Counter Strike, Steam DDOS Attack

Hi guys,

I am enjoying seeing the product develop into a very nice application.

But at the moment, I am having trouble with the UDP Flood protection, if you use, Steam or Counter Strike, Hl2, when it is searching for servers, and the servers are sending back lots of info

Players, map, ping.

This is seen as a UDP Flood, DDOS attack, putting it into emergency mode, and my ping rate seems to stutter.

I have allowed full access, allowed ICMP (All) to access, I also increased the time for the UDP flood but it was still being triggered.

The port forwarding won’t work because its not a server? So the virtual port changes? No?

Any help, would be much appreciated.

Sarkie

Can you try decreasing the time the firewall stays in emergency mode to ZERO.

Let us know how this goes.

Ewen :slight_smile:

It has to be 10-100, I don’t mind disabling this as my router will take care of any real UDP flood attempts.

I have experienced a similar problem while trying to play a game with two computers on my local network (in this case Dungeon Siege II). When first trying to connect to the multiplayer chat room and find games to join, Dungeon Siege will essentially port scan UDP ports of computers on the local network looking for other players. This will cause Comodo to register it as a DDOS Attack and block that computer.

My entire local network is a trusted zone in Comodo. I also added a network rule to allow all traffic from the second computer (specified by its local IP address). However, the DDOS rule still goes into effect and blocks the computer.

There needs to be a way to turn off the DDOS checking or at least have an “Allow List” for trusted computers (port scanning is not always a bad thing).

My current solution is to set the Comodo on each computer to security level Allow All whenever we play the game (local network is behind a router firewall, so it’s still safe).

Any help/solution would be appreciated.

Yeah, but the problem is I am accessing the Internet, my router will take care of the DDOS attack if one ever happened.

But any help would be appreciated.

Hey sarkie,

I’d go to http://support.comodo.com, their official support site, register, login and lodge a support ticket on this. It may be that they will have to modify the flood detection routines to not check local LANS and allow an exception list for Steam (or similar) IPs.

Hope this helps,
Ewen :slight_smile:

Well im going to try the new Release:

Fixed! Few bugs which can cause DoS attacks against the firewall

:slight_smile:

But its not coming from Steam, its coming from ips that host the Servers, so it isn’t that easy. :slight_smile:

???
how will that solve the problem ?
Isn’t it just ignoring it in the same way that disabling logging of ICMP and UDP
when using a DHT-enabled bit-torrent client is ?
I mean it doesn’t fix the problem does it ? You just don’t see it in the logs …

The five posts that followed the one you quoted clearly show that the train of thought has moved away from my suggestion (probably for the best. ;)). I was only suggestiong that as a test, not as a permanent measure, anyway. Just to see if it caused a different effect.

Cheers,
Ewen :slight_smile: