Users can't connect to server after DDoS
 

For some reason, even a successfully mitigated ddos attack makes the server completely unjoinable for a good 15 minutes. Even if the attack lasted less than a minute and half the users didn't time out, new users can't connect, unless I restart the server.
I take it it has something to do with the server losing connection to steam, but surely there must be some way to fix this?


EDIT: probably should've posted this in General section

Re: Users can't connect to server after DDoS
 

Sounds more like your hosts ddos protection blocking connections but I could be wrong.

Re: Users can't connect to server after DDoS
 

looking for a solution for this as well.
Anyone have idea for this?

Re: Users can't connect to server after DDoS
 

Sounds like your host's ddos protection is blocking connections.

Re: Users can't connect to server after DDoS
 

I really do not think so that his host is blocking connection or something. If you just restart it after a seconds the server is fine. I'm telling this because, I know my host is not doing anything.

Re: Users can't connect to server after DDoS
 

I highly doubt it has anything to do with my host's ddos mitigation. Like abdulsami34 correctly pointed out, I can join the server as soon as I restart it (but can't join other servers running on the same machine). Also, getting UDP-blocked results in "retrying connection to xx.xx.xx.xx", while in this case, I don't get any errors at all. My connection to the server gets initialized, console starts spewing its usual stuff, and then it's suddenly over.

I can also contact the server just fine via other means (be it ssh, rcon or simply pinging it). The only thing that MIGHT get blocked is the server's connection to the master server of steam. I could try blocking it to test if it reproduces this effect, but I don't know what port is used by SRCDS to connect to steam.

Re: Users can't connect to server after DDoS
 

Re: Users can't connect to server after DDoS
 

Tried blocking both UDP and TCP traffic to and from 26900, no effect, I could still connect to the server just fine. Moreover, I captured the traffic for a minute using tcpdump and could't even find any traffic using this port during normal gameplay.
I'm led to believe this problem has nothing to do with ddos mitigation, it seems more and more similar to the "failed to join session" error that used to plague CSGO for years.

Re: Users can't connect to server after DDoS
 

PM me :) I think I have an idea what this could be.

Re: Users can't connect to server after DDoS
 

After some further analyzing of my 1-minute dump, I call BS on that info. At the very least, it is outdated and doesn't seem to apply to CSGO at all, and probably doesn't say the whole story about TF2 either (since they share the same GSLT system).

The gameserver DOES seem to communicate with Valve servers (those that are listed here https://bgp.he.net/AS32590#_prefixes). However, it's mostly done via TCP, not UDP, and through completely different ports. Having analyzed several dumps, I am yet to encounter a 26900 port packet. Packets coming to the game server arrive at seemingly random ports (49324, 53166, 35274, 38994 to name a few). Valve master server ports are strictly 443 (TCP), 27019 (UDP), 27020 (TCP), 27021 (TCP). Remote 27020 port seems to be directly responsible for GSLT verification, and blocking it swiftly results in exactly the same behavior that I described in my original post. Unblocking the port does not seem to help until I restart the server (or until enough time passes). The conclusion can be made that when a TCP connection is severed, CSGO doesn't attempt to re-establish until at least 15 minutes pass.
Judging from what I know about networking, it might indeed have to do with DDoS mitigation (still not sure about this, as the communication with the steam network is hardly noticeable compared to the volume of packets exchanged between the players and the server, and half the players don't even timeout). However, none of this makes any sense. A TCP connection takes dozens of minutes to timeout, yet iptables-blocking remote 27020 port even for a minute results in server losing connection to Steam for good.

I guess there are two ways of fixing it:
1. Manually whitelisting all valve master servers and praying the master server packets don't get blocked somewhere upstream
2. Finding a way to forcefully re-establish the connection. No idea how to do that.

Somewhat related: https://forums.alliedmods.net/showthread.php?t=281808

Further investigation needed...