[Dshield] Recommendation for home router

Kevin Ottalini ottalini at mindspring.com
Mon Feb 20 23:25:58 GMT 2006

For UDP testing, one of the most strenuous applications that gives immediate 
feedback is Valve's "Steam" game distribution tool and server browser (Win32 
client only).

You can download and install the Steam client for free: 

Install it and create an account (free), then go to the server browser and 
turn the filters to "all" and do a full refresh on all game types.

I have a bridged DSL connection via a Zyxel router that has minimal impact 
on TCP/UDP.  When I connect direct the best I can see is 28,332 servers 
This is not the total number of servers, in fact there are typically 100,000 
servers (see here: http://steampowered.com/status/status.html) but that 
number includes LAN as well as Internet servers so some % will not accept a 
direct query  (server queries are typically on UDP port 27015 but can vary).

When I connect using a Linksys BEFSR41V2 using one specific firmware version 
(1.45.7) I only see 20,821 servers, but any other firmware version including 
the latest will give significantly less.  I've tested netgear, brightport, 
belkin and dlink as well as worked with players that use many different 
types and they all give various (typically much poorer) results.   The 
Brightport would list 300 servers and reboot.

One of the controlling factors is the rate at which Steam sends out queries, 
many routers have problems with UDP packets due to unusually long timeouts 
or very slow packet inspection.  You can slow the Steam connection by 
changing the internet connection speed in the settings menu (requires 
restarting Steam to take effect).

Turning off router firewalls or putting them in DMZ can speed them up but 
(of course) with a significant security impact.


----- Original Message ----- 
From: "Chris Buechler"
To: "General DShield Discussion List" <list at lists.dshield.org>
Sent: Monday, February 20, 2006 2:20 PM
Subject: Re: [Dshield] Recommendation for home router

> Mark wrote:
>> I agree - the other variable is how many NAT sessions
>> can the device handle "reliably". I have seen issues
>> with NAT translations falling over. I am looking for a
>> nice OpenSource package that would allow me to test
>> the max NAT translations a router (this level) would
>> carry before breaking down. Particularly interested in
>> UDP NAT translations as these have stressed some
>> routers I've worked with than TCP translations.
> Wish I knew of something.  I've looked and came up empty.  If anybody
> has any pointers, they'd be much appreciated!
> As a poor man's test, I've setup a network on the WAN side of firewalls,
> treated as the Internet, with a BitTorrent tracker and a couple machines
> to seed a large BitTorrent file I created.  Then put a couple machines
> behind the firewall that access the seeds and tracker via NAT, and get
> them downloading the torrent.  The max throughput under those
> circumstances is a pretty good indicator of the worst-case scenario
> throughput of the firewall.  And any flaky NAT device isn't going to
> stand up to that kind of abuse.
> Though that's TCP, not UDP.  As a thought off the top of my head, maybe
> some sort of DNS stress testing tool could be used across NAT in the
> same type of private network setup to test UDP.
> -Chris

More information about the list mailing list