Can someone explain what happened here?

We’re winning a game of extraction 4 to zero when one of our best shooters gets knocked offline. One second he’s playing, the next second he’s at the screen where you choose between a match making game, and a custom game.

He tries to join us again, but instead ends up sitting a queue until we’re out of our match.

We end losing the match pretty much because our team is now out numbered 4 to 5.

REALLY frustrating to play down a person, and go from a near shutout to losing by 1 point because our team is missing people.

Here’s the weird part though: the GAME.

Everyone actually finished that game except for the one guy who magically got kicked out from our team (and an early quitter on their side, who they got a replacement for via JiP…).

So why is EVERYONE listed there as a DNF when we clearly finished the game?

I really get the impression that someone on the opposing team kicked my team mate offline in order to win and that is why it shows everyone as DNF.

BUT if there’s another possibility, I want to know what it is to keep it from happening again.

Please and Thank you.

You were up 4-0 and lost? That means you were relying on that other team mate way to much. All you had to do was camp 1 point and send 1 person to occasionally heckle their point so that all 5 couldn’t rush at the same time.

I do not know what caused your problem but i highly doubt the other team kicked your player

While I can not say for sure that your team mate got DDOS’d or hit offline in the layman, but it’s a lot more common in Halo 4 than it was in Halo: Reach, but still not nearly as common as it still is in Halo 3.

I do however know that people do it not only to win, but to make the game not register, or become as you see in your link incomplete. So it is possible you were under the attack of someone hitting.

> You were up 4-0 and lost? That means you were relying on that other team mate way to much. All you had to do was camp 1 point and send 1 person to occasionally heckle their point so that all 5 couldn’t rush at the same time.
>
> I do not know what caused your problem but i highly doubt the other team kicked your player

lol, trust me, that one guy is someone we ride hArd, every night.

But until he got dropped, the other team was playing slayer and not really trying to capture any of the points. Then the event happened, we’re out numbered, and all of a sudden they feel like actually playing Extraction.

That doesn’t sound fishy?

> I do however know that people do it not only to win, but to make the game not register, or become as you see in your link incomplete. So it is possible you were under the attack of someone hitting.

That’s exactly what I was thinking.

With any luck, 343 can look at the players in this game and see if any of them have a history of this before taking an appropriate action.

Maybe it was just a crazy coincidence that my buddy who has never been dropped from a game before had this happen… but it just doesn’t feel that way, and all the DNF’s for people who DID finish that game, kinda corroborates the story.

You might find this helpful:

Denial of service (DoS) or Distributed Denial of Service (DDoS) attacks: Frequently asked questions

> You might find this helpful:
>
> Denial of service (DoS) or Distributed Denial of Service (DDoS) attacks: Frequently asked questions

Awesome, thank you much!

Forwarding this on to my friends now.

If your friend was DDOS’d they would have been disconnected from the internet completely not just the game. They would not have been connected to xbox live at all let alone be in a position where they could re-join the game

Did the game go black-screen when your friend left? or when the guy on the other team left? and did they leave at the same time?

if the answer to any of these is yes then it may be a NAT issue. The host may have changed and the new host had an incompatible NAT with your team mate (which would stopped him from being able to re-join)

also, Team Throwdown has been modified so that JiP only works in the first few seconds of the game. Maybe extraction has something similar… JiP may only work for a certain amount of time and once your too far into the game it’s disabled

> If your friend was DDOS’d they would have been disconnected from the internet completely not just the game.

That’s not true, In many cases you can be removed from the game but not entirely disconnected from the internet.

Trust me.

> > I do however know that people do it not only to win, but to make the game not register, or become as you see in your link incomplete. So it is possible you were under the attack of someone hitting.
>
> That’s exactly what I was thinking.
>
> With any luck, 343 can look at the players in this game and see if any of them have a history of this before taking an appropriate action.

Don’t count on it, After playing so much ranked over the past 9 years you become familiar with who can hit, and who an not. There is a player I know of who has been able to, and does hit players offline. He’s done this for over half a decade, and he has never been disciplined.

As awful as it is, host booters are never really dealt with.

> > If your friend was DDOS’d they would have been disconnected from the internet completely not just the game.
>
> That’s not true, In many cases you can be removed from the game but not entirely disconnected from the internet.
>
> Trust me.

