DDoS and now something new again?
-
The ice adapter can do that in theory. This is called using a relay server. We used to run our own but they get killed by DDoS too. Now we are running the relay servers at a 3rd party provider but they are very expensive. so we cannot allow everybody to use it just to hide their ips.
We tried a cheaper provider but it doesn't work with the current ice adapter. So we're trying to rewrite it, but it doesn't work reliably beyond 1v1
He said, "I've been to the year 3000
Not much has changed, but they live underwater
And your great-great-great-granddaughter
Is playin' FAF, playin' FAF" -
@Brutus5000 said in DDoS and now something new again?:
The ice adapter can do that in theory. This is called using a relay server. We used to run our own but they get killed by DDoS too. Now we are running the relay servers at a 3rd party provider but they are very expensive. so we cannot allow everybody to use it just to hide their ips.
We tried a cheaper provider but it doesn't work with the current ice adapter. So we're trying to rewrite it, but it doesn't work reliably beyond 1v1
I'm sure you have statistics for everything.
How much would it cost to force all game sessions to run via relay servers and prevent player-to-player connections from being established?How much would need to be collected each month to cover the costs?
https://www.patreon.com/fafSince IPs are not transmitted via the chat system or the live replay (which is once again a Hetzner server 167.235.217.62), only the custom lobbies would be affected anyway, because in matchmaking, the attacker would first have to manage to get into the randomly assembled match in order to obtain the IPs.
If he can't access the IPs anywhere else via a security vulnerability...It doesn't have to be forever, a test for a few weeks is enough to see how the situation is in terms of connection quality/disconnections (force all game sessions to run via relay servers).
-
The statistics of our provider are broken because our library doesn't correctly terminate connections, so we just don't know.
Assuming currently only 5% of connections run through a relay, upscaling this to 100% would increase traffic to 20x, so we'd from ~100GB to 2TB. Since prices go down the more bandwith you use with our current provider we'd be at 499$ per month (you can lookup the pricing here https://xirsys.com/pricing) -
The only solution for now is to friend all players you'd want to play with and host for friends only or host with password.
-
@Ctrl-K Or matchmaker, and get suspicious of who you play with, as if your local connection drops, they may be responsible. And the less players, the safer it is.
-
@Ctrl-K said in DDoS and now something new again?:
The only solution for now is to friend all players you'd want to play with and host for friends only or host with password.
I dont think thats the solution actually. I'm enforcing rating so others cant join; Rezy hosts for friends only. It still happens
Although im not 100% sure if it happens to Rezy's lobbies..
-
It is unclear to me whether these sudden disconnects are related to background DDoS activity, or specifically targeted attacks, or unexpected bugs in FAF, or connection issues on the users side, or a combination of all of 'em.
I can offer to look into targeted DDoS cases, but to do so, I need specific logs and timestamps when it occurred.
To be clear: I will not be able to solve the issue, but perhaps together we can find a strategy, or can narrow it down.
Hopefully, the core issue will be resolved in the future - until then, if you have time to spare and want someone to look over your case, please create a moderation ticket in Discord and ping me.
-
@magge said in DDoS and now something new again?:
but to do so, I need specific logs and timestamps when it occurred.
How can we provide it? Is there a need to enable specific log settings in the client?
-
The FAF-related logs would include the game log, IRC log, and ICE log with the exact timestamps when the issue occurred.
Additional helpful logs would be from network diagnostic tools, network/router and/or firewall logs. These are more user/system/environment-specific and need to be handled individually in the ticket itself.
All these (additional) logs may probably beyond the scope of the average user to know about, but I will try to keep the instructions as simple as possible to help find this information.
-
There are many log options in client that are disabled be default. For a guideline one would not only need to specify where to find them, but also which bars to enable to begin with. Should log be DEBUG or TRACE? I don't see IRC log option here, am I missing anything?
-
Who are the people who have access to players IP?
xirsys.com
...
... -
I got DDoS'd the first and only time when I clicked on this guys link. Ever since my internet recovered I seem to be the laggy one in games. I think he was farming our IP's as soon as we open his randomly generated cat girl links. The DDoS happened exactly after the game finished. Replay: #25421055
- How can I see who the host of this game was?
- How can I see past DM conversation with him in FAF? That's where the link is that he sent me, after which I got DDoS'd and never recovered fully to have smooth games again.
-
@Thorkan But how exactly do you know that you got ddosed?
-
@ZLO My Internet went down for several hours. Nothing loaded anymore. Same with other devices on the same Wifi, like my phone.
-
Ever since my internet recovered I seem to be the laggy one in games.
Unless you have a static ip, which is super rare and usually costs extra it is highly unlikely that you notice any difference once the DDoS stops. That sounds like different problems.
-
It would certainly be interesting to find out why your internet went down completely. Maybe you can find some sort of logs in your router?
-
@BlackYps I'ts the landlords router. I don't have access. Does anyone have answers to my 2 questions? That's were we have a clue.
-
@Sainse The logging level should be DEBUG and the box for the ICE log has to be checked. IRC is logged by default.
@Thorkan PM conversations can not be seen again, when the client was closed. When you have indications or evidence that there is a malicious actor, then contact the moderators through a moderation ticket, please.
-
man this is frustrating. half my games i disconnect within 6 minutes of the game starting. Completely drops my internet. These losers need to get a life and stop trying to ruin FAF
-
Same. Now, I failed to connect to players in any lobby -- am I being personally attacked, due to my IP being exposed?
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login