Hey guys
About the current attack against blizzard and "why they can't do something".
I know it's more of a technical thing, but because many don't understand what this information means and how blizzard is affected by it or why they can't do much about it, it seems a summary would be good. I'll offer you here an explanation, but I try to keep it quite simple, most players are not that much into IT Tech aside from the current best CPU and GPU.
DoS is "Denial of Service", DDoS is "Distributed Denial of Service". Basically it means, an attacker overloads the server or connection of a specific target to kill it from the Internet.
Flood all the lines!
For a basic example here is something I did back in 1998 or so, what we could call be most simple DoS there is. Everyone back then had usually a modem with like 14.4kbit/s to 56kbit/s. I was in the lucky situation to have an ISDN connection (64kbit/s) and a bit later one of the first ADSL connections with 128kbit/s upload. When a friend of mine was online and I was annoyed from him, I got his IP address over IRC Chat and started my "attack".
I just pinged his PC over the internet with bigger data packets. So he had a 28.8k modem and I used around 40k to hit him (remember, ISDN had 64k, so enough left to keep me alive). My connection was a bit slower then, but he dropped out of the internet 1 min. later. Why? Simply, I overflooded his connection with random shit. And the problem is, you can't protect yourself against it. If you have a firewall, the data packets still get to you, but the firewall will drop them, so your PC won't answer to my ping packet. That means your "upload" won't be affected anymore, but because of the overloaded line, you still get a disconnect.
That means everyone with a faster internet line then you, could drop you out of the internet, if he has your address.
Flood all the ports and servers!
The second way to kill a server is to flood not only the line but the server itself. A usual PC can get connections from Port 1-65535, if you calc in reserved ports maybe 60000. Imagine, if you build up a connection to battle.net, you pc connects to the battle.net server and says "hi, I would like to connect" - Server answers "sure, connect to port 12345 and start the login procedure" . Now the client opens a connection to the port and does it's stuff.
Now there is something like a timeout for the connection. If the client builds up a connection, the server waits some time for answers from the client, before he closes the connection. After all it could be that someone has quite the slow connection so he has to wait OR maybe his software crushed and you have to clear the connection port for new connections.
Makes sense or? Now imagine someone attacks a server with a botnet. Botnets today are not 300 PC's, we talk about millions of zombie pc's attacking at once. If every Client opens a connection and forces the server timeout, in a short time all 60000 ports are gone till the timeout happens. Until then the server can't even respond to your request for a connection, because all ports are full. And after that, other zombie PC's already connect to the now free ports. Not to mention, that the whole server has to do a workload it was never build for and suffers from extreme CPU and RAM usage.
Yeah, I know, there are things like synflood and the example is not how battle.net really works (way more complicated), but it's easier to understand this way. The principle is the same
How does this affect blizzard now?
Blizzard has already a good infrastructure and not only one connection to one Internet Provider, more like 300 connections everywhere. So a DDoS attack with "flood the shit out of the connection" might cap 2 connections, not all. So some people won't have any problems connecting, depending on their routing, others can't connect at all. But if a professional attacker does something like that, you can be sure they have enough zombies to flood like 180 connections at once to the maximum.
The other problem is the server attack itself. Sure, the world servers and login servers are all over the world, but still you need one gateway everytime, and that would be the bottleneck. Now we don't talk about one server - this is usually a whole server cluster with hundreds of servers. But even so, if you flood this gateway with multiple connections and millions of that, even the biggest cluster will fail.
So even if a special security network starts blocking the attacking addresses one after another and does so at the internet provider side (internal blocking for port attacks, external blocking at the line provider itself from random shit DoS), the line still is affected from outages and bad performance.
Conclusion
DoS or DDoS is something you can't really protect yourself from 100%. Believe me, Blizzard has upgraded the tech. to deal with DoS/DDoS, but depending on the attack size itself, you can't defend against all there is.
Just a little comparison for what we deal here with. In January 2016 one of the biggest DDoS ever hit the bbc and Trumps website. They were flooded with 602Gbps of traffic. That means 75.25 Gigabyte per Second or 1 terabyte of data in like 13 seconds or 280 Terabyte per hour. To make it even clearer ... if you have a SSD, those can read/write around 500-600 MByte/s, that means 0,5 GByte/s. You would need at least 150 SSD's at once, to save the data that comes in.
Those are numbers that are hard to comprehend, even for someone that works in IT.
The biggest german provider, the "Deutsche Telekom" has an internet backbone network with 10x 10 Gbit(4x2,5 lanes) and 64 lanes with at least 155 mbit/s (guess my info is a bit outdated and they upgraded a bit), but if you can do a bit calculus, you see just how much 600 Gbps are. With that much traffic, you could easily shoot an ISP out of the internet I guess.