MSFS + Stutter + DDOS + You

So Ive been having the same issues as alot of you. So I threw some $$ at the problem and bought a high end router yesterday, and WoW 40-50 FPS even during afternoon and evening peak hours. Now I thought, okay that was the problem just seems that my old router is crappy.

I get up this morning, 6:30 am (usually a good time even with the old router) and I see that Im back to 10-15 fps and everything looks terrible. So I quit the game, and log into the router to see if I mis-set something.

Reading the logs I see that I have been DDOS warning in the logs (the old router didnt keep logs), so I look up the address of the attacker, and it resolves back to server. So I searched the web to find out why the Amazonaws server was DDOS me…

It seems that if your getting the DDOS message in your logs, your machine is being used in a DDOS / Smurf attack. So reading on how to combat this, I found that by changing the mac of the router, and getting a new IP from you provider, will eliminate the DDOS attacks for the meantime.

After changing IP / Macs I restarted the game (now its comming up on prime time and expect it to be laggy)… Voila we’re back to 45-50 fps and real smooth, no lag farts whatsoever. Voila, at least until the next time when they get your IP and start again…

So not only do you have to be a systems/software engineer, you now also have to be a network engineer… Woohoo give me more of that …!!!

So for any of you suffering the stutters, I would ask you to check you router log files, and see if you are being DDOS’s, if you are, change your router IP (either as explained above or by calling your ISP) and see if this doesnt solve the problem.


Folks also need to check their hardware temps Often time stutters can come when the CPU and GPU throttles.I find my sim works best if my GPU stays in the late 60s to early 70s.A new router is something I will consider. Mine needs to be changed for sure!

1 Like

Oh wow, guess you were really unlucky with that. Im no network expert but shouldnt a firewall block such things? Also maybe check your PC for malware, maybe you have something that gives your IP out for such attacks. I really think this is a very, VERY uncommon thing. :slight_smile:

But great that you actually found a fix and not come to the forum to scream around how bad MSFS is when its obviously not MSFS causing these performance reductions. :slight_smile:

1 Like

A firewall will keep it from getting in, but you still have the overhead of a DDOS attack. The overhead of that alone seems to causing the issue. I wasnt being attacked as much as they were using my machine as one of many for the attack.

And I have been through my machine top to bottom, even took all the cards / chip out and reseated and re-thermal pasted the whole shebang, thats why I bought the new router, something in the gut told me network related, and the 1st router was a cheap one at that, so I said what the hell.

I resinstalled the old router this morning and everything was still up there where it should be, so it isnt the router, its the attacks being sent out from amazonaws causing it.

The thing is I had so many of the problems that others are experiencing, and this has fixed most of them, there are still game related one (sticky throttles and such) but the stutters have disappeared.

Next test is to turn on multiplayer and live aircraft and see what happens there. If I get stutters there, and the net traffic seems okay then thats another bug altogether.

The thing that sucks, is that for 8 weeks or so Ive been dealing with this issue, and if this is all it’s been, then the new router could of been a new chair…the old ones getting kind of worn out.


Yep. Thermal throttling will put a dent in your performance and FPS. And the avoidance of this particular evil starts with the mobo!
So the next time anyone is in the market for a new mobo make sure you compare the performance and ratings of the VRM’s.

You have been advised!

You might discover that some elements of the online functionality of FS2020 do not work if you block Amazonaws.

It’s a compute cloud which it seems MS are using for certain elements of their data distribution.

If your firewall was blocking the traffic, then they were “attempting” to use your machine as a zombie. You weren’t being DDOS’ed, they were perhaps attempting to control your machine so they could use it to attack others i.e. you were never the target.

It is impossible to stop these attacks, only deal with them by dropping the traffic as fast as possible. Some companies like Check Point offer specific hardware that sits in front of firewalls for just this purpose, but are outside the reach of home users as they can cost tens or even hundreds of thousands of pounds.


Did a nslookup on the address (it only showed as an ip in the router logs) it resolved to an amazonaws server (not all amamzoaws are security, much are like azure as well hosting virtual services) looked up on the net why is amazonaws ddos’ing me. And found this info on numerous sites, including Amazon, also sent the address of the offender to amazon security, it doesnt just affect this game but other services not related to that game at all.

So still working good, still good ping and FPS, no more attacks detected in the log file, so if your stuttering I suggest you check your router logs and see if there isnt something fishy going on there.
If there is this should help if not fix altogether…

It’s actually quicker to open resource monitor and look to see what network connections are being made to your machine.
You can filter this by service and in the case of Flightsim.exe I always see Amazonaws in the list if I have certain online data functionality active in game.
You can turn that functionality off bit by bit and see which element is being served by Amazon.

This. AWS is the lion’s share of the connections that MSFS makes. It’s not DDOS. It’s where you’re getting your MSFS data from.


Yeah thats where I was initially watching it from. From time to time there would be 2 aws connections working, but the router at the time wasnt producing log files, hence the purchase of the new router.

I host a small home server and it logs stuff like that 24/7. Pretty much everyones IP is constantly being bombarded with automatic attacks. Most of them are on port 80/443 (HTTP & HTTPS), port 22(SSH) and 53(DNS). I don’t actually get any on 53 because it’s the only port that my ISP blocks at their nodes, but my linode VPS gets absolutely hammered on that port. It’s a good idea to make sure your router/firewall is dropping those packets, not rejecting them. Rejecting them means it responds to the request to let the sender know the connection was refused. Dropping packets has the benefit of saving bandwidth, it also allows you to stay more hidden. The request will time out, and to attackers it could look like theres nothing listening on that address. It would also be a good idea to disable ICMP requests on the WAN side of your router. This stops it from responding to ping requests.

I noticed after disabling ICMP on the WAN side the number of automatic attacks dropped. I’m thinking it’s because the lack of a ping response + the timeout on every port caused the automated scanners to flag my IP as “vacant” and most of them have given up on it.

This is almost certainly NOT an actual (D)DoS attack. It is simply being classified as such by your routers firewall because of the sheer volume of packets (some of which will be speculative or maybe even innocently misdirected) being sent to you from the MSFS servers, which are hosted on Amazon AWS. The AWS load balancing systems may also cause firewall confusion, if the server you are connected to gets busy. It will then incorrectly throttle or even block that server, causing the problems you saw.

Rather than a Smurf attack, it will be triggering UDP flood defence (and/or possibly SYN flood). Rebooting the router will reset the trigger points and probably assign you to a different AWS node, which may be less aggressive (or the bulk of the data may already have been transferred) - thereby offering a temporary respite.

You can try increasing the flood threshold to prevent the router from blocking the traffic, but I am still seeing it being tripped with it set to over 2000 packets per second. It is hugely unlikely for a home user to be targeted by any type of significant DoS attack (unless you are running a public server of some kind) and even less likely for it to be of that type. Therefore, I disable UDP and SYN flood detection because of these type of issues.

Not being disrespectful, just completely don’t understand why Microsoft would use AWS for anything…shouldn’t it all be on Azure?

If it is using AWS, that’s very disconcerting.


You are quite correct that they do use Azure but they also use AWS and Akamai Technologies - though I suppose it could be 3rd party items that used the non Azure servers. I will have to check that. :thinking:

Connections are established with AWS by the core of the sim - I have tried it with all mods disabled (as shown below).

(For reference, this list of open connections is just while in the main menu - there are many more opened once in a flight)

1 Like

Any hacker can spoof their source IP to anything they want, so it is very well not Amazonaws. Amazon is not in the business of DDOS attacks as that is a felony offence.

Well I have changed mac to trigger an IP change, my connections for the game are usually
2 for akam* 1 for amazonaws and 2 that are always the same but dont resolv. so 5 total, when the stutters started I looked and I had two for amazon, the one that was kicking the ddos warning in the router, has ceased to access the router and Im back to only the 5 connections (unless I change from east to west) then you get a string of server (never counted them) until it balances back out to the 5.

Threat eliminated stutters gone fps back to normal…HMMMMM

The whole point of the thread was if you have stutters check to see if you have any DDOS or Smurf attack warnings in your router logs…if you do and change your IP and they dont come back, well there ya go they were not a real amazonaws.

I’ll take what I read on the amazon boards as being factually since well they work there and are familiar with their own networks…It doesnt just happen to this game either there are documented occurances with the same deal on other Amazon services…

But whatever Im done, was meant as a heads up check your router for issues but everyone wants to argue…


Just trying to help explain what’s going on… :man_shrugging:

You may have started the thread but there could be others having the same issues, so I am just trying to rub a few facts on it as well as a little conjecture of my own. I’m reasonably confident that my networking experience and qualifications are up to the task. :+1:

Not arguing with you, all i’m saying is a hacker can target any IP on the internet, but to hide his/her tracks, they can spoof their source IP to anything they want to make it look as if it’s coming Amazon, IBM, etc. So having your ISP change your routers IP, did help. For all we know, that DDOS attack could have come from China, Ukraine, Russia, who knows… You would need to capture the packets to possibly find some clues within the data… Network Engineer for years

1 Like