Now , comparing websites servers to .. login/gaming servers , I think it's time for me to give you a smile and .. let it be
You could realize that in many MMO launchers you are logging in into one webpage embed into the application y'know...
So yeah, one website, the protection can very well be applied, even when not it flows the same way, this is why you can login in your account in the website of the game or in the game itself, they are not two completely different things when it comes to what would be targetted by one DDOS.
That largest attack was 400 gigabit per second not 400 gigabyte (that would be 3200 gigabit).
I don't think it's quite as easy as saying launchers = websites and cloudflare can protect websites so studios should be able to protect launchers....
The login/launcher will call stuff in a domain, what matters is that DNS is protected.
And this is simply one service that is the the website proxy, there's stuff for the IP Protection (TCP / UDP), Network (BGP) and so forth, this stuff exists for such purposes.
And if it was so simple everyone would be mitigating DDoS attacks and there wouldn't be any need for specialist services like Cloudflare with their massive infrastructure.
And if it was so simple everyone would be mitigating DDoS attacks and there wouldn't be any need for specialist services like Cloudflare with their massive infrastructure.
You got what I said wrong, the need for the services is fundamental, they provide the infrastructure and systems that you need to defend your service.
When I mentioned the web page in launcher is kinda in a simple way, if you get your launcher application to load in say launcher.mysite.com to login, and that DNS is under Cloudflare, then your login server is being proxied by their network. Other services have different types of defense against it.
Don't tell me I got it wrong. As I said, if it is was so simple everyone would be mitigating DDoS attacks. You said "And this is simply one service that is the the website proxy, there's
stuff for the IP Protection (TCP / UDP), Network (BGP) and so forth,
this stuff exists for such purposes." but that is stuningly simplified view on the subject.
Do you know of any game launchers that are protected by a service like Cloudflare?
rpmcmurphy said: You said "And this is simply one service that is the the website proxy, there's
stuff for the IP Protection (TCP / UDP), Network (BGP) and so forth,
this stuff exists for such purposes." but that is stuningly simplified view on the subject.
Do you know of any game launchers that are protected by a service like Cloudflare?
You did got it wrong, the simply part is of Cloudflare being the website proxy here, other services around have different types of protection within the DDoS sphere.
Not possible to tell even, was tinkering with it myself, it's possible even if you have to open a webpage (I've saw this before) to confirm the login and the launcher just awaits confirmation and logins, 100% going through their network and protection.
rpmcmurphy said: You said "And this is simply one service that is the the website proxy, there's
stuff for the IP Protection (TCP / UDP), Network (BGP) and so forth,
this stuff exists for such purposes." but that is stuningly simplified view on the subject.
Do you know of any game launchers that are protected by a service like Cloudflare?
You did got it wrong, the simply part is of Cloudflare being the website proxy here, other services around have different types of protection within the DDoS sphere.
Not possible to tell even, was tinkering with it myself, it's possible even if you have to open a webpage (I've saw this before) to confirm the login and the launcher just awaits confirmation and logins, 100% going through their network and protection.
Jeebus... I did not get anything wrong, just lay off with the accusations... My point was that DDoS mitigation is not as simple as you were trying to make out, that is not a wrong statement. Saying that there are things that protect services does not mean it is trivial to implement like you want to imply.
Now , comparing websites servers to .. login/gaming servers , I think it's time for me to give you a smile and .. let it be
You could realize that in many MMO launchers you are logging in into one webpage embed into the application y'know...
So yeah, one website, the protection can very well be applied, even when not it flows the same way, this is why you can login in your account in the website of the game or in the game itself, they are not two completely different things when it comes to what would be targetted by one DDOS.
The fuck ? That is a simple (launcher) "call" , in order to just display some website links. Nothing more, nothing less. It has nothing to do with whatever you are saying.
Wikipedia "embed" ...
Reporter: What's behind Blizzard success, and how do you make your gamers happy? Blizzard Boss: Making gamers happy is not my concern, making money.. yes!
Jeebus... I did not get anything wrong, just lay off with the accusations... My point was that DDoS mitigation is not as simple as you were trying to make out, that is not a wrong statement. Saying that there are things that protect services does not mean it is trivial to implement like you want to imply.
Perhaps I should just put you on ignore?
Dahell you're throwing the accusation implying something I didn't mean. I mentioned that is just only one of the types of protection you can get for your service not how hard the implementation is.
The fuck ? That is a simple (launcher) "call" , in order to just display some website links. Nothing more, nothing less. It has nothing to do with whatever you are saying.
