Yes.. That Again.. - Page 7

Awwalike · #1 11-20-2013, 03:56 AM

pras rogean pras sirken pras nilbog pras zade

shout out da homies 1x thanks for all you do

Raavak · #2 11-20-2013, 11:18 AM

If we could find for certain who the person/people behind it are we could solve this one and for all. The previous clues were good, but I don't think definitive.

**Rogean** · #3 11-20-2013, 11:29 AM

Quote:

Originally Posted by Raavak [You must be logged in to view images. Log in or Register.]

If we could find for certain who the person/people behind it are we could solve this one and for all. The previous clues were good, but I don't think definitive.

Not really, because anyone can do it.

Would rather block the attack and worry about the culprit later.

Kergan · #4 11-20-2013, 02:16 PM

Quote:

Originally Posted by Rogean [You must be logged in to view images. Log in or Register.]

Not really, because anyone can do it.

Would rather block the attack and worry about the culprit later.

I threw a honey pot out on my customer facing connection at work, it's amazing how you're literally under CONSTANT attack. Not of the DDoS variety necessarily, but someone always probing. Or watching the real time logs on one of my ASAs you can see constant access attempts trying to brute force in.

Like you said, it is wasted effort to try to go after who is doing it because even in the unlikely event you find and stop them there is another person ready to do it. The best way to stop someone is to make it a waste of their time.

Burial · #5 11-20-2013, 05:59 PM

Willing to bet it isn't even their firepower anyways, nobody cares if they can take off a server for 5 minutes.

salimoneus · #6 11-20-2013, 06:03 PM

I just don't understand why this is causing the entire system to go down. I mean, the actual game server should only accept requests from IP addresses that have been authenticated already, no? So someone spamming a login server or whatever, should have little effect on the active "good" player connections with an established login who are communicating with the game server not the login server. Are the two not separated in such a way? I'm sure there are many limitations placed on the system due to the client, perhaps that is big hangup in finding a good solution to this? Please edumucate muh as I am not network savvy.

karanastorm · #7 11-20-2013, 06:07 PM

Quote:

Originally Posted by salimoneus [You must be logged in to view images. Log in or Register.]

I just don't understand why this is causing the entire system to go down. I mean, the actual game server should only accept requests from IP addresses that have been authenticated already, no? So someone spamming a login server or whatever, should have little effect on the active "good" player connections with an established login who are communicating with the game server not the login server. Are the two not separated in such a way? I'm sure there are many limitations placed on the system due to the client, perhaps that is big hangup in finding a good solution to this? Please edumucate muh as I am not network savvy.

Right, talks like knows about networking then discloses not very network savvy. See this all the time.

salimoneus · #8 11-20-2013, 06:21 PM

Quote:

Originally Posted by karanastorm [You must be logged in to view images. Log in or Register.]

Right, talks like knows about networking then discloses not very network savvy. See this all the time.

Correct, I'm not a network engineer or system administrator, who typically deals with these types of problems. Just because someone uses the terms "server" or "packets" doesn't make them a network engineer or server admin either. I'm sure there are many here who know lots more about it than I do, which is why I was asking for a more detailed explanation so I could learn something.

But thanks for your zero cents.

karanastorm · #9 11-20-2013, 06:30 PM

Quote:

Originally Posted by salimoneus [You must be logged in to view images. Log in or Register.]

I just don't understand why this is causing the entire system to go down. I mean, the actual game server should only accept requests from IP addresses that have been authenticated already, no? So someone spamming a login server or whatever, should have little effect on the active "good" player connections with an established login who are communicating with the game server not the login server. Are the two not separated in such a way? I'm sure there are many limitations placed on the system due to the client, perhaps that is big hangup in finding a good solution to this? Please edumucate muh as I am not network savvy.

Quote:

Originally Posted by salimoneus [You must be logged in to view images. Log in or Register.]

Correct, I'm not a network engineer or system administrator, who typically deals with these types of problems. Just because someone uses the terms "server" or "packets" doesn't make them a network engineer or server admin either. I'm sure there are many here who know lots more about it than I do, which is why I was asking for a more detailed explanation so I could learn something.

But thanks for your zero cents.

Well maybe you shouldn't have worded everything as if you knew the answer to it and then asked for confirmation with a ? at the end. It ends up looking like you know an answer how to fix a possible problem then ask for verification. That is all I am saying. Many people do this but then say they do not know anything about it.

Kergan · #10 11-20-2013, 11:50 PM

Quote:

Originally Posted by salimoneus [You must be logged in to view images. Log in or Register.]

I just don't understand why this is causing the entire system to go down. I mean, the actual game server should only accept requests from IP addresses that have been authenticated already, no? So someone spamming a login server or whatever, should have little effect on the active "good" player connections with an established login who are communicating with the game server not the login server. Are the two not separated in such a way? I'm sure there are many limitations placed on the system due to the client, perhaps that is big hangup in finding a good solution to this? Please edumucate muh as I am not network savvy.

DDoS attacks will typically be legitimate traffic. Firewalls will match traffic type and do deep packet inspection, but if the packets are legitimately constructed it'll let them on through. IP based filtering is basically useless especially against a DDoS attack because the slave/zombie computers will be located all over the place, and IP addresses change. It would be basically impossible to maintain a whitelist for something like this.

There is simply no way to mitigate a strong enough DDoS attack. Microsoft, Amazon, Google, Apple, etc have all been hit and brought down. There is some pretty kick ass stuff that can mitigate it upstream but we're talking hundreds of thousands of dollars for the gear. And even that isn't a silver bullet.