Raised This Month: $12 Target: $400
 3% 

Users can't connect to server after DDoS


Post New Thread Reply   
 
Thread Tools Display Modes
DarkDeviL
SourceMod Moderator
Join Date: Apr 2012
Old 01-21-2019 , 11:14   Re: Users can't connect to server after DDoS
Reply With Quote #11

Quote:
Originally Posted by nixonkat View Post
PM me I think I have an idea what this could be.
Why not just share your idea? There are chances that even if it doesn't help OP, it could help someone else later on...

Quote:
Originally Posted by ttasdasda View Post
Unblocking the port does not seem to help until I restart the server (or until enough time passes). The conclusion can be made that when a TCP connection is severed, CSGO doesn't attempt to re-establish until at least 15 minutes pass.
Quote:
Originally Posted by ttasdasda View Post
2. Finding a way to forcefully re-establish the connection. No idea how to do that.
You could always try the "heartbeat" command that should send a ping to the master servers, and see if that speeds up things.
__________________
Mostly known as "DarkDeviL".

Dropbox FastDL: Public folder will no longer work after March 15, 2017!
For more info, see the [SRCDS Thread], or the [HLDS Thread].
DarkDeviL is offline
Powerlord
AlliedModders Donor
Join Date: Jun 2008
Location: Seduce Me!
Old 01-21-2019 , 11:53   Re: Users can't connect to server after DDoS
Reply With Quote #12

Quote:
Originally Posted by ttasdasda View Post
Having analyzed several dumps, I am yet to encounter a 26900 port packet.
Have you checked outgoing traffic? My understanding is that the game server uses port 26900 for outgoing traffic to Steam unless you override it using -sport on the command line.

Edit: For people on older games such as CSS or TF2, they may still have the bug where the game server adds 1 to the sport number, so the default outgoing port is 26901 instead.
__________________
Not currently working on SourceMod plugin development.

Last edited by Powerlord; 01-21-2019 at 11:53.
Powerlord is offline
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 01-21-2019 , 14:52   Re: Users can't connect to server after DDoS
Reply With Quote #13

What do you use to mitigate?
__________________
DJEarthQuake is offline
Lubricant Jam
AlliedModders Donor
Join Date: Oct 2016
Location: United Kingdom
Old 01-22-2019 , 07:59   Re: Users can't connect to server after DDoS
Reply With Quote #14

I just typed out a lengthy reply however Cloudflare restricted me as apparently I was trying to SQL Inject or a banned word was used (lol).

I'll summarise, it seems like it's 100% your protection and I say this from experience due to being on corero and something like this happening before however it was with VoIP in-game not working/lagging. Essentially, it seems like no A2S_INFO packets are being outputted by your server thus indicating they've got bad rulings. You say it's working after 15 minutes or a restart, this is probably due to a map change triggering an output so that would make sense.

If you know who the protection is posting it here could be an idea as someone else could give you advice on that company and if they've had similar and if you don't know, do a traceroute and figure it out from there. You may be better off contacting your host (that's if they're not a crappy GSP which just resells and has no business relationship with them) and see if they can rectify this.

You know it's not an issue with your server or steam themselves as you say, it's connecting to steam just fine and I can assure you, if your network connection dropped and came back online sometime later, everything would reconnect fine (might have a few issues with some SM plugins crashing due to lost database connection but that's not to do with the server itself).
__________________
Lubricant Jam is offline
ttasdasda
Member
Join Date: Apr 2014
Old 01-22-2019 , 09:01   Re: Users can't connect to server after DDoS
Reply With Quote #15

Quote:
Essentially, it seems like no A2S_INFO packets are being outputted by your server thus indicating they've got bad rulings. You say it's working after 15 minutes or a restart, this is probably due to a map change triggering an output so that would make sense.
It has nothing to do with A2S queries, all of them work just fine after the mitigation, they also get through from time to time during the attack. The server responds to my queries, allowing me to see that half the players are still playing on the server when the attack ends (those that didn't leave because of the lagging), so I am definitely not blocked on UDP port 27015 (why would I be, I'm not even playing on the server during the attack; and why would the block get lifted as soon as I restart the server?).

Quote:
You say it's working after 15 minutes or a restart, this is probably due to a map change triggering an output so that would make sense.
Map change doesn't seem to help IIRC. Also, this whole behavior seems far too similar to that notorious "Failed to join session" error, which plagued every server hoster back in 2012-2014.

