Hi everyone,
So a friend who plays games on the Xbox contacted me about getting hacked constantly when playing his multiplayer game. (NBA 2K20 )
I went over to his house a few times installing linux and using a machine to take the bridged connection from his ISP to split the connection for the home equipment and a second machine running pfsense with the Xbox behind that 2nd machine.
We’ve both now tried using VPNs and disabling multicast traffic and also only allowing established traffic… and a few other things along the way we we’ve rebuilt his network multiple times as the network would get booted offline. I think his modem may be leaking traffic somehow but I thought having a VPN up before connecting the Xbox to the network would affect that as well as a VPN in Europe.
Sunday we finally set up the main modem-bridged to modem as a DoH client and also set up a ntp client service. Things seemed to be more stable and we also had the ufw running to only allow the set xbox ports (from Microsoft) through with (vpn off) only traffic from the US allowed (on the pfsense machine).
Last night he messaged me that he got a message during game play that said “Goodbye! :-)”… a min later his network icon stopped working on the ubuntu gateway and he was offline again.
I know there must be gamers on here who have dealt with some of this stuff before and wanted to find out what your solutions have been?
Thanks in advance.
You’re just throwing darts in the dark if you can’t capture some traffic. Get a wireshark logging session on there and maybe you might learn something useful.
Since you put a firewall in place (and assuming you configured it properly) and he received a message in game before the problem, my best guess is that the game protocol is poorly implemented and the other party has an exploit.
Either that, or the other party is doing a DDoS against him, in which case there isn’t really much you can do but document the details and contact the ISP.
Change all the passwords, make them long and random (time to use LastPass.) This includes on the router, and any device along the path (your Linux box, including all accounts, most especially the root account.)
This is one case where maybe something like Stadia would actually be a benefit, assuming it offered the game being played.
We did that and last night he also added a limiter on the pfsense [sysctl.conf] file with line “Net.ipv4.tcp_keepalive_time=#”
The first thing i had him do was change passwords to longer complicated ones.
Pfsense has a console option to see the active traffic information which we used to track the international traffic connections.
That seems to have worked so I’m going to add that to the main linux gateway as well.
I want to compile solutions into one so i can share it with other players to stop this practice at the gateway.
Thanks in advance.
…
A more permanent change to TCP Keepalive will require a change to the /etc/sysctl.conf file. Example:
To make a permanent change to decrease TCP Keepalive time before testing to 300 seconds (5 minutes), edit /etc/sysctl.conf file and add:
net.ipv4.tcp_keepalive_time= X ##insert desired time