Wikipedia "embed" ...
Some do others do not, some games are indeed embedding one website in the application launcher, even in-game they do that, in one in-game example, the Trading Post in Guild Wars 2 is one website:
Wow! I should just stop trying to explain some basics to you , @MaxBacon
That GuildWars 2 screen shot , it's a mysql "call" in order to display the items in the Trading Window from the database. It has nothing, nothing to do with what we've been talking about. That window acts like a "browser" , while calling mysql , just for you to understand wtf is there. They could of show you some names and numbers , but then you will QQ because you don't understand a think. Plus, read that last part from that screen shot ( loud and clear ) "from the content server" .
Reporter: What's behind Blizzard success, and how do you make your gamers happy? Blizzard Boss: Making gamers happy is not my concern, making money.. yes!
Everyone has their own idea of how DDOS attacks work and how to effectively limit them.
Most are incorrect how you can limit them.
As a network guy myself I can tell you it is a hell of a task and there is no "complete fix". Cloudflare is not going to end DDOS, launchers would never use cloudflare they would use their own network settings that are directly called from the application.
Any MMO that is client base that is using a web service to effectively login deserves to be dropped by DDOS, I can't think of a worse way to create a login server.
There is plenty of tools to auto ban ips that smash servers, however when they come in droves that software will fail as it will never be able to keep up in time to be effective, that is when you need man power to directly block off IP blocks from countries and regions. And slowly open them back up after time.
When we have an oh shit moment aka red alert on servers, you better believe there is man power directly interfacing the server physically as in go to the server farm location and deal with the issue. No Cloudflare is going to stop that, it can limit it but once the proxies get overwhelmed it is going to be the same thing.
One thing to note is some attacks are orchestrated to do nothing but data mine for an even bigger attack later. You better believe that these botnets are documenting the proxies that they are being passed to and once its a big enough list, cloudflare will be on its knees too.
As many have said, it is not a complete preventable defense there is no DDOS protection, all you can do is do your best to limit the effect. We'd need a complete re-architecture of the internet as we know it to effectively kill DDOS as we know it. However it will just reign in some new type annoying attacks.
If there is a will, there is a way.
[[ DEAD ]] - Funny - I deleted my account on the site using the cancel account button. Forum user is separate and still exists with no way of deleting it. Delete it admins. Do it, this ends now.
That GuildWars 2 screen shot , it's a mysql "call" in order to display the items in the Trading Window from the database. It has nothing, nothing to do with what we've been talking about. That window acts like a "browser" , while calling mysql , just for you to understand wtf is there. They could of show you some names and numbers , but then you will QQ because you don't understand a think. Plus, read that last part from that screen shot ( loud and clear ) "from the content server" .
...look at what happens the Trading Post doesn't load the webpage properly due high load:
The styling of the page didn't load, as it happens sometimes when we load a webpage too slowly. Remotely loading in websites that is what it is doing:
If a group of attackers wants to take down that service in GW2, they would attack those websites, and that is where protection to mitigate attacks can roll in.
I'm still trying to figure out what Avast is saying gamers can do other than buy the premium version of Avast that is.
Somehow I think that if you do shell out the $90, you're still going to be inconvenienced by DDOS attacks on the games you play just the same as before... which is actually very rarely.
Tinfoil hat theory: Avast did it
"Social media gives legions of idiots the right to speak when they once only spoke at a bar after a glass of wine, without harming the community ... but now they have the same right to speak as a Nobel Prize winner. It's the invasion of the idiots”
― Umberto Eco
“Microtransactions? In a single player role-playing game? Are you nuts?” ― CD PROJEKT RED
Notice how his suggestion towards the looming fear of "Artificial Intelligence" is to "take appropriate security measures" or at least use good password practices? So he wants a secure internet for those who pay the toll.
It's a money market of course.
People want and heavily fight in the defense of the freedom of the internet, shall Nobody ever be able to handle control, then obviously its insecure design in so many areas became one massive industry.
If you have the money, you can buy security, you won't buy guarantees but you betcha while others will be facing disruptions lasting hours, you will be facing minutes.
This is never going to change unless things grow to a scale of severity that can't be ignored.
I'm still trying to figure out what Avast is saying gamers can do other than buy the premium version of Avast that is.
Somehow I think that if you do shell out the $90, you're still going to be inconvenienced by DDOS attacks on the games you play just the same as before... which is actually very rarely.
Tinfoil hat theory: Avast did it
You're not far off really.
IT industry builds and matures a connected network that is inherently unsecure by design. They then monetize the hell out of operating safely on that network.
