DDoS and now something new again?

LimeZ3_

Same here. I have a friend of mine with an HBO in network security, and as soon as he saw my router logs, he said its DEFINATELLY a targeted attack on a known IP address
It really hurt me today because only today I learned that my provider issues a dynamic IP for 1 day, and I cant change it myself
I'm in the Netherlands, so there's 0 hope to call my provider and ask him to change my ip when its 21 o clock, so my internet is basically dead until tomorrow.
I played a game of faf 1.5 hours ago. Just a usuall 6v6. Then I see that I start lagging. My friend's voices on discord become robotic, my stream drops, and then ultimatelly I timeout to all other players in the game. 30 minutes in a match. And now I can still see that the attack continues and my home wifi is battling for its life. And its been over 1.5 hours since I disconnected from faf altogether.
It restores connection for 1 or 2 minutes and then its dead again for like 10 minutes or so
I guess Ill have to use mobile hotspot until tomorrow

Playing faf with the possibility that my network dies altogether for days is out of the question, so I'm dropping this game until these dos attack issues are proven to be fixed

LimeZ3_

This post is deleted!

Neytron

@Robogear sorry but it is impossible to play with you much longer than since February, this is done by one of your viewers, I don't remember the last time I could play with you, even 2 years ago, I was already attacked on your stream, I don't blame you, it's not your fault that there are such people, I just mean that this problem was much earlier than February of this year

LimeZ3_

Can share my router's logs if someone thinks it might be useful to resolve the issue

Nuggets

@LimeZ3_ i dont know how it is in the netherlands, but for me my ip changes on router reboot

Nuggets

This is kind of a massive issue. The attacker(s) can find out everyone's ip without being in the game itself and without connecting to the lobby (as i had restrictions enabled). So I assume people can find out the ip via chat in faf (as was the case once before a while ago).
Ofc i dont know this for certain, so take this with a grain of salt. I believe we cant even disconnect from the chat on purpose, there is only the option reconmect

Kilatamoro

@Nuggets One could damage their connection, thus disconnecting from FAF and chat, and then only reconnect to FAF.

Sturmgewehr

@Nuggets said in DDoS and now something new again?:

This is kind of a massive issue. The attacker(s) can find out everyone's ip without being in the game itself and without connecting to the lobby (as i had restrictions enabled).

If I didn't know better, I would say it's the live replay, where you can watch as an observer with a delay of a few minutes.

When you read about people's experiences, it's usually during these 3-5 minutes that there are in-game problems.

Are the IPs transmitted when connecting to a live replay, or can someone intercept them?

This particular problem doesn't seem to exist in matchmaking (at least one person has written about this).
I don't play matchmaking (ladder) myself, only global. So custom games.
In other words, what is displayed as a live replay.

Perhaps the live replay should be disabled on a trial basis.

Kilatamoro

@Sturmgewehr Matchmaker games are present in live replays.

Sturmgewehr

@Kilatamoro said in DDoS and now something new again?:

@Sturmgewehr I am pretty sure matchmaker games are also in live replays. Why wouldn't they be?

The attacker must be getting the IPs from somewhere during ongoing games.
If it's from the chat system, he could attack all IPs at once. But it happens a few minutes after a game has started.
So he must know when a game has started, and he could find that out via the live replays (how else?).
Perhaps matchmaking (ladder) games are not attacked because there are too few players/too little effect, because there are few players in a match and it's not worth it?

Who knows, there must be some motivation behind it.
At least I can say that custom games with +10 players are very often attacked.

If they are attacks. No one is commenting on the situation.

Kilatamoro

@Sturmgewehr People say he attacks games with specific players, like streamers.

Brutus5000

Our IRC should not expose ips. The live-replay server surely does not expose ips.
However, if you are in a custom lobby and someone connects to you, then you expose your IP for da direct p2p connection.

xxx_LenKing_xxx

@Brutus5000 , did u know, that no ru streamer can stream faf, because they have been ddosing since february non-stop, as soon as they start a game, they literally follow at least me, Putin and Robogear even at night. And if I played without a stream, everything was OK. But now they have started ddosing everyone, SO why not make same adapter like in GAF, that hide ur ip, im shure that they ddosed faf to try lure players to their server.

xxx_LenKing_xxx

this problem has been going on for more than two years, what's the problem with making a new connector so as not to show the IP? Is there really any doubt that this is a DDoS or is there hope that it will somehow stop on its own? I assure you, FAF will be killed if nothing is done now. These DDoSers will do this endlessly.

Brutus5000

The ice adapter can do that in theory. This is called using a relay server. We used to run our own but they get killed by DDoS too. Now we are running the relay servers at a 3rd party provider but they are very expensive. so we cannot allow everybody to use it just to hide their ips.

We tried a cheaper provider but it doesn't work with the current ice adapter. So we're trying to rewrite it, but it doesn't work reliably beyond 1v1

Sturmgewehr

@Brutus5000 said in DDoS and now something new again?:

The ice adapter can do that in theory. This is called using a relay server. We used to run our own but they get killed by DDoS too. Now we are running the relay servers at a 3rd party provider but they are very expensive. so we cannot allow everybody to use it just to hide their ips.

We tried a cheaper provider but it doesn't work with the current ice adapter. So we're trying to rewrite it, but it doesn't work reliably beyond 1v1

I'm sure you have statistics for everything.
How much would it cost to force all game sessions to run via relay servers and prevent player-to-player connections from being established?

How much would need to be collected each month to cover the costs?
https://www.patreon.com/faf

Since IPs are not transmitted via the chat system or the live replay (which is once again a Hetzner server 167.235.217.62), only the custom lobbies would be affected anyway, because in matchmaking, the attacker would first have to manage to get into the randomly assembled match in order to obtain the IPs.
If he can't access the IPs anywhere else via a security vulnerability...

It doesn't have to be forever, a test for a few weeks is enough to see how the situation is in terms of connection quality/disconnections (force all game sessions to run via relay servers).

Brutus5000

The statistics of our provider are broken because our library doesn't correctly terminate connections, so we just don't know.
Assuming currently only 5% of connections run through a relay, upscaling this to 100% would increase traffic to 20x, so we'd from ~100GB to 2TB. Since prices go down the more bandwith you use with our current provider we'd be at 499$ per month (you can lookup the pricing here https://xirsys.com/pricing)

nullptr

The only solution for now is to friend all players you'd want to play with and host for friends only or host with password.

Kilatamoro

@Ctrl-K Or matchmaker, and get suspicious of who you play with, as if your local connection drops, they may be responsible. And the less players, the safer it is.

Nuggets

@Ctrl-K said in DDoS and now something new again?:

The only solution for now is to friend all players you'd want to play with and host for friends only or host with password.

I dont think thats the solution actually. I'm enforcing rating so others cant join; Rezy hosts for friends only. It still happens

Although im not 100% sure if it happens to Rezy's lobbies..