I am rather new to this forum but I will try my best to explain my situation.
I run a game server for an outdated game called Project Reality. The community is rather small and the remaining servers fight over the playerbase every evening in order to get their server so-to-say running. During this phase often we have noticed that other server providers and their community may be attacking our servers to crash our service and gain our playerbase onto their own server(quite an unique situation). While most would see that this is a situation with no resolution as the source code for the game is not available and the way the servers often crash unsolvable, we still play the game because we love it for what it is.
The way this game works is that there is a master server controlling all the subordinate community servers. Thanks to that we believe that someone may be manipulating through master server in a man-in-the-middle attack or fuzzing, ddosing the port connection goes through. While we believe this is happening we do not know how to see how this is done or identify the attacker. So there is the question:
How and what can we do in order to either secure this port the service contacts the master server, identify the attack vector used or identify the attacker at all? Should I start collecting pcap of when the server is running? See what sort of information goes through that UDP port and find anomalies?
What I know so far:
I have not seen any spikes in network activity while these crashes happen. So simple stressing-the-ports has not been going on.
We are almost confident that there is attacking going on but unsure how or who does it.
Developers for the mod confirm that these attacks have been going on and don't know how they happen or who is doing them. Also they confirm that the master server is the culprit in most of the crashes.
Any suggestions are highly welcome of what steps I should take. Thanks.