If the industry and corporate giants were really concerned about security, botnets, and malware they wouldn't try and squeeze the masses for money to fix it.
Notice how his suggestion towards the looming fear of "Artificial Intelligence" is to "take appropriate security measures" or at least use good password practices? So he wants a secure internet for those who pay the toll.
Thirty years later we're still having the same discussion. They're as much a part of the problem as the cyber terrorists.
The whole anti-virus industry is built on subtle and not so subtle fear-mongering. I was curious about Avast and took a look at their comparison page. These little bits stood our for me:
Spot fakes: Make sure the banking site you’re visiting is the one you think it is.
Forget your passwords: Except one. Log in anywhere with your master password; we’ll remember the rest.
"Social media gives legions of idiots the right to speak when they once only spoke at a bar after a glass of wine, without harming the community ... but now they have the same right to speak as a Nobel Prize winner. It's the invasion of the idiots”
― Umberto Eco
“Microtransactions? In a single player role-playing game? Are you nuts?” ― CD PROJEKT RED
If you have the money, you can buy security, you won't buy guarantees but you betcha while others will be facing disruptions lasting hours, you will be facing minutes.
You of course are talking about disruptions of the provider, not the user. The user's disruption during a DDOS attack to the provider will be exactly the same regardless of extra security despite the title of this article "what gamers can do."
Fact is that gamers can do nothing to lessen their own inconvenience.
"Social media gives legions of idiots the right to speak when they once only spoke at a bar after a glass of wine, without harming the community ... but now they have the same right to speak as a Nobel Prize winner. It's the invasion of the idiots”
― Umberto Eco
“Microtransactions? In a single player role-playing game? Are you nuts?” ― CD PROJEKT RED
If a group of attackers wants to take down that service in GW2, they would attack those websites, and that is where protection to mitigate attacks can roll in.
No it's not remotely loading in websites, this is all internalised stuff, it just looks like there's contention on the database server.
If someone was to DDoS any of those 3 links all they would do is flood the webserver which would be hosted in an isolated VM. It wouldn't affect the database server and therefore it wouldn't affect things for people in game. All ANet would need to do to stop the attack would be to drop the redirect rule for external access, those webpages are non-essential after all.
The whole point of targeting auth servers is that the company cannot close them off.
Iselin said: You of course are talking about disruptions of the provider, not the user. The user's disruption during a DDOS attack to the provider will be exactly the same regardless of extra security despite the title of this article "what gamers can do."
Fact is that gamers can do nothing to lessen their own inconvenience.
In the gamer side of course this is beyond us, the only thing that makes one DDoS worse is everyone spamming the servers trying to get in while a DDoS is already overwhelming it.
The thing is MMO login servers are weak as everything, one player peak and they can get overwhelmed by themselves.
You just put a small DDoS over that and you can disrupt their service, there needs to exist more mitigation there and more scalability, the fact the mitigation services can fail if doesn't mean the mitigation should be ignored; in our company services we literally went from hours of service disruption to minutes (in a month).
I also have game servers of decently high activity that face frequent attacks, the amount of money we had to pay just for DDoS mitigation shows a clear difference and results in way less downtime with an insignificant fraction of what proper business companies can afford.
Comments
So yeah, one website, the protection can very well be applied, even when not it flows the same way, this is why you can login in your account in the website of the game or in the game itself, they are not two completely different things when it comes to what would be targetted by one DDOS.
I don't think it's quite as easy as saying launchers = websites and cloudflare can protect websites so studios should be able to protect launchers....
And this is simply one service that is the the website proxy, there's stuff for the IP Protection (TCP / UDP), Network (BGP) and so forth, this stuff exists for such purposes.
When I mentioned the web page in launcher is kinda in a simple way, if you get your launcher application to load in say launcher.mysite.com to login, and that DNS is under Cloudflare, then your login server is being proxied by their network. Other services have different types of defense against it.
Do you know of any game launchers that are protected by a service like Cloudflare?
Not possible to tell even, was tinkering with it myself, it's possible even if you have to open a webpage (I've saw this before) to confirm the login and the launcher just awaits confirmation and logins, 100% going through their network and protection.
Jeebus... I did not get anything wrong, just lay off with the accusations...
My point was that DDoS mitigation is not as simple as you were trying to make out, that is not a wrong statement. Saying that there are things that protect services does not mean it is trivial to implement like you want to imply.
Perhaps I should just put you on ignore?
Wikipedia "embed" ...
Reporter: What's behind Blizzard success, and how do you make your gamers happy?
