First  Prev  1  2  3  4  5  Next  Last
35035 cr points
Send Message: Send PM GB Post
F
Offline
Posted 1/5/15

AkiraOkami wrote:

Hmm odd...
Final fantasy 14, Sony, xbox, and now crunchyroll....Something is really up. It seems someone is attacking things for Otakus yet it begs the question: Why hasn't Nintendo been attacked or are they next?


It seems to be whatever happens to have high traffic and might get media attention if interfered with. World of Warcraft, Nintendo, YouTube, Facebook, Twitter, eBay, Amazon, Wikipedia, Playstation Network, XBox Live, whatever would make a splash if disabled should be on guard against this crap. The Tor network was attacked as well, but the amount of interference caused by that attack didn't even get into the double digits of its total capacity and (as I understand it) the sources of the problem were quickly cleared away after they were noticed. There's no broader agenda as far as I currently see. It's just people targeting whatever happens to be big.
5773 cr points
Send Message: Send PM GB Post
22 / M
Offline
Posted 1/5/15
Ever since yesterday I haven't been able to post comments on any anime episodes. :c
35035 cr points
Send Message: Send PM GB Post
F
Offline
Posted 1/5/15

staphen wrote:

There aren't any really reliable ways.


Well, that's bad news.


Many DDoS attacks will take advantage of the quirky behaviors of certain protocols to starve resources on the server. The best example I know of exploits the TCP three-way handshake. The attacker sends a SYN packet, the server responds with SYN+ACK, but the attacker never returns an ACK packet. The server can't reliably drop the connection for another five seconds or so. In the meantime, there's a limit to the number of clients a TCP server can manage at a time, so by sending enough SYN packets to fake opening a connection, you can tie up the server so it's unable to add additional clients.


Let's try breaking this into a plain language example to see if I'm following how this method works. Imagine a lunch counter at which customers are asked to confirm their order to make sure everyone gets exactly what they want. A typical ordering conversation might go:

"I'd like some service, please!"
"What would you like today?"
"I would like a steak cooked medium rare."
"To be sure, you want a steak cooked medium rare?"
"Yes."

What a DDoS using the method you've described does is to have an army of clones of the same person come in and tie up every single member of the waitstaff by refusing to provide that final "Yes" while still banging on the counter and demanding service immediately. It's company policy that the servers have to confirm that the customer wants what they've heard, and they can't move on until they've given each customer a decent chance to confirm their order (say five seconds). Because of this, and because so many people are refusing to answer that final question, no one can get their lunch.


This type of attack can be protected against by creating firewall rules to block SYN packets from attackers. The SYN packets would never reach your TCP server because your firewall blocked them all. Unfortunately, you could potentially block some legitimate traffic this way as well (for instance, spoofing a legitimate user's IP or attacking from a zombie you placed on a legitimate user's system). Additionally, the packets are still making it to your router before your firewall can throw them out. An attacker could still be successful if they can manage to flood your router with enough packets that they don't need to starve the TCP server, but rather the router's resources.


This would be equivalent to the waitstaff having profiles of customers who are likely to just be screwing around and ignoring those customers' calls for service. Unfortunately, this means some people who coincidentally match the profile of such a customer might be denied their lunch unfairly.


There exist services you can subscribe to that help protect you against DDoS attacks. I think the basic approach is to have a server which monitors your network to look for signs of a DDoS. If one is found (typically within minutes), the server will take measures to start routing all of your network's traffic through a distributed network with enormous bandwidth and sophisticated pattern analysis to try and weed out the legitimate data from the illegitimate data so that the illegitimate data doesn't place any load on your servers.


This would be like having a huge number of waitstaff in reserve which have been trained to spot customers which meet the profile in the previous example by examining them individually.


I guess the takeaway is that the only real way to prevent a DDoS attack is to have more resources than can reasonably be attacked. Either that or overhaul the entire internet to make it more traceable.


Either hire more waitstaff than could be reasonably tied up (that's how Tor endured the DDoS launched on it) or start photographing customers as they come in and pinning any troublemakers' pictures on the wall (I know of no online service which does this).
Arcsol 
5120 cr points
Send Message: Send PM GB Post
23 / M
Offline
Posted 1/5/15
Its still been messing with me since yesterday. I can't even load videos now, tried everything to fix it.
40005 cr points
Send Message: Send PM GB Post
M / HI
Offline
Posted 1/5/15
It was maybe a server issue, im sure it wasnt ddos.
101431 cr points
Send Message: Send PM GB Post
F / You, Knighted States
Offline
Posted 1/5/15

horrorshowjack wrote:

This is what's killing off the Roku app as well right? I've been getting constant unable to connect to video errors for a few days.


I'd like to know this, too re: roku). It's been saying that it's unable to play the video since yesterday afternoon. I've been afk for the last 2 weeks so I don't know when it started. I'm just now hearing about these ddos attacks.
61159 cr points
Send Message: Send PM GB Post
27 / M
Offline
Posted 1/5/15

BlueOni wrote:


I like the analogy. There are a few details that don't quite match up so it could be refined, but you got the idea.

FYI, there is no online service that can pin troublemakers' pictures on the wall because internet packet tracing is actually kind of impossible. Even well behaved traffic can only be traced back to the nearest proxy thanks to NAT, and even those are often changing thanks to DHCP (that's the thing that changes your IP address every time you reboot your modem). And if someone starts spoofing IP addresses, you'll never trace it back. It's like telling the waitstaff to identify troublemakers by the clothes that they're wearing.
2841 cr points
Send Message: Send PM GB Post
M / Houston, Tx
Offline
Posted 1/5/15
It's server issues guys, not DDoS.

if it was DDoS you couldn't even get on Forums.
they're just fixing the Servers.
First  Prev  1  2  3  4  5  Next  Last
You must be logged in to post.