Quote:
If you know who the protection is posting it here could be an idea as someone else could give you advice on that company and if they've had similar and if you don't know. You may be better off contacting your host (that's if they're not a crappy GSP which just resells and has no business relationship with them) and see if they can rectify this.
Quote:
What do you use to mitigate?
It's a local dedicated server hosting that I've been using for nearly 5 years, I doubt anyone here is familiar with it; I don't wanna disclose it in case the attacker reads this forum (or someone decides to ddos me just for the laughs or to test my protection). During my whole time with them, I have never been taken down for more than 10 minutes, and nowadays the attacks last for 2 minutes tops; the attacks have been so rare throught these 5 years I bet most of them don't even get through the filters.

I'm pretty sure the hoster would gladly adjust the rules for me, but first I need to find the root cause of the issue.

Quote:
You could always try the "heartbeat" command that should send a ping to the master servers, and see if that speeds up things.
Thanks, I'll try this, judging by the description, it seems to be precisely what I need.

Quote:
Have you checked outgoing traffic? My understanding is that the game server uses port 26900 for outgoing traffic to Steam unless you override it using -sport on the command line.
Yeah, I have checked every single packet exchanged with the master servers, there were no signs of ports 26900/26901. Moreover, tournament organizers don't seems to be aware about that port's existence: https://www.reddit.com/r/GlobalOffen..._is_how_we_do/ (although I'm yet to see port 27018 being used by a server). Blocking port 26900 has virtually no impact on the server, while blocking remote ports 27019-27021 stops the GSLT token from being validated (although I think the server eventually uses a different port to validate; too busy to investigate this right now).

Last edited by ttasdasda; 01-22-2019 at 09:02.
ttasdasda is offline
nixonkat
Member
Join Date: Nov 2016
Location: Turkey
Old 01-23-2019 , 03:57   Re: Users can't connect to server after DDoS
Reply With Quote #16

Its quite simple.

First and foremost you must identify what company is doing the scrubbing. If its hardware from example ArborNetworks, Voxility or whatever. That already narrows it way down.

In many cases, you can do many tcpdumps etc and you wont find it. I had the exact same issue using ArborNetworks, which ratelimited the master servers. The DDOS attack might even exhaust your CS:GO server with A2S requests, and your CS:GO server then needs to reload to clear out new connections. I´ve had this issue over multiple instances. Add me on discord and we can have a talk about it
nixonkat is offline
ttasdasda
Member
Join Date: Apr 2014
Old 09-26-2019 , 14:10   Re: Users can't connect to server after DDoS
Reply With Quote #17

An update - like I said initially, this had nothing to do with ddos-protection. Steam master server downtimes crippled the servers just as well, and they were pretty frequent this year, I'm surprised so very few people were aware of this, as some of the downtimes lasted over 2 hours (each time forcing FaceIT and MM to close their queues).

Valve finally acknowledged this a little over a month ago:
Quote:
– Updated Linux dedicated servers Steam Client layer to the latest version which significantly improves TCP reconnect timeout in case of upstream connection drop.
https://blog.counter-strike.net/inde...2019/08/25188/

Haven't had the issue since.

Last edited by ttasdasda; 09-26-2019 at 14:11.
ttasdasda is offline
mkvegas
Junior Member
Join Date: Apr 2019
Old 09-30-2019 , 07:57   Re: Users can't connect to server after DDoS
Reply With Quote #18

I’ve had this issue when I switched to Linux. The first thing I’ll tell you is that your host does not have effective DDoS mitigation. Secondly, disregarding the mitigation, lets just say if you were DDoS’d, your servers should reconnect to steam just fine, which does not happen. Yep, I’ce been there. Try changing the OS to Windows if you are not planning to move to a better host. Believe me it works ;)
mkvegas is offline
Cooky
Veteran Member
Join Date: Jun 2010
Location: 127.0.0.1
Old 09-30-2019 , 09:22   Re: Users can't connect to server after DDoS
Reply With Quote #19

Quote:
Originally Posted by mkvegas View Post
I’ve had this issue when I switched to Linux. The first thing I’ll tell you is that your host does not have effective DDoS mitigation. Secondly, disregarding the mitigation, lets just say if you were DDoS’d, your servers should reconnect to steam just fine, which does not happen. Yep, I’ce been there. Try changing the OS to Windows if you are not planning to move to a better host. Believe me it works ;)
That is a solution? lol.... why not try to find the root cause?
Cooky is offline
mkvegas
Junior Member
Join Date: Apr 2019
Old 10-04-2019 , 12:31   Re: Users can't connect to server after DDoS
Reply With Quote #20

Quote:
Originally Posted by Cooky View Post
That is a solution? lol.... why not try to find the root cause?
After doing everything I am capable of, this is all I ended up with. I'll wish you good luck with finding the root cause.
mkvegas is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 10:34.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode