[SOLVED] DoS protection causes issues in a game?

Woji__

Honorable
Nov 28, 2016
44
0
10,530
0
Recently, I have been running into issues with a game, "Escape from Tarkov". More specifically, local servers couldn't be selected in the server configuration screen, which wasn't normal because a friend who lives relatively close has no issue.
Poking around online, I found that some people turned off DoS protection and now it works flawlessly. So I did the same, and the issue has went away. However, I cannot find a clear answer as to whether it is that important to have it on or off.
Images supplemented show the before / after of turning DoS On and Off. (Gold/Yellow box means I can tick that server and connect to it).

View: https://i.imgur.com/vQpYgyl.png
- Dos Protection ON
View: https://i.imgur.com/zaiPFNr.png
- Dos Protection OFF

Router - Zyxel VMG 3925-b10b

So my questions are :

1. What risk am I at for turning it off, should I just turn it back on and hope I do not get Dossed / Ddossed ? What are the consequences of having it off ?

2. What router could I look at to replace the current one as this has reached end-of-life. I do not want to look for "gaming" routers
as they are just pure marketing schemes, however I do not exactly know what parameters I'd be looking for to determine bad routers from good ones.
 
DOS protection like "gaming" routers is all marketing. If it was as simple as running some program on the router it would be impossible to kill big game companies servers but you hear it happen quite commonly. Denial of service attacks unlike hacks purely want to use your resources and are almost impossible to prevent.

It likely decided that the scan your pc did sent traffic to to many different remote IP addresses in a short period of time. In a real denial of service attack you have traffic coming in eating up your bandwidth from many location. By the time your router can do anything the traffic has already consumed the bandwidth.
Discarding it and making some log entry actually increases the burden on the router but it doesn't solve the problem that the bandwidth is already used up. Just the NAT function alone in the cheapest router will blindly discard the unknown traffic and protect your internal machines.

Although it is rare nobody really ddos a home user. It is rather hard because you have to send so much traffic. Some really stupid child might try it from his house but he will quickly DOS himself because he exceeds his upload rate before he can exceed the download rate on the victim and he exposes his ip address.
There are bot nets you can rent that do this but you have to hate some pretty much to pay some xxx dollars per hour to kill someone internet connection. Key is to try to not expose your IP address. Not always possible with some games that are peer to peer.

So your current router has a DSL modem in it. I will assume you are using that so it makes is a little harder to recommend a router. Your ISP likely has either specific or generic recommendations. For example does it need to be VDSL.

If you only look at ethernet connected devices there is not a lot of difference between a $50 router and a $300 router. Even very cheap routers can pass wan/lan at 1gibit, ignoring that some really cheap routers only have 100mbps ports.
This is because almost all routers are using a trick that allows the NAT function to be done in hardware rather than be done by the router cpu chip. What is interesting is that some of the fancy features say parental control on expensive router require you to disable this feature and it will cap your data rate to say 250-300mbps.

This big difference between cheap and expensive routers is the wifi. The mistake many people make is thinking a bigger number always means faster. They forget that 1/2 the wifi connection is their end device. If it also can not use stuff like wifi6 or maybe 4x4 mimo it will not run faster. The also think
it will have more coverage but technically more complex signal have less coverage and the overall coverage is limited by transmit power which is regulated by the government and almost all routers are near the maximum allowed.

Your current router matches many very common end devices. Most device if you sold them as a router would have a 1200 number on them. This is a complex marketing lie number but at least they are consistent so you can compare abilities.

You have to look at your end devices and what they support. I hope you are playing games on a ethernet connected device since all wifi is bad for online games. Do not try to "future" proof your router.
This is the mistake people who paid way to much for wifi6 routers did when they first came out and now they are find they have a outdated router less than a year later because of wifi6e.
 
DOS protection like "gaming" routers is all marketing. If it was as simple as running some program on the router it would be impossible to kill big game companies servers but you hear it happen quite commonly. Denial of service attacks unlike hacks purely want to use your resources and are almost impossible to prevent.

It likely decided that the scan your pc did sent traffic to to many different remote IP addresses in a short period of time. In a real denial of service attack you have traffic coming in eating up your bandwidth from many location. By the time your router can do anything the traffic has already consumed the bandwidth.
Discarding it and making some log entry actually increases the burden on the router but it doesn't solve the problem that the bandwidth is already used up. Just the NAT function alone in the cheapest router will blindly discard the unknown traffic and protect your internal machines.

Although it is rare nobody really ddos a home user. It is rather hard because you have to send so much traffic. Some really stupid child might try it from his house but he will quickly DOS himself because he exceeds his upload rate before he can exceed the download rate on the victim and he exposes his ip address.
There are bot nets you can rent that do this but you have to hate some pretty much to pay some xxx dollars per hour to kill someone internet connection. Key is to try to not expose your IP address. Not always possible with some games that are peer to peer.

So your current router has a DSL modem in it. I will assume you are using that so it makes is a little harder to recommend a router. Your ISP likely has either specific or generic recommendations. For example does it need to be VDSL.

If you only look at ethernet connected devices there is not a lot of difference between a $50 router and a $300 router. Even very cheap routers can pass wan/lan at 1gibit, ignoring that some really cheap routers only have 100mbps ports.
This is because almost all routers are using a trick that allows the NAT function to be done in hardware rather than be done by the router cpu chip. What is interesting is that some of the fancy features say parental control on expensive router require you to disable this feature and it will cap your data rate to say 250-300mbps.

This big difference between cheap and expensive routers is the wifi. The mistake many people make is thinking a bigger number always means faster. They forget that 1/2 the wifi connection is their end device. If it also can not use stuff like wifi6 or maybe 4x4 mimo it will not run faster. The also think
it will have more coverage but technically more complex signal have less coverage and the overall coverage is limited by transmit power which is regulated by the government and almost all routers are near the maximum allowed.

Your current router matches many very common end devices. Most device if you sold them as a router would have a 1200 number on them. This is a complex marketing lie number but at least they are consistent so you can compare abilities.

You have to look at your end devices and what they support. I hope you are playing games on a ethernet connected device since all wifi is bad for online games. Do not try to "future" proof your router.
This is the mistake people who paid way to much for wifi6 routers did when they first came out and now they are find they have a outdated router less than a year later because of wifi6e.
 

Woji__

Honorable
Nov 28, 2016
44
0
10,530
0
DOS protection like "gaming" routers is all marketing. If it was as simple as running some program on the router it would be impossible to kill big game companies servers but you hear it happen quite commonly. Denial of service attacks unlike hacks purely want to use your resources and are almost impossible to prevent.

It likely decided that the scan your pc did sent traffic to to many different remote IP addresses in a short period of time. In a real denial of service attack you have traffic coming in eating up your bandwidth from many location. By the time your router can do anything the traffic has already consumed the bandwidth.
Discarding it and making some log entry actually increases the burden on the router but it doesn't solve the problem that the bandwidth is already used up. Just the NAT function alone in the cheapest router will blindly discard the unknown traffic and protect your internal machines.

Although it is rare nobody really ddos a home user. It is rather hard because you have to send so much traffic. Some really stupid child might try it from his house but he will quickly DOS himself because he exceeds his upload rate before he can exceed the download rate on the victim and he exposes his ip address.
There are bot nets you can rent that do this but you have to hate some pretty much to pay some xxx dollars per hour to kill someone internet connection. Key is to try to not expose your IP address. Not always possible with some games that are peer to peer.

So your current router has a DSL modem in it. I will assume you are using that so it makes is a little harder to recommend a router. Your ISP likely has either specific or generic recommendations. For example does it need to be VDSL.

If you only look at ethernet connected devices there is not a lot of difference between a $50 router and a $300 router. Even very cheap routers can pass wan/lan at 1gibit, ignoring that some really cheap routers only have 100mbps ports.
This is because almost all routers are using a trick that allows the NAT function to be done in hardware rather than be done by the router cpu chip. What is interesting is that some of the fancy features say parental control on expensive router require you to disable this feature and it will cap your data rate to say 250-300mbps.

This big difference between cheap and expensive routers is the wifi. The mistake many people make is thinking a bigger number always means faster. They forget that 1/2 the wifi connection is their end device. If it also can not use stuff like wifi6 or maybe 4x4 mimo it will not run faster. The also think
it will have more coverage but technically more complex signal have less coverage and the overall coverage is limited by transmit power which is regulated by the government and almost all routers are near the maximum allowed.

Your current router matches many very common end devices. Most device if you sold them as a router would have a 1200 number on them. This is a complex marketing lie number but at least they are consistent so you can compare abilities.

You have to look at your end devices and what they support. I hope you are playing games on a ethernet connected device since all wifi is bad for online games. Do not try to "future" proof your router.
This is the mistake people who paid way to much for wifi6 routers did when they first came out and now they are find they have a outdated router less than a year later because of wifi6e.
Thank you so much for this very detailed answer. This puts my mind at ease, I was more-so looking for a new router as a backup in case of this one dying / failing or what not, so I will keep what you have said in mind and just not future proof as it does not seem necessary.

Thanks again.
 

ASK THE COMMUNITY