Jump to content

DDoS: See something, say something


Norse_Harold
 Share

Recommended Posts

According to lobby chat today, two games were ddosed. Some people had guesses about who was responsible. I think that some people have information that could be useful for tracking down who is responsible. Please don't be silent about it. If you prefer then you can share tips about ddos suspects privately with me and/or other WFG staff.

Here's a thread with an example of the evidence that can be collected and published surrounding ddos events.

Here's a thread about trying to make lobby bans effective.

If you're frustrated with how things are going, please contribute in similar ways.

Edited by Norse_Harold
Link to comment
Share on other sites

Good ideas.

I have never been DDOSed when I was hosting on Eduroam. This might be useful for your investigation. 

When I am at home, using a network provider called SKY, it happened only twice in hundreds of games. I had never had an error since I changed my IP address. That might be helpful for hosts who experience frequent DDOS. 

https://eduroam.org/

But:

1. Are you sure what you are experiencing is DDOS and not some bad network connection to the host? Many people play over a VPN and you probably know how unstable VPNs can be. Some countries just have poor internet providers and timeouts are frequent. On the surface it will look like a DDOS but really it isn't. 

2. 0AD can run into errors with STUN points and other program imperfections. 

 

Link to comment
Share on other sites

2 hours ago, Sevda said:

1. Are you sure what you are experiencing is DDOS and not some bad network connection to the host? Many people play over a VPN and you probably know how unstable VPNs can be. Some countries just have poor internet providers and timeouts are frequent. On the surface it will look like a DDOS but really it isn't. 

Always good to check this with each circumstance. I have traffic captures of some of the times that I have been ddosed showing maximum packet rates for the network link of either unsolicited NTP responses or DNS responses from many unique IP addresses. And, people can read past descriptions of the secondary symptoms like a high activity LED blinking on the modem despite total inability to access the Internet.

If anyone wants assistance with setting up a way to capture network traffic or otherwise diagnose whether a ddos happens, contact me. And, please make it before you get ddosed again, not during a ddos...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...