Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Can Companies Stop DDoS Attacks?
Hello everyone,
This has been a difficult year for gamers and game companies. Many of the mmo's that launched were plagued with outages caused by the dreaded DDoS attack.
This frustration may well have been best summed up as this,
"For now, we may be in the midst of an era where no website or service that deals with video game media is safe. If The Game Fanatics goes down, there’s an obvious reason why." ~ "Hackers At Large with DDoS Gaming Servers Beware!", http://thegamefanatics.com/2014/08/27/hackers-large-ddos-gaming-servers-beware
I for one was upset, frustrated and discouraged at least three times this year with launches; Archeage, Rift, and World of Warcraft. Each of these companies were hit hard by these attacks. From my reading on the subject Sony's Playstation has also been hit with DDoS and other illegal "hacks".
Is it time for us the consumer/gamer to take a more proactive stance against these types of "shenanigans"? What ways could we, as concerned players become more positively involved in slowing this down or eliminating it? Is there anything that can be done?
It was suggested on another web site that redundant monitoring be used as a way to help deal with an attack as it occurs. However, unless you consider a "third party" service there seemed to be no other way a gaming company could devise it's own security? It does seem that in many ways, the "script kiddies" are doing this mostly for attention, however in one tweet it was stated that Sony's security systems were hacked to show that the company needed to pay more attention to this issue.
Anyone have any suggestions or archival information that suggests ways companies can shield themselves from DDoS attacks? There are several launches that are tentatively scheduled for launch in 2015, H1Z1, Black Desert, EQ: Landmark, possibly Camelot Unchained, and others all of which may become targets for more of this crap.
Does this problem alarm anyone here as it does me?
Alyn
All I want is the truth
Just gimme some truth
John Lennon
Comments
In a word, no. There is really no default failsafe without becoming ultra-aggressive. The problem is that when you become aggressive you end up with collateral damage as well (affecting valid users).
It's not really what I would call "alarming". As long as there are no compromises of sensitive material (ie credit cards, social security numbers, etc) and it's "only affecting a gaming server" then you probably won't see anything come of it. Most hackers know that, too. It's when you start to ramp up the financial implications that authorities will actually want to nail you and put you away.
So, basically, at this time it's just not worth the time and effort to care.
Crazkanuk
----------------
Azarelos - 90 Hunter - Emerald
Durnzig - 90 Paladin - Emerald
Demonicron - 90 Death Knight - Emerald Dream - US
Tankinpain - 90 Monk - Azjol-Nerub - US
Brindell - 90 Warrior - Emerald Dream - US
----------------
You certainly can't stop DDoS attacks but there are plenty of mitigation tools / techniques available to businesses of all sizes.
I work for a financial institution and we utilize a third party service to monitor for DDoS attacks on our internet banking sites.
If / when an attack occurs, the service redirects the bogus traffic to another server allowing legitimate traffic to access the web-based resources with minimal disruption.
Yeah, we could work with our governments to make Cybercrimes of all types unilaterally punishable by death, and be willing to send "death squads" into countries that refuse to cooperate to enforce "justice"
Yeah, I know, way too extreme for video games, (or most anything else) but in the financial sector don't be surprised to see more aggressive law enforcement activities take place. (OK, likely not death penalties, at least not yet)
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
Because your assumption about attention whores is false?
DDoS attacks is a business like any other.
I guess it could be done in theory... But it would not be worth it. Not from a financial or customer PoV. Especially as they are fairly random and short lived.
Now i am not against public whipping of the people who do it but i fear that would have little to none effect. It would just reaffirm their twisted belief that they are the martyrs of the common man.
Now the swatters otoh... those people should be placed on the short bus to G-tam and then be forgotten. I do not care how sad their families would be or if they might find the cure for cancer... If you are brain dead enough to call a armed respons on someone for fun... You lost the right to partake in society.
the rest of your run of the mill cyber-terrorists are about as interesting as licking lead-paint.
This have been a good conversation
Neustar
Really? I think it's actually completely valid. It's basically the equivalent of *sigh*
Trust me, it's not, generally, infrastructure problems. When we're talking about banks and massive organizations not being able to prevent it, it's not infrastructure. Actually, no, it is infrastructure. If only we had the same infrastructure as China. Then all our problems would go away
I used to work for an eCommerce service provider and we had a multi-tier system in place to handle this, right up to and including banning entire C classes. So, yeah, we could get really aggressive with things, but unless we're willing to alienate valid users, it's simply not possible.
Crazkanuk
----------------
Azarelos - 90 Hunter - Emerald
Durnzig - 90 Paladin - Emerald
Demonicron - 90 Death Knight - Emerald Dream - US
Tankinpain - 90 Monk - Azjol-Nerub - US
Brindell - 90 Warrior - Emerald Dream - US
----------------
The game & media companies have solutions for the problem and they implement them.
Sony's hacks are due to them being just a step behind in all matters Security+ from a corporate level. They have a confidence that they lead in this area so culturally these sorts of attacks humble and make services aware to threats.
It's been clued in on a couple of measures that solves DDoS effectively. If you think video game companies and their consumers have it bad you should see some of the clients we have here in Washington, DC and the toys they come up with daily to combat threats. It's an interesting field.
Since you're curious about it and under the age of 30 and looking for a career that's pays 6 figures in the first year I highly recommend network security.
Thanks to everyone for their replies and yes, from what I have read thus far it does seem a problem that will stay with us.
What then should we as a gaming community do when this happens again. I for one won't blame gaming companies, instead possibly what we should do is urge media not to cover it. However it was pointed out that the "script kiddies" causing the havoc are in the business of doing so. Interesting and somewhat troublesome.
What business would these hackers have in slowing down or completely stopping game or business servers from doing their intended job?
I wonder if their exists those folks out there that just might be savvy to IT or technology of this type and frequent sites where these hackers brag? If so, would it be possible to suggest that a person just might come forward to begin the process of handing these people over to the authorities?
I realize that might be wishful thinking, but it does seem that at some point it could reach a point where it just isn't "cool" any longer...
...just wondering...
Alyn
All I want is the truth
Just gimme some truth
John Lennon
People tried that and it never works.
Besides why try and arrest them for something that doesn't really have clear law around? To be honest if any of them are discovered they're generally recruited.
It's all an issue of economics, I suppose.
Once these attacks become a clear and quantifiable financial risk, companies will start taking the necessary steps to alleviate/avoid the problem. That costs money though, and a way has to be found to pass that expense back to the customer. In the end, we will pay indirectly to stop this "new" threat.
While increased bandwidth is one of possible solutions, some of these attacks can reach over 100 Gbps of data pushing through your network and I guess even infastructure in China to absorb such bandwidth isn't a common sight there.
Also, there are all various types of DDoS where high bandwidth wouldn't be as useful.
So long as it is accessed via the internet, it will always be subject to malicious attacks.
The only secure network is an internal one... so long as you don't let anyone out of the building that accesses it.
Any network that touts that it is impenetrable will be the first one that they attack. Human nature...
Distributed Denial of Service (DDoS) attacks can not be stopped (within the current internet structure). They can be mitigated, and steps can be taken to lower their effects when they do happen, but the problem is one of basic internet structure. This is an issue that can only be resolved by top level ISP's by changing how they route internet traffic. Individual companies (and many governments) have no way of making, and enforcing the changes that would prevent these types of attacks. When they happen it is often not just an individual game or company affected, it is all internet traffic routed to these locations. This means that many internet services are often impacted.
They could by limiting how many connections at once and DDOS only works if MANY connections bombarding the servers.However it is the continuous repeating login attempts that cripple a server.
I might add that it takes a LOT of effort for someone to hijac several options to spam a server.Also being illegal and serving jail time i think would keep most from even attempting it.
The effort it takes i often question if a simple game developer is experiencing a DDOS attack,i question it big time.I would expect something like that to happen to a giant like a major bank or maybe Amazon or any other major service.
I am not an expert but i would imagine that a serious anti hack coder could simply have an auto server reset with a new IP,even a simple 1.2.3.6666 >1..2.3.7777 should do the trick.Also if a certain amount of concurrent attempts are logged they could simply IP block a whole region of code.Then reset it the next day or so.
Never forget 3 mile Island and never trust a government official or company spokesman.
I work as an IT Security professional, and the short answer is, yes companies can stop or mitigate DDOS attacks. The long answer however most likely is no.
It would take a fair bit of infrastructure work to set up the proper monitoring tools and equipment in the proper sections to monitor the traffic, in addition to creating a ruleset that would be able to differentiate between a DDOS attack, or legitimate traffic. In addition having such a device that would be actively scanning and (potentially) blocking traffic would introduce 'some' latency. It would be hard to justify the cost of spending money to develop that infrastructure and hire security professionals to monitor it (ideally on a 24/7 basis) on something that might only happen for a small window of time. I.e It's cheaper for them to be DDOS'd for x amount of time, than to hire/build, and still potentially suffer DDOSing.
Off the top of my head, the best and most effective solution gaming corporations can have to mitigate DDOS (which they may do anyway, I don't know what procedures they may have) is to have a good relationship with their ISP provider and fast ways of effecting a IP block 'higher' up the chain before it even reaches the gaming corporation's machine.
Basically, until DDOSing costs the company more money than they would make from hiring/improving their infrastructure. It will keep happening.
Look at those doing it now. They have accounts and love to have people troll and praise them as well as troll and complain. It still feeds the ego which drives them in many ways.
Ransom
Damage to your business competitor
Data theft covered up or distracted by DDoS
Rented bot network for any political, religious or w/e demonstrations
etc.
The comment in red sums it up. BUT no one cares you can't play your game so no one will bust those pissant hackers. If they try to go after banks I bet you they would be cought before you know it.
Banks have been taken down by DDOS in recent years. The FBI was involved, but no actual arrests were made. This problem is not exclusive to online games... but online games do piss off a wide number of people, and as such get the attackers notoriety, which is what they are after.
Social Engineering?