Wednesday, January 21, 2015

GAMING THE GAMERS – DDoS: THE ENEMY

Xbox and Play Station DDoS Attack
As a gamer would progress to the new level in a game he meets a new more powerful nemesis who’s ready to make our player’s virtual life more and more troublesome and makes it harder for him to progress further in the game. Well, for the gamers of our age, their nemesis is back and this time round it’s armed to the teeth with new weaponry under its sleeve that makes it even the more powerful and harder to defeat. It’s DDoS aiming at gamers.

Anyone receiving a new Xbox One or PlayStation 4 on Christmas morning was likely in for a frustrating first experience with the system, as the PlayStation Network and Xbox Live were both taken down by prolonged distributed denial of service (DDOS) attacks.

In addition to that, an 18-year-old UK man has been arrested as part of an investigation into the recent DDOS attacks that crippled PlayStation and Xbox services over Christmas.

Nowadays gaming is not just limited to recreation and entertainment at home for kids and teenagers and more serious adult gamers or those amateur players who do it online via networking in small groups and organize game competitions. There are also professional game players, aside from angering a whole lot of players, these attacks also cost professional gamers a lot of money by making them unable to do their jobs. Professional gamers make money from advertisements during live streams of their performances and it costs them thousands of dollars out of their livelihoods.

"These people generate revenue using game servers, so when they're attacked, it creates dramatic financial loss for them," Matt Mahvi, told Ars Technica. When it comes down to bringing down gaming networks, a new trick that abuses the Network Time Protocol (NTP), which keeps computers' clocks synced up to Coordinated Universal Time, is proving more difficult to thwart.

The NTP method first began to appear late last year. To bring down a gaming server the attackers trick NTP servers into thinking they've been queried by the game’s server. The NTP servers, thinking they're responding to a legitimate query, message the game’s true server, overloading it with as many as 100 gigabits per second (Gbps). That's large even for a DDoS attack. In this way, one small request to an NTP server can generate an enormous response capable of taking down even high-capacity websites.

Having been bombarded with fake server requests and traffic, there’s nothing much you can do to thwart it, unless off course you’ve hired a professional outfit that deals with DDoS attacks in all earnest. The benefit of having a team of professionals looking after the servers are quite a few, since they get into it even before the DDoS attack takes place and assume all necessary precautions for this calamity to even take place.

There isn't much that individual gamers can do to protect themselves against DDoS attacks. However, server operators can upgrade their NTP software to version 4.2.7p26 or later, in which the vulnerability exploited in these DDoS attacks has been patched.

 

Reference: 

http://www.eurogamer.net/articles/2015-01-16-second-uk-man-arrested-following-playstation-and-xbox-ddos-attacks