Please provide a step-by-step process of how the bug can be reproduced. The more details you provide us with the easier it will be for us to find and fix the bug:
Hello @JayCee, weāll need you to share further details in order to be able to assist with this matter.
Are you hosting the server yourself?
If so, have you looked into our troubleshooting guide?
Weād need you to share full crash dumps and/or logs to look into the matter:
If not, have you reached your current server provider in order to determine if there could be any possible issue on their end, either hardware or network related?
Any updates on this ? Thereās quite a few threads on this and it would make sense if we all collaborated.
My server rent is due on 15th Jan and I donāt want to renew until this is fixed. Someone at funcom must know why the cookie/handshake errors occur or at least what it meansā¦
The server (1322) is under attack for about 1 hour. I donāt know where to go for this. The delay value continuously increases to 1020. DDos DDos DDos
For the looks of the logs, somebody is clogging your serverās network. You should get in touch with your server provider to look into it and monitor future attacks.
Weāre also looking into increasing network security and filters on our end.
Apologies for the frustration.
The offender in this case is sending many āConnectā packets to FunComās Conansandbox.exe server programme on the UDP port. The conan exiles server programme canāt handle the volume of handshake requests and locks/freezes up. (I counted c4,000 requests in one attack) ā this just looks like normal traffic and wouldnāt trigger any anti-ddos.
Also quite important to note that the server bandwidth is never stressed under this attack. Your comment @Ignasi about clogging my server network is incorrect.
These are malformed UDP packets according to a friend.
To be clear my server never freezes up only the conan program so the attack specifically targets funcom conanserver.
Have you seen the amount of 1020 ping threads in these forums over the last few weeks alone? This is a major issue for populated servers.
Two further questions:
Have funcom acknowledged that this attack is happening on many many servers? Both private and on gportal?
Is anything being done about it & if so when can we get an update?
The only solution which I know of is to whitelist IP addresses in the firewall, which is hugely impractical.
You could also have a log parser that when that action happen to many times it will null-route in prerouting the source ip. But youāll probably need a linux/*bsd firewall for that.
Probably when we get the patch for the modding engine not allowing thralls to eat and leveling, and to fix all the other exploits that canāt be said on forums or the thread get locked and hidden.
Remember this game is also for console, so it make sense for them to wait and make a big patch so it can be pushed to all platforms at once.
It make sense, I donāt blame them, so always think they wonāt make a pc-only patch, that would sprout angst between pc and console players.