No I think I’m more likely to trust my own professional opinion what with being a network engineer and all…

If you have host you can boot someone from the game (and only the game) by blocking the IP of your target. A DOS is much more severe and works by overloading the entire internet connection of your target with so many packets that no real communication can actually get through resulting in a total disconnection from the internet and therefore xbox live. This is why/how DDOS attacks are able to bring down entire websites etc for hours or even days.

I would not go as far as to say that it’s impossible to only kick someone from the game with a DOS attack but it would be highly unlikely and if someone was to achieve such a feat it would simply be a fluke.

> > > If your friend was DDOS’d they would have been disconnected from the internet completely not just the game.
> >
> > That’s not true, In many cases you can be removed from the game but not entirely disconnected from the internet.
> >
> > Trust me.
>
> No I think I’m more likely to trust my own professional opinion what with being a network engineer and all…
>
> If you have host you can boot someone from the game (and only the game) by blocking the IP of your target. A DOS is much more severe and works by overloading the entire internet connection of your target with so many packets that no real communication can actually get through resulting in a total disconnection from the internet and therefore xbox live. This is why/how DDOS attacks are able to bring down entire websites etc for hours or even days.
>
> I would not go as far as to say that it’s impossible to only kick someone from the game with a DOS attack but it would be highly unlikely and if someone was to achieve such a feat it would simply be a fluke.

I respect your opinion, and the facts, but I said what I said because I have met people, and know of people who hit players offline, and have been hit out of game by said players, and it doesn’t always kick me directly offline. I am speaking from experience in these situations is all.

That doesn’t necessarily mean they are DDOSing, but merely that they found a way to manipulate the network in order to excommunicate me or others from the game, and they have.

> That doesn’t necessarily mean they are DDOSing, but merely that they found a way to manipulate the network in order to excommunicate me or others from the game, and they have.

Which is more likely the case given my friends description.

In either case, given that everyone ended with a DNF, maybe that’s a good place to start looking for people who might have a track record at these things.

> > That doesn’t necessarily mean they are DDOSing, but merely that they found a way to manipulate the network in order to excommunicate me or others from the game, and they have.
>
> Which is more likely the case given my friends description.
>
> In either case, given that everyone ended with a DNF, maybe that’s a good place to start looking for people who might have a track record at these things.

To boot someone from the game without using a DOS requires one to have host (well, in previous games. im not sure about halo 4 but it stands to reason that it would be no different)

And the only thing that comes to mind that would account for the DNFs of all players is that the host left and the new host had trouble communicating with the XBL server that set up the game (and forwards the stats to 343 when the game ends)

also, just found this…

343i also notes that the disabled motion tracker in Rumble Pro will be corrected in this Monday’s update while they look into re-evaluating the join-in-progress window across all playlists
dated 2013-02-28

> No I think I’m more likely to trust my own professional opinion what with being a network engineer and all…
>
> If you have host you can boot someone from the game (and only the game) by blocking the IP of your target.

Out of curiosity, do you think that it may be possible for 343i to prevent this in future games by having users “piggyback” off of one another? That is, could a game be designed so that a user who is able to connect to clients but not to the host can forward their data through another client?

> > > I do however know that people do it not only to win, but to make the game not register, or become as you see in your link incomplete. So it is possible you were under the attack of someone hitting.
> >
> > That’s exactly what I was thinking.
> >
> > With any luck, 343 can look at the players in this game and see if any of them have a history of this before taking an appropriate action.
>
> Don’t count on it, After playing so much ranked over the past 9 years you become familiar with who can hit, and who an not. There is a player I know of who has been able to, and does hit players offline. He’s done this for over half a decade, and he has never been disciplined.
>
> As awful as it is, host booters are never really dealt with.

Not unless they go after something bigger and has better security. Once they do that they will probably be caught and will probably go to jail for it. The FBI rarely get involved with personal dos attacks on regular people like us. Usually they only get involved when a business gets attacked.

> > No I think I’m more likely to trust my own professional opinion what with being a network engineer and all…
> >
> > If you have host you can boot someone from the game (and only the game) by blocking the IP of your target.
>
> Out of curiosity, do you think that it may be possible for 343i to prevent this in future games by having users “piggyback” off of one another? That is, could a game be designed so that a user who is able to connect to clients but not to the host can forward their data through another client?

