Im being DDoSed when FAF Client is running
-
Already 3 times my internet provider disabled my internet for DDoS protection.
Im sure that it is related to FAF Client, as it was running every time. One time it happened in 5 min after I launched FAF and I wasnt even in game or lobby.
It doesnt happen always, but for now I plan to stop playing.
Please check your broadcast service or anything that can generate so much traffic that my provider thinks that Im being DDoSed
-
I've never heard of this happening to anyone. Not saying it can't be FAF, but it is strange.
Did your ISP give you any information to base this on? Do you have any router logs?
-
@Defiant I can assure you it happened to @Robogear and @T_R_U_putin (according to their words).
-
I can verify that the person responsible behind the DDoS claimed to target individual player ips to.
We are working on measures to mitigate this issue, but it will take time.
Until then tell your ISP that they need to protect you from DDoS not the other way round. It's 2025 and every bad actor can pull this off as soon as they get your ip...
-
there were 0 router logs for this time period when I got ddosed
today opened faf with wireshark, hoping that same thing happens that happened yesterday and I will be able to provide a dump.
but nothing happened, so I guess it really was a targeted DDoS by that guy
-
I misunderstood (my bad), I thought you were saying FAF was the source of the DDoS.
-
Do we know information to escalate to authorities? I know the initial response is "why would they bother, there are thousands of these reports". But, it could be this person has done the same in other environments - like a porch pirate who may have hit many other houses.
-
@Band228 As a quick workaround you could use a free VPN like Proton.
So I'm starting to think, if you read it like that, they jump through the lobbies, collect the IPs (logs / Wireshark) of the players and then DDoS them. And so you have a 12 player match destroyed quite quickly.
Players don't change their IPs that often, 24-hour forced disconnection hardly exists anymore, so the IP remains the same for most private connections until the router is restarted.
That's not so far-fetched. There was a time when they went through the lobbies and crashed them with a ?bug? (I don't know if they were the same ones).
@Brutus5000 Couldn't you force all connections to be established via relay (global) and prevent all P2P connections so that the private IPs don't appear anywhere (as with a VPN)? Might be worth a try.
