DDOS attack

We had a few more again last evening. It's getting ridiculous because it keeps screwing with all my pvp farming

Okay, this is starting to feel a little malicious.

They're certainly determined. Gotta wonder why though, if they are mad at SE they're not punishing them. They're only punishing the people who have already paid their sub and won't be getting that game time back. SE isn't losing much.

Quote:

---

Originally Posted by Sove92

No MMO is going to invest hundreds of millions into DDoS protection when these attacks don't cost them anywhere near that much. The big tech companies cannot afford to go down globally for a day, FFXIV can. It's just a fact.

---

Oh no, that’s perfectly fine. But I’m not as invested as you are. You and the others believe that FFXIV is the best MMO and that Square Enix is a good company. You defend them no matter what. I don’t hold the company in high regard, so I totally expect this. But you disagree. And even though this forum accused Southeast Asian players as being responsible (racist?), you’ll never find the culprit. So your game will continue to be DDoSed but you’ll continue being giddy about this game despite not being able to play it. And how long are you going to put up with it? For bystanders, this is just schadenfreude. Maybe that’s what the “attackers” really wanted?

Quote:

---

Originally Posted by caffe_macchiato

Oh no, that’s perfectly fine. But I’m not as invested as you are. You and the others believe that FFXIV is the best MMO and that Square Enix is a good company. You defend them no matter what. I don’t hold the company in high regard, so I totally expect this. But you disagree. And even though this forum accused Southeast Asian players as being responsible (racist?), you’ll never find the culprit. So your game will continue to be DDoSed but you’ll continue being giddy about this game despite not being able to play it. And how long are you going to put up with it? For bystanders, this is just schadenfreude. Maybe that’s what the “attackers” really wanted?

---

There are plenty of things I am critical of, but sure, keep putting words in my mouth.

Quote:

---

Originally Posted by caffe_macchiato

Oh no, that’s perfectly fine. But I’m not as invested as you are. You and the others believe that FFXIV is the best MMO and that Square Enix is a good company. You defend them no matter what. I don’t hold the company in high regard, so I totally expect this. But you disagree. And even though this forum accused Southeast Asian players as being responsible (racist?), you’ll never find the culprit. So your game will continue to be DDoSed but you’ll continue being giddy about this game despite not being able to play it. And how long are you going to put up with it? For bystanders, this is just schadenfreude. Maybe that’s what the “attackers” really wanted?

---

It seems like you are more invested, you seem to pay to come on the forums and make ridiculous arguments.

Quote:

---

Originally Posted by caffe_macchiato

You defend them no matter what.

---

Its just defense about a single issue they are currently facing, and you state "no matter what".

A ddos is a very specific thing that a lot of MMO's can suffer (and often have). A thing that as dev you rarely can act upon, until it already happens to which you have to scale your defense to the attack. The game might face a lot of disconnects, but for most of the day im still capable of playing it quite well. This indicates they are doing a quite good job here. The outage of chaos was clearly a diffirent issue (and if you went to light you could still play). Sure, the outage took its time to fix, but we dont know the details. It might have even be ddos caused. We cant know. But they fixed the issue within a day, and it had a working workaround. That was to me still good management of their game.

This is completely seperate from gameplay issues, which most people do have some complaints about. And while they might be very vocal about it, its often less than 5% of the game where they actualy face those problems. The 95% they enjoy is still the portion that makes them stay.

Dont think that when players sound frustrated that they truly are angry. Its most of the time just an act of feedback in the hopes it reaches the dev team and they get to improve it. And while it often does take a while, if enough players agree (and therefor repeat/bump these threads), it does reach the devs eventualy. Its a healthy system for a game. If you think the devs always must fix the things within a month, you are effectively asking them to break the game by simply not giving them enough time to decide what is best long term.

These ddos attacks only effect pc players aswell. So the ps4/5/xbox players will never need to worry and the population of the game will be decently safe

Quote:

---

Originally Posted by sindriiisgaming

These ddos attacks only effect pc players aswell. So the ps4/5/xbox players will never need to worry and the population of the game will be decently safe

---

I am afraid that is not true.
DDoS attacks affect the servers and their network connections. This is independent of which type of client a player uses.

One of the issues is that DDOS attacks often attack intermediary infrastructure for which the main company, SE, doesn't have direct control. There's no magic wand for solving the problem and swapping providers is not feasible in the short-term duration of the attack. If secondary providers are terrible consistently then they might swap them out at a later date, but it's not going to resolve the attack right this second. It really becomes a question of negligence. Did SE have warning that they were particularly vulnerable to a DDOS and if they were, did they do something. We have no indication as of yet that they were negligent, so I'm trying not to jump to conclusions.

Man this is getting super annoying. Two DC's and not even half through the dungeon yet.

Yeah is super bad in Eu right now. We got dc'd 5 times at the last boss in Dalriada. Not only we wiped each time, of course, but we just timed out of the raid. Sighs. I am so sorry for the first timers we had.

Quote:

---

Originally Posted by Sjol

Did SE have warning that they were particularly vulnerable to a DDOS

---

If they thought they never had the warning, then that is a major issue. Any sane network developer will know that a ddos cannot be prevented unless the design of the internet gets changed massively (in both protocol and laws, and globaly). You can only mitigate up to a certain point as default, since every step above it costs money. You can reserve a bit to handle it (as in always having some backup servers available that you can hire, that a lot of companies can revert to if they have issues), but in most cases, its just a money/risk balance. Where money nearly always wins.

Even google faces ddos attacks. And very severe ones. Attacks at a scale that would not just kick you out of the game, you cannot even get the launcher to connect. Google however has a capacity that is magnitudes higher, they have to deliver a service to 2 billion people at once, instead of at peak times 200k. Note that the PSN has been down for a very long time at once because of a ddos. 2 weeks of having absolutely no way of getting online.

There is just no reason for SE to prepare before the attack, as it takes only a single test to know if a ddos works or not. And if not, pay more to scale it up. The ddos providers can reach terrabytes/s worth of data easily as they dont need this speed themselve, they only need a botnet large enough. Yet when defending, the only way to defend it is by making it possible to catch that number of traffic and spread it out enough so it can be processed (and discarded if its part of the ddos). If they protected against 200Mb/s, as ddosser you test just linearly in scale upward. first 100, then 200, and at 300 you see success so you stop scaling. If mitigation takes it to 400, you just continue testing upward and at 500 you again win. You are only restricted by the size of the botnet.

(and yes, ddosses are often measured in requests per second, but for the argument its still the same)

Quote:

---

Originally Posted by MistakeNot

I am afraid that is not true.
DDoS attacks affect the servers and their network connections. This is independent of which type of client a player uses.

---

I only have anecdotal evidence (I know that proves nothing), but at least in our FC on EU data center with 30-40 ppl online when the DDoS hit us yesterday and today only PC players got disconnected again and again while PS4/5 players only experienced lags, but stayed connected all the time.

Also not sure why. Maybe they have a different lobby server or use partly Sony IT infrastructure for connection handling and these parts are not attacked?

And they definitely implemented connection handling a little bit different on PS4/5 than on PC. E.g. PS users can see on their friend list in the game who else plays on PS4/5 since they can see a little PS logo in the list that we do not see on PC. That is also why our PS users are very sure about that PS4/5 players stayed connected and only saw PC user got disconnected.

Could be them just being routed differently and thus not as affected.

In my FC is even a IRL couple sitting next to each other in the same room. Husband plays on PC and wife on PS5. You should assume they use the same route to SE servers with same ISP. PC got disconnected and PS5 lag and stayed connected. And that through all the DDOS attacks.
Well could be still coincidence since the sample size is too small. ¯\_(ツ)_/¯

Do we know that this is still the DDOS and not various internet nodes and service providers having issues because of the Solar Flares happening right now?

No, not for sure. But Swedish national TV broadcaster SVT streamed the current ongoing