Ok, ive put a little bit of thought into this but not a lot so im pretty much just answering of the top of my head here…

Technically yes, what you’ve described is more or less the same as a proxy (An intermediary server which forwards connections to and from the host). I suppose it could be applied in the same way as a host change caused bt the host quitting. A client loses their connection to the host and notifies the XBL server, the sever then initiates a proxy setup. everyone goes to black screen with the message ‘selecting best available proxy’ or something and once one is seleced the clients (disconnected players) communication is re-routed through the proxy.

However, there would be a lot of inherent problems with this setup. First of all, it would be extraordinarily more complex in terms of the underlying infrastructure of the XBL network as well as the netcode of the game itself. And the more complex a system is the more possible points of failure it has (redundancy can only ever be managed within reason. An online match is simply not important enough to validate the cost of have fail-overs for fail-overs of fail-overs)

Also, a suitable proxy must have a compatible NAT with the client. Without actually going into the finer details of Network Address Translation i’ll quickly describe why Open is good and Strict is bad (for the benefit of those that don’t know).

Open NAT can connect to Open, Moderate or Strict
Moderate can connect to Open or Moderate
Strict can only connect to Open

Because this is how it works it means that if you have a strict NAT then in order to participate in a game you must find at least one person with an Open NAT

If a search finds 8 people: 1 Open, 7 Moderate and 1 Strict then host will be given to the Open as it is the only one that can communicate with all the others
If the Host Quits, then only one thing can happen.
[/li]- The host will change to one of the moderates and the strict will be disconnected
The alternative would be to give Host to the strict which would result in the disconnection of all the remaining players and the game would end.

So in order to set up a proxy you must use someone with a compatible NAT.

Also, one must consider latency. Adding another hop along the route would increase latency for the client by a bit or by a lot. Sure if your proxy is very close to you or to the host then the increase in latency would be marginal but imagine a situation where the Host is in America, the Client is in Australia and the Proxy is in England… the client would surely just quit anyway. And because NAT must be met first it means that the available proxy’s may not be the most suitable choices in terms of distance.

Then you have to consider all the possible scenarios, If a person is booted and rejoins via a proxy what happens if the proxy quits? or a second player is booted and another proxy is required or an already existing proxy is booted or no one has a compatible NAT for the proxy and so on and so forth.

And finally you have to consider additional exploits. Whats to stop a proxy from lagging out or booting their clients? Or people who intentionally block their own connection from the host in order to force themselves to use a proxy (Im sure some people would find a reason to do this).

There is so much to consider and the development of such a system would be incredibly risky not to mention expensive. It would probably be safer to just migrate to dedicated servers but again that comes with a price that we would have to pay via our XBL subscriptions.

Yeah this is ddosing by the looks of it. It’s happening more commonly in matchmaking now and it happens generally to good players the most. It happens to me frequently when I got on winning streaks, needless to say I send a lot of nasty messages to the people who do it to me when I find out.

> > > > I do however know that people do it not only to win, but to make the game not register, or become as you see in your link incomplete. So it is possible you were under the attack of someone hitting.
> > >
> > > That’s exactly what I was thinking.
> > >
> > > With any luck, 343 can look at the players in this game and see if any of them have a history of this before taking an appropriate action.
> >
> > Don’t count on it, After playing so much ranked over the past 9 years you become familiar with who can hit, and who an not. There is a player I know of who has been able to, and does hit players offline. He’s done this for over half a decade, and he has never been disciplined.
> >
> > As awful as it is, host booters are never really dealt with.
>
> Not unless they go after something bigger and has better security. Once they do that they will probably be caught and will probably go to jail for it. The FBI rarely get involved with personal dos attacks on regular people like us. Usually they only get involved when a business gets attacked.

Yes that is true, but I have never met anyone who would try to do that. Most players who hit in game do it just to get a win by creating 3v4/ 2v4 situations, or try to make the game unreliable.

It’s a real shame too, because halo 3 ranked is filled with host booters right now, and nothing is being done there.

WOW - Amazing replies guys, thanks!

Still haven’t heard from 343, I don’t expect to.

But if this was something more natural and preventable on our end, I would like to know.

Pretty certain my guy said his NAT was open, but I guess I should double check that with him now.