Server query treated as a UDP_flood attack

3 votes

TLDR: Server list query's are being treated as a DDoS attack.

This may be a quirk of the Steam server browser or something to do with Valheims netcode - I have zero coding experience so I cant say for sure which it is. I can however say that I have seen similar things with DayZ and CS.

Network: Full-gig fibre and a beefy FortiGate firewall.

The problem is two-fold:

1) Ambient network sessions per client on my network is around 100. When the server list starts searching, that rockets to several thousands, even tens of thousands, triggering attack inspections and consuming resources.
2) Return traffic and every single client outside of my network who queries my server from the server list also opens a new session. Those sessions can come in bursts over UDP_2457, triggering DDoS udp_flood gates which in turn trigger more inspections and termination of session - and the dreaded lags for any other user traffic.

Pic attached for clarity.
Public IP's blurred because GDPR.
:)

Fixed Suggested by: King of the north Upvoted: 07 Jan, '23 Comments: 1

Comments: 1