Are DDOS attacks something we'll just have to get used to?

[Neteyes]

The attack is carried out by many bots, but there is usually a single person(the source) directing those attacks...

It's practically impossible finding the source of the attacks. The controller of the botnet is likely a web server somewhere, which means you'll only get as far as tracking the source back to the web server IP, not even that with some easy configuration and another server. The next step would be to either hack that server, or get a court order to seize the server.

Even assuming you have full access to the server, you probably won't be able to track the actual source, because he could easily be sitting in a coffee shop or something with free wifi. The best you could do is shut down the server. But any decent botnets would have (because ddosing is big money) a contingency plan with probably several backup servers, which you would then subsequently have to track down.

Also, I have no idea if any of this is true, I'm just basing it on my small knowledge of servers and logic.

[Eleccybubb]

Windows 10 adoption will solve it, as it prevents users very effectively from participating in botnets. We just have to wait a year or so for Windows 7-8-8.1 to be phased out.

Windows 7 won't be phased out for years. Neither will 8. Support for 7 doesn't end till 2020 extended that is. Mainstream for 8.1 is 2018, extended is 2023 as well. I mean look at XP. Lasted until 2 years ago before MS stopped supporting it and WoW still runs on XP. 7 is still the most used version as well atm.

[Low Hanging Fruit]

What gives these people power is constantly discussing and talking about the attacks. The less press, tweets, and posts go up about them the less they will happen. DDoS is just an advanced way of trolling large communities with what is more or less spam requests.

[Eats Compost]

It's practically impossible finding the source of the attacks. The controller of the botnet is likely a web server somewhere, which means you'll only get as far as tracking the source back to the web server IP, not even that with some easy configuration and another server. The next step would be to either hack that server, or get a court order to seize the server.

Even assuming you have full access to the server, you probably won't be able to track the actual source, because he could easily be sitting in a coffee shop or something with free wifi. The best you could do is shut down the server. But any decent botnets would have (because ddosing is big money) a contingency plan with probably several backup servers, which you would then subsequently have to track down.

Also, I have no idea if any of this is true, I'm just basing it on my small knowledge of servers and logic.

The idea that we can't easily track down the one organising an attack is accurate. It's trivially easy to maintain digital anonymity whilst controlling a botnet. Even if they neglected to use any of the painfully easy methods of maintaining anonymity, they're unlikely to need to broadcast their presence to the world in the first place - we'd only get as far as seeing the connection between the botnets and the server controlling them. Even that might be a stretch in some cases.

The best protection against a DDoS attack is an automated system that can identify them and accurately block the participation connections. The tricky part is doing that consistently without false positives.

[Rojaha]

You can't completely stop DDoS attacks in 1 week.

Now, if it's 4+ months later and we're still getting them, yes, then you can complain that Blizz isn't doing anything.

It could happen every day for a year and there would be people saying you still cant blame or criticize Blizzard in any way.

[Aeluron Lightsong]

It could happen every day for a year and there would be people saying you still cant blame or criticize Blizzard in any way.

You don't relaly know that. This hypothetical scenario is pretty pointless.

[Eats Compost]

There is a profound lack of understanding from a few select mouth breathers in this thread. I'm amazed. See signature.

MoanaLisa summarized why it's so tough to stop and what exactly's going on pretty clearly. Are people just choosing not to understand before they post?

If they switched ISPs, the new ISP would just be DDoS'd. Until ISPs take DDoS attacks more seriously (or seriously enough to some people's standards here) this will not change. They most likely won't try to make such efforts unless A) there's a benefit, like increased potency of tracking user information through said networks or B) they're told to by the government. Why bother putting more into DDoS protection if you don't get anything meaningful (from a business/profit/government POV) from it? Think like an 80 year old suit-clad businessman with information-hungry friends in high places.

TL;DR: It's not Blizzard's responsibility to take protective and preventative measures toward their ISP's infrastructure. That's the ISP's job. Just like it's not your job to get off the city bus and change a flat tire, that's the city's job.

To answer the OP's question, Are DDOS attacks something we'll just have to get used to: Yeah. Pretty much.

The upshot is that the ISP probably has SLAs they need to meet, which will force them into action if the downtime from DDoS attacks is significant.

[anon5123]

It could happen every day for a year and there would be people saying you still cant blame or criticize Blizzard in any way.

Exactly what part of my post made you think that I was claiming that Blizzard cannot be criticized or blamed?

I mean, fuck, I even said "yes, then you can complain".

DDoS is not something that you can just type some commands into a server and it's fixed. It's incredibly difficult to completely stop them. That's what I'm getting at.

[SoulForge]

The upshot is that the ISP probably has SLAs they need to meet, which will force them into action if the downtime from DDoS attacks is significant.

SLA's don't mean shit if it is outside of their control. Blizzard knows that. The ISP knows that.

[OrcsRLame]

So it's completely unsolvable then?

