

rem the above command will list several interfaces. Determine the name of the interface that
rem you're using for your Internet connection. An example is 
rem \Device\NPF_{567B6C39-439F-45A8-B019-C5C508569708}.

dumpcap.exe -i INSERT_YOUR_INTERFACE_NAME_HERE  -p -w "C:\Users\INSERT_YOUR_USERNAME_HERE\Documents\traffic_capture.pcap" -s 0

 

You should always scan unfamiliar software for viruses with your favored virus scanning software before deciding whether to install it. There's a free service that scans with more than 50 virus scanner programs called Virustotal. But, use what you trust. And, you should always read the manual for the software before running any commands suggested by random people. Here's the manual for dumpcap, so you know what the command line arguments do.

Ddos attacks usually have a lot of incoming UDP packets on a certain port, and no replies. The attackers seem to like to send the traffic to the port that one is running 0ad on.

 

Edited by Norse_Harold
  • Like 1
Link to comment
Share on other sites

On 25/07/2022 at 6:09 AM, Norse_Harold said:

@woodpecker, when Windows determines which process to attribute UDP network traffic to, I think that its algorithm is very simple. I think that Windows just looks for a process with the same source port open as that of the incoming network packets. The symptoms that you have described sound very much like a ddos attack (100% network utilization) and a dos attack (game freezing). I've seen the same symptoms at times. Pay attention to who is online at the times that these problems occur.

I recommend that you install Wireshark and capture traffic. If you're comfortable with using the command line then I advise starting by only capturing traffic with dumpcap (part of Wireshark) since it requires administrative privileges. Once the traffic capture is stopped, display the traffic with Wireshark as an unprivileged user, since Wireshark sometimes has security flaws. Here are example commands for capturing traffic. You can store these commands in a Windows batch script file (make the extension .bat or .cmd), then simply run the batch file as Administrator each time you want to start capturing traffic.

 

C:
cd "\Program Files\Wireshark"
dumpcap -D

rem the above command will list several interfaces. Determine the name of the interface that
rem you're using for your Internet connection. An example is 
rem \Device\NPF_{567B6C39-439F-45A8-B019-C5C508569708}.

dumpcap.exe -i INSERT_YOUR_INTERFACE_NAME_HERE  -p -w "C:\Users\INSERT_YOUR_USERNAME_HERE\Documents\traffic_capture.pcap" -s 0

 

You should always scan unfamiliar software for viruses with your favored virus scanning software before deciding whether to install it. There's a free service that scans with more than 50 virus scanner programs called Virustotal. But, use what you trust. And, you should always read the manual for the software before running any commands suggested by random people. Here's the manual for dumpcap, so you know what the command line arguments do.

Ddos attacks usually have a lot of incoming UDP packets on a certain port, and no replies. The attackers seem to like to send the traffic to the port that one is running 0ad on.

 

Thank you Norse_Harold, Ill check this out when I have the time for it.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...