Quote:
|
Essentially, it seems like no A2S_INFO packets are being outputted by your server thus indicating they've got bad rulings. You say it's working after 15 minutes or a restart, this is probably due to a map change triggering an output so that would make sense.
|
It has nothing to do with A2S queries, all of them work just fine after the mitigation, they also get through from time to time during the attack. The server responds to my queries, allowing me to see that half the players are still playing on the server when the attack ends (those that didn't leave because of the lagging), so I am definitely not blocked on UDP port 27015 (why would I be, I'm not even playing on the server during the attack; and why would the block get lifted as soon as I restart the server?).
Quote:
|
You say it's working after 15 minutes or a restart, this is probably due to a map change triggering an output so that would make sense.
|
Map change doesn't seem to help IIRC. Also, this whole behavior seems far too similar to that notorious "Failed to join session" error, which plagued every server hoster back in 2012-2014.
Quote:
|
If you know who the protection is posting it here could be an idea as someone else could give you advice on that company and if they've had similar and if you don't know. You may be better off contacting your host (that's if they're not a crappy GSP which just resells and has no business relationship with them) and see if they can rectify this.
|
Quote:
|
What do you use to mitigate?
|
It's a local dedicated server hosting that I've been using for nearly 5 years, I doubt anyone here is familiar with it; I don't wanna disclose it in case the attacker reads this forum (or someone decides to ddos me just for the laughs or to test my protection). During my whole time with them, I have never been taken down for more than 10 minutes, and nowadays the attacks last for 2 minutes tops; the attacks have been so rare throught these 5 years I bet most of them don't even get through the filters.
I'm pretty sure the hoster would gladly adjust the rules for me, but first I need to find the root cause of the issue.
Quote:
|
You could always try the "heartbeat" command that should send a ping to the master servers, and see if that speeds up things.
|
Thanks, I'll try this, judging by the description, it seems to be precisely what I need.
Quote:
|
Have you checked outgoing traffic? My understanding is that the game server uses port 26900 for outgoing traffic to Steam unless you override it using -sport on the command line.
|
Yeah, I have checked every single packet exchanged with the master servers, there were no signs of ports 26900/26901. Moreover, tournament organizers don't seems to be aware about that port's existence:
https://www.reddit.com/r/GlobalOffen..._is_how_we_do/ (although I'm yet to see port 27018 being used by a server). Blocking port 26900 has virtually no impact on the server, while blocking remote ports 27019-27021 stops the GSLT token from being validated (although I think the server eventually uses a different port to validate; too busy to investigate this right now).