Blizzard Boss: Making gamers happy is not my concern, making money.. yes!
Some do others do not, some games are indeed embedding one website in the application launcher, even in-game they do that, in one in-game example, the Trading Post in Guild Wars 2 is one website:
That GuildWars 2 screen shot , it's a mysql "call" in order to display the items in the Trading Window from the database. It has nothing, nothing to do with what we've been talking about. That window acts like a "browser" , while calling mysql , just for you to understand wtf is there. They could of show you some names and numbers , but then you will QQ because you don't understand a think. Plus, read that last part from that screen shot ( loud and clear ) "from the content server" .
Reporter: What's behind Blizzard success, and how do you make your gamers happy?
Blizzard Boss: Making gamers happy is not my concern, making money.. yes!
Everyone has their own idea of how DDOS attacks work and how to effectively limit them.
Most are incorrect how you can limit them.
As a network guy myself I can tell you it is a hell of a task and there is no "complete fix". Cloudflare is not going to end DDOS, launchers would never use cloudflare they would use their own network settings that are directly called from the application.
Any MMO that is client base that is using a web service to effectively login deserves to be dropped by DDOS, I can't think of a worse way to create a login server.
There is plenty of tools to auto ban ips that smash servers, however when they come in droves that software will fail as it will never be able to keep up in time to be effective, that is when you need man power to directly block off IP blocks from countries and regions. And slowly open them back up after time.
When we have an oh shit moment aka red alert on servers, you better believe there is man power directly interfacing the server physically as in go to the server farm location and deal with the issue. No Cloudflare is going to stop that, it can limit it but once the proxies get overwhelmed it is going to be the same thing.
One thing to note is some attacks are orchestrated to do nothing but data mine for an even bigger attack later. You better believe that these botnets are documenting the proxies that they are being passed to and once its a big enough list, cloudflare will be on its knees too.
As many have said, it is not a complete preventable defense there is no DDOS protection, all you can do is do your best to limit the effect. We'd need a complete re-architecture of the internet as we know it to effectively kill DDOS as we know it. However it will just reign in some new type annoying attacks.
If there is a will, there is a way.
The styling of the page didn't load, as it happens sometimes when we load a webpage too slowly. Remotely loading in websites that is what it is doing:
https://tradingpost-live.guildwars2.com/ (the old location of it)
https://gemstore.staticwars.com/
https://gemstore-live.ncplatform.net/
If a group of attackers wants to take down that service in GW2, they would attack those websites, and that is where protection to mitigate attacks can roll in.
Somehow I think that if you do shell out the $90, you're still going to be inconvenienced by DDOS attacks on the games you play just the same as before... which is actually very rarely.
Tinfoil hat theory: Avast did it
“Microtransactions? In a single player role-playing game? Are you nuts?”
― CD PROJEKT RED
People want and heavily fight in the defense of the freedom of the internet, shall Nobody ever be able to handle control, then obviously its insecure design in so many areas became one massive industry.
If you have the money, you can buy security, you won't buy guarantees but you betcha while others will be facing disruptions lasting hours, you will be facing minutes.
This is never going to change unless things grow to a scale of severity that can't be ignored.
Spot fakes: Make sure the banking site you’re visiting is the one you think it is.
Forget your passwords: Except one. Log in anywhere with your master password; we’ll remember the rest.
“Microtransactions? In a single player role-playing game? Are you nuts?”
― CD PROJEKT RED
Fact is that gamers can do nothing to lessen their own inconvenience.
“Microtransactions? In a single player role-playing game? Are you nuts?”
― CD PROJEKT RED
No it's not remotely loading in websites, this is all internalised stuff, it just looks like there's contention on the database server.
If someone was to DDoS any of those 3 links all they would do is flood the webserver which would be hosted in an isolated VM. It wouldn't affect the database server and therefore it wouldn't affect things for people in game. All ANet would need to do to stop the attack would be to drop the redirect rule for external access, those webpages are non-essential after all.
The whole point of targeting auth servers is that the company cannot close them off.
The thing is MMO login servers are weak as everything, one player peak and they can get overwhelmed by themselves.
You just put a small DDoS over that and you can disrupt their service, there needs to exist more mitigation there and more scalability, the fact the mitigation services can fail if doesn't mean the mitigation should be ignored; in our company services we literally went from hours of service disruption to minutes (in a month).
I also have game servers of decently high activity that face frequent attacks, the amount of money we had to pay just for DDoS mitigation shows a clear difference and results in way less downtime with an insignificant fraction of what proper business companies can afford.