Not completely but 99%. If the FBI finds the person(s) organizing the attacks, then that will stop it.

Otherwise, as long as they have enough money to keep renting botnets, there ain't shit Blizzard can do.

[Eats Compost]

SLA's don't mean shit if it is outside of their control. Blizzard knows that. The ISP knows that.

As much as it's impossible to prevent all DDoS attacks, measures can be taken to mitigate them. What I meant to express was that if there is something that the ISP could be doing that they aren't currently, then SLAs and other obligations will push them towards it.

- - - Updated - - -

Not completely but 99%. If the FBI finds the person(s) organizing the attacks, then that will stop it.

Otherwise, as long as they have enough money to keep renting botnets, there ain't shit Blizzard can do.

The unfortunate thing is that catching these people normally relies on human error on their part. Schcmucks like Lizard Squad tend to have some of their members get caught when they partially reveal their identity like a dumbass.

[Purpleisbetter]

In some extreme cases, an ISP could go for a class-B ban, which is pretty much a regional ban.

The company i'm working for (TIM .it) used that as a very drastic solution a few times. Too many public services and companies under attack, so they blocked traffic coming from the usual offending countries for a few hours. The drawback are as drastic, economically wise. Think about a bank forbidden to do its thing with Chinese investors, for example.

Normally an ISP would "simply" (simple my ass, lol) work on its NAT tables by making the "victim" unreachable for the attackers. It generally takes a while; the fastest "recovery" i witnessed was around an hour and half. It would've been blazing fast, but the origin of the attack was Turkey IIRC, so they had to pinpoint where the DDoS was coming from; the paranoia from pissing someone off unleashing a pack of dire fel-lawyers was real lol.

[Dsc]

Work with ISPs to find out who has the CP for the VM.

Send a hit team to visit them with pliers and a blowtorch.

Make sure his extremely painful, hellish death is publicized everywhere,

Repeat as needed.

They'll stop.

[Bathory]

I'm amazed how many people can point fingers without knowing what the problem actually entails. Talk about kneejerk. Hopefully the useful information in this thread will educate some of em.

[yetgdhfgh]

When a fucking 13 year old nerd rager can rent a botnet from a group of criminals for less than the fucking game itself then you know this shit is gonna carry on.

http://www.bbc.com/news/technology-36993107

If the Feds can track down the money transactions from dumass teenagers to these criminal gangs then make examples out of them maybe they will think twice before doing it!

[MonsieuRoberts]

In some extreme cases, an ISP could go for a class-B ban, which is pretty much a regional ban.

The company i'm working for (TIM .it) used that as a very drastic solution a few times. Too many public services and companies under attack, so they blocked traffic coming from the usual offending countries for a few hours. The drawback are as drastic, economically wise. Think about a bank forbidden to do its thing with Chinese investors, for example.

Normally an ISP would "simply" (simple my ass, lol) work on its NAT tables by making the "victim" unreachable for the attackers. It generally takes a while; the fastest "recovery" i witnessed was around an hour and half. It would've been blazing fast, but the origin of the attack was Turkey IIRC, so they had to pinpoint where the DDoS was coming from; the paranoia from pissing someone off unleashing a pack of dire fel-lawyers was real lol.

That's an excellent example of why it's not so easy to just flip a switch and "block" a DDoS attack, thanks for posting. There's some good info in this thread that I hope will help people understand just why they're so hard to counter.

[Saucerian]

Short answer: yes. I have not been able to log into b.net since Legion launched. (Have to go offline and log in with game client.)

Probably never going away. My best guess at the solution is when all computers are like iPhones/iPads - hardware/software controlled by same entity, tight control of applications through online stores and bricking/blacklisting jailbroken devices - stop the botnets that enable DDOS in the first place.

[fooliuscaesar13]

The only way that DDOS will ever truly go away is when idiot computer users stop getting their machines infected with software/malware/virii that contribute to botnets. Basically: never.

There are DDOS services available (if you know where to look) that will allow you to take down a site / service that is internet connected for as little as 35 USD. Kind of disgusting that it exists and for so little you can attempt to ruin someone's livelihood, but it definitely exists.

DDOS protection services exist as well, but not only are they *very* expensive but they're tricky to configure and at times lead to false positives. Nothing is certain regarding said protection, especially if the attack is coming in on a port that the game actively uses for client/server connections. Sad thing is...DDOS is the easiest attack to carry out and (due to the nature of the idiotnet) one of the hardest to protect against. Bunch of chickenshit cunts do this because "boo hoo sand in my vagina".

I'm old, so this is the world that ya'll are inheriting. Good luck.

[MonsieuRoberts]

I'm old, so this is the world that ya'll are inheriting. Good luck.

I live the Millennial dream!

[Teaklog]

[QUOTE=Alydael;42498058]Blizzard made over a billion dollars last year alone, I am certain if they really wanted to- they could stop it.

- - - Updated - - -

Do you not understand the concept of revenue