recent DDoS's used against online games used new method

[Christan]

http://arstechnica.com/security/2014...ynch-protocol/

Miscreants who earlier this week took down servers for League of Legends, EA.com, and other online game services used a never-before-seen technique that vastly amplified the amount of junk traffic directed at denial-of-service targets.

Rather than directly flooding the targeted services with torrents of data, an attack group calling itself DERP Trolling sent much smaller-sized data requests to time-synchronization servers running the Network Time Protocol (NTP). By manipulating the requests to make them appear as if they originated from one of the gaming sites, the attackers were able to vastly amplify the firepower at their disposal. A spoofed request containing eight bytes will typically result in a 468-byte response to victim, an increase of more than 58 fold.

"Prior to December, an NTP attack was almost unheard of because if there was one it wasn't worth talking about," Shawn Marck, CEO of DoS-mitigation service Black Lotus, told Ars. "It was so tiny it never showed up in the major reports. What we're witnessing is a shift in methodology."

The technique is in many ways similar to the DNS-amplification attacks waged on servers for years. That older DoS technique sends falsified requests to open domain name system servers requesting the IP address for a particular site. DNS-reflection attacks help aggravate the crippling effects of a DoS campaign since the responses sent to the targeted site are about 50 times bigger than the request sent by the attacker.

During the first week of the year, NTP reflection accounted for about 69 percent of all DoS attack traffic by bit volume, Marck said. The average size of each NTP attack was about 7.3 gigabits per second, a more than three-fold increase over the average DoS attack observed in December. Correlating claims DERP Trolling made on Twitter with attacks Black Lotus researchers were able to observe, they estimated the attack gang had a maximum capacity of about 28 Gbps.

NTP servers help people synchronize their servers to very precise time increments. Recently, the protocol was found to suffer from a condition that could be exploited by DoS attackers. Fortunately, NTP-amplification attacks are relatively easy to repel. Since virtually all the NTP traffic can be blocked with few if any negative consequences, engineers can simply filter out the packets. Other types of DoS attacks are harder to mitigate, since engineers must first work to distinguish legitimate data from traffic designed to bring down the site.

Black Lotus recommends network operators follow several practices to blunt the effects of NTP attacks. They include using traffic policers to limit the amount of NTP traffic that can enter a network, implementing large-scale DDoS mitigation systems, or opting for service-based approaches that provide several gigabits of standby capacity for use during DDoS attacks.

basically a drdos(reflected) using time synch server..

as much as i want to say these jerks were script kiddies, perhaps they actually had an original idea. either way though, i think they're still scum
anyway, who thinks this is over? idk if they ever caught the ladies involved.

[Aeluron Lightsong]

Few minutes of fame. Not worth it.

[MoanaLisa]

Moved to video games forum since the attacks were across a lot more than just World of Warcraft.

[The Penguin]

Pass a law that mandates the removal of a finger surgically per conviction. You get to pick the one you lose. Do it ten times and guess what you can't do? :')

[Christan]

Moved to video games forum since the attacks were across a lot more than just World of Warcraft.

good point, was debating where to put it, thanks for moving it instead of closing it <3

[wombinator04]

DERP Trolling is just another creation of the DARPA like Google and the Internet.

I base this accusation with no proof what so ever.


Until there is a way to stop this nonsense, a digital only world will not happen.

[Offshoreguy]

Is there a final confirmed list of websites that were affected by this group? I know there has been lots of speculation of sites that have experienced connection issues over the past few weeks.

[Hyve]

I don't think this is something never seen before, but for these kids, it's a little more advanced.

Either way, it's still essentially just a disruption of their services, it's not a hack, although it can still be really crippling to the company and their reputation. There should be more severe punishments for people who go about just ruining companies because they think it's a good laugh and a joke.

[zealo]

There should be more severe punishments for people who go about just ruining companies because they think it's a good laugh and a joke.

Id say the punishments are severe enough if they do get caught, these kinds of attacks are a crime and if they come knocking your door down you can look forward to years in prison.

[Sharuko]

Id say the punishments are severe enough if they do get caught, these kinds of attacks are a crime and if they come knocking your door down you can look forward to years in prison.

Generally the feds will hire you if you are good at what you are doing. This type of talent is needed in government and there are cases were they just hire people instead of locking them away.

[barackopala]

Generally the feds will hire you if you are good at what you are doing. This type of talent is needed in government and there are cases were they just hire people instead of locking them away.

Just like lulzsec right? they're still in jail.

This is just a bunch of kiddos that want attention like crazy using regular ddos, not that amazing hacking skills.

[Sharuko]

Just like lulzsec right? they're still in jail.

This is just a bunch of kiddos that want attention like crazy using regular ddos, not that amazing hacking skills.

Pretty sure Lulzsec's leader Sabu/Hector is with the FBI now.

[Rhaide]

Generally the feds will hire you if you are good at what you are doing. This type of talent is needed in government and there are cases were they just hire people instead of locking them away.

This a common misconception based on something that USED to happen with actual white hats, not the internet-glory seeking children of today. Many people who participate in attacks use pre-made programs like Anon's LOIC, which requires little more than 10 minutes of reading to understand how to use.

The FBI wants nothing to do with people like this, many of them probably aren't even smart enough to get a normal IT related job. Sure maybe once in a blue moon someone might get a security position for something like this, but it's by no means common enough to claim that the 'feds will hire you'.

As for the penalties associated, they are fine. When people get caught, they are handled pretty harshly; which I personally agree with. As a matter of fact, when someone does get caught there's usually a large population in the comment section of the associated article claiming they are being treated too harshly.

[Noomz]

http://arstechnica.com/security/2014...ynch-protocol/




basically a drdos(reflected) using time synch server..

as much as i want to say these jerks were script kiddies, perhaps they actually had an original idea. either way though, i think they're still scum
anyway, who thinks this is over? idk if they ever caught the ladies involved.

They won't get a computer in jail.

- - - Updated - - -

Generally the feds will hire you if you are good at what you are doing. This type of talent is needed in government and there are cases were they just hire people instead of locking them away.

Hahaha! No, no they will NOT. Hillarious to think that the feds would hire some upstart scriptkiddies.
No, you'll need to be extremely exceptional and resourceful for that to happen. It doesn't happen. They don't need it.

[Sharuko]

Hahaha! No, no they will NOT. Hillarious to think that the feds would hire some upstart scriptkiddies.
No, you'll need to be extremely exceptional and resourceful for that to happen. It doesn't happen. They don't need it.

Off course not, which is why I said if they are good at what they are doing. People that rent botnets aren't what they are looking for. But just like Lulzsec, I would not be surprised if they hire one of the people in DERPTrolling. Hackers are in huge demand within the government even low end hackers.

[Mezzolith]

Off course not, which is why I said if they are good at what they are doing. People that rent botnets aren't what they are looking for. But just like Lulzsec, I would not be surprised if they hire one of the people in DERPTrolling. Hackers are in huge demand within the government even low end hackers.

DDoS =/= Hacking

They're looking for people that can actually hack, break down security measures, write viruses like stuxnet.

[jordonus]

Pretty sure Lulzsec's leader Sabu/Hector is with the FBI now.

just like Lulzsec, I would not be surprised if they hire one of the people in DERPTrolling.

Yeah you're right he is with the FBI now... an informant to rat out the other members for a plea deal; as in they didn't hire him.