Blizzard EU and DDoS attacks

[Adlian]

Blizzard EU servers are getting DDOSed once again this week (4th time) and there is pretty much no posts about it. Cant Blizzard use the help of the authorities to track down this "hackers" and deal with the issue for now?

[Adlian]

Are we sure this is actually a DDoS and not something else? Not to say it isn't, but any time something goes wrong with the servers, it seems this is always the go-to explanation.

https://twitter.com/BlizzardCSEU_EN/...99658233049089

[ZetherosCraig]

Battle.net went down for me for like 5 minutes. Not affected anything in game.

[Gorsameth]

Blizzard EU servers are getting DDOSed once again this week (4th time) and there is pretty much no posts about it. Cant Blizzard use the help of the authorities to track down this "hackers" and deal with the issue for now?

Please do some more research into bot nets and DDoS before commenting on the issue.

Thank you.

[Jewsco]

Are we sure this is actually a DDoS and not something else? Not to say it isn't, but any time something goes wrong with the servers, it seems this is always the go-to explanation.

First off yes is it proven it is ddos or just an easy excuse? Could be getting ready for legion right?
Secondly you do realize for the most parts these ddoser's do it from countries that either completely won't work with the authorities on this or do so very slightly. Really isn't much they can do if a true ddos attack.

[thilicen]

First off yes is it proven it is ddos or just an easy excuse? Could be getting ready for legion right?
Secondly you do realize for the most parts these ddoser's do it from countries that either completely won't work with the authorities on this or do so very slightly. Really isn't much they can do if a true ddos attack.

You can easilly monitor this by checking certain sites when it's happening. You'll see massive flows of traffic towards the area their servers are in.

[Jewsco]

You can easilly monitor this by checking certain sites when it's happening. You'll see massive flows of traffic towards the area their servers are in.

And what you shut down a region? Even people not doing anything? Also if the right equipment can't they make it look they are attacking from somewhere they aren't so again blocking innocent regions

[Adramelch]

And what you shut down a region? Even people not doing anything? Also if the right equipment can't they make it look they are attacking from somewhere they aren't so again blocking innocent regions

I'm guessing his response was for your first point and not the second.

[Saracens]

I'm sure they'll handle it. I don't know who's spending that kind of money, or why, but I bet it's important to them..

[Morrigenn]

Most of the time the computers doing the actual "attack" are part of a botnet and the computer owner has NO clue what is going on since the botnet follows instructions from a command and control unit (or handler). The guy/gal who pushes the button to trigger the attack is generally much harder to trace than it is to find the zombie computers who are doing the actual gruntwork. But the reality is they are victims too.

As someone mentioned already mentioned, many times the actual perpetrator of the attack is located in a jurisdiction that either has no cyberlaws or their laws are hopelessly outdated and even if you COULD track him/her down, there's almost no chance of prosecution in their own locale and no extradition to another country with more complete cyberlaws.

Is it frustrating? Hell yes. Should you "hack back"? Hell no!

There are ways to mitigate the effects of a DDoS (and I'm pretty certain Blizzard has already got those in place), but there is no way to completely stop them or prevent them. I'm virtually positive we'll see even more of these next week around the Legion launch since some people's "fun" consists of fucking things up for other people. While I think castration is suitable punishment for DDoS perpetrators, see my comment above about how difficult it is to track down the real culprits.

[Deleted]

Cant Blizzard use the help of the authorities to track down this "hackers" and deal with the issue for now?

Which authorities would that be? The Global World Police? The Internet Sheriff?
Blizard's problem is sucky little ISP's who don't care a damn to clean their own networks. It takes time to handle.

[ComputerNerd]

A DDoS by its nature is not something that could be policed by a single country.
It is using a number of zombie machines, most likely being controlled by malware.
And they are likely in a number of different countries.

If it was that simple, why would they still be an issue.

Notice how they tend to attack the service providers rather than blizzard themselves.
They are attacking the infrastructure, which is obviously more prone to attack, and impacting the players more than they are blizzard.

[b0928]

Which authorities would that be? The Global World Police? The Internet Sheriff?
Blizard's problem is sucky little ISP's who don't care a damn to clean their own networks. It takes time to handle.

Team America!....fuck yeah
https://www.youtube.com/watch?v=U1mlCPMYtPk

[Tharkkun]

And what you shut down a region? Even people not doing anything? Also if the right equipment can't they make it look they are attacking from somewhere they aren't so again blocking innocent regions

You can always trace it back. But it requires the country or countries it originates from to want to assist the US or person investigating. If it's china, russia, korea, etc they don't give a damn.

[Thelin]

Blizzard EU servers are getting DDOSed once again this week (4th time) and there is pretty much no posts about it. Cant Blizzard use the help of the authorities to track down this "hackers" and deal with the issue for now?

You do realize DDoS is using MULTIPLE (hundreds/thousands) of different endpoints to facilitate the attack. Not nearly as simple as you think it is.

- - - Updated - - -

Which authorities would that be? The Global World Police? The Internet Sheriff?
Blizard's problem is sucky little ISP's who don't care a damn to clean their own networks. It takes time to handle.

"Clean their own networks"? What exactly are you referring to? These are public facing I.P.s what are you supposed to ''clean'' exactly? All you can do is reroute traffic, change IPs, block traffic from those flagged incoming external I.P.s and so forth. It's not like its something native in their infrastructure that's the issue.

[lolbubble]

Blizzard should really get some DDoS protection with all the money they make Kappa

[Tharkkun]

Blizzard should really get some DDoS protection with all the money they make Kappa

They have DDOS protection. But these are public facing authentication servers that are being flooded. All you need is some code that will simulate a login request thousands of times per second. Then place this code on a botnet and voila. Blizzard then needs to start blocking or re-routing the IP's to backup authentication servers.

[Schmilblick]

Facebook ? meh.

[Jewsco]

You can always trace it back. But it requires the country or countries it originates from to want to assist the US or person investigating. If it's china, russia, korea, etc they don't give a damn.

And guess what 3 countries most ddos comes from? Those 3 so blizz is sol.

[Deleted]

"Clean their own networks"? What exactly are you referring to? These are public facing I.P.s what are you supposed to ''clean'' exactly? All you can do is reroute traffic, change IPs, block traffic from those flagged incoming external I.P.s and so forth. It's not like its something native in their infrastructure that's the issue.

Sorry, my post was unclear, should have specified..

I meant the originating operators could null route the attack traffic. Destination-based blackholing. Or selective blackholing through control communities.

They could also rate-limit the protocols used - if everyone rate limited NTP and SNMP (and SSDP and Chargen) the net would be much cleaner place. And if everyone actually patched and configured their crappy NTP and SNMP servers correctly we wouldn't have silly automatic amplifying vectors.


The upstream operators could also offload the traffic to other IXP's and "share" the load.

Or.. maybe dynamic inter-domain flowspec config? (which is treated more or less like black magic these days)

But none of the operators actually care enough to do this and it requires them to work together and that's a huge hurdle. So it continues.