woodpecker Posted July 24, 2022 Report Share Posted July 24, 2022 some times pyrogenesis.exe use whole network bandwidth according to resource monitor in windows 11. it can be confirmed by my router that download speed is maxed out at prox 100mbps. this is very much like ddos but it is pyrogenesis that use the bandwidth not some external attack. i tried to disable a mods but behaviour is the same. must be a serious bug or exploit in the software. someone must really look into this... 1 Quote Link to comment Share on other sites More sharing options...
woodpecker Posted July 24, 2022 Author Report Share Posted July 24, 2022 I have also experienced that the game freeze the my pc and force closing is impossible. it usually happens when above mentioned problem occur. Quote Link to comment Share on other sites More sharing options...
rossenburg Posted July 24, 2022 Report Share Posted July 24, 2022 9 minutes ago, woodpecker said: some times pyrogenesis.exe use whole network bandwidth according to resource monitor in windows 11. it can be confirmed by my router that download speed is maxed out at prox 100mbps. this is very much like ddos but it is pyrogenesis that use the bandwidth not some external attack. i tried to disable a mods but behaviour is the same. must be a serious bug or exploit in the software. someone must really look into this... interesting, happens often? ones in a while? all the time? Quote Link to comment Share on other sites More sharing options...
Stan` Posted July 24, 2022 Report Share Posted July 24, 2022 31 minutes ago, woodpecker said: I have also experienced that the game freeze the my pc and force closing is impossible. it usually happens when above mentioned problem occur. Could be DDOS if you are playing multiplayer when that happens. Quote Link to comment Share on other sites More sharing options...
woodpecker Posted July 24, 2022 Author Report Share Posted July 24, 2022 Yes it is during multiplayer games. Frequency varies. But some times many times during a day/night. Other times no at all. Earlier when I experienced ddos the traffic was stopped by the router and I could not see abnormal network activity on the PC. But today I could see pyrogenesis.exe occupy the whole bandwith. Quote Link to comment Share on other sites More sharing options...
Norse_Harold Posted July 25, 2022 Report Share Posted July 25, 2022 (edited) @woodpecker, when Windows determines which process to attribute UDP network traffic to, I think that its algorithm is very simple. I think that Windows just looks for a process with the same source port open as that of the incoming network packets. The symptoms that you have described sound very much like a ddos attack (100% network utilization) and a dos attack (game freezing). I've seen the same symptoms at times. Pay attention to who is online at the times that these problems occur. I recommend that you install Wireshark and capture traffic. If you're comfortable with using the command line then I advise starting by only capturing traffic with dumpcap (part of Wireshark) since it requires administrative privileges. Once the traffic capture is stopped, display the traffic with Wireshark as an unprivileged user, since Wireshark sometimes has security flaws. Here are example commands for capturing traffic. You can store these commands in a Windows batch script file (make the extension .bat or .cmd), then simply run the batch file as Administrator each time you want to start capturing traffic. C: cd "\Program Files\Wireshark" dumpcap -D rem the above command will list several interfaces. Determine the name of the interface that rem you're using for your Internet connection. An example is rem \Device\NPF_{567B6C39-439F-45A8-B019-C5C508569708}. dumpcap.exe -i INSERT_YOUR_INTERFACE_NAME_HERE -p -w "C:\Users\INSERT_YOUR_USERNAME_HERE\Documents\traffic_capture.pcap" -s 0 You should always scan unfamiliar software for viruses with your favored virus scanning software before deciding whether to install it. There's a free service that scans with more than 50 virus scanner programs called Virustotal. But, use what you trust. And, you should always read the manual for the software before running any commands suggested by random people. Here's the manual for dumpcap, so you know what the command line arguments do. Ddos attacks usually have a lot of incoming UDP packets on a certain port, and no replies. The attackers seem to like to send the traffic to the port that one is running 0ad on. Edited July 25, 2022 by Norse_Harold 1 Quote Link to comment Share on other sites More sharing options...
Akira Kurosawa Posted July 25, 2022 Report Share Posted July 25, 2022 Botnet? Quote Link to comment Share on other sites More sharing options...
woodpecker Posted July 28, 2022 Author Report Share Posted July 28, 2022 On 25/07/2022 at 6:09 AM, Norse_Harold said: @woodpecker, when Windows determines which process to attribute UDP network traffic to, I think that its algorithm is very simple. I think that Windows just looks for a process with the same source port open as that of the incoming network packets. The symptoms that you have described sound very much like a ddos attack (100% network utilization) and a dos attack (game freezing). I've seen the same symptoms at times. Pay attention to who is online at the times that these problems occur. I recommend that you install Wireshark and capture traffic. If you're comfortable with using the command line then I advise starting by only capturing traffic with dumpcap (part of Wireshark) since it requires administrative privileges. Once the traffic capture is stopped, display the traffic with Wireshark as an unprivileged user, since Wireshark sometimes has security flaws. Here are example commands for capturing traffic. You can store these commands in a Windows batch script file (make the extension .bat or .cmd), then simply run the batch file as Administrator each time you want to start capturing traffic. C: cd "\Program Files\Wireshark" dumpcap -D rem the above command will list several interfaces. Determine the name of the interface that rem you're using for your Internet connection. An example is rem \Device\NPF_{567B6C39-439F-45A8-B019-C5C508569708}. dumpcap.exe -i INSERT_YOUR_INTERFACE_NAME_HERE -p -w "C:\Users\INSERT_YOUR_USERNAME_HERE\Documents\traffic_capture.pcap" -s 0 You should always scan unfamiliar software for viruses with your favored virus scanning software before deciding whether to install it. There's a free service that scans with more than 50 virus scanner programs called Virustotal. But, use what you trust. And, you should always read the manual for the software before running any commands suggested by random people. Here's the manual for dumpcap, so you know what the command line arguments do. Ddos attacks usually have a lot of incoming UDP packets on a certain port, and no replies. The attackers seem to like to send the traffic to the port that one is running 0ad on. Thank you Norse_Harold, Ill check this out when I have the time for it. Quote Link to comment Share on other sites More sharing options...
Norse_Harold Posted August 7, 2022 Report Share Posted August 7, 2022 @woodpeckerStatus updates on this? Need help? Any other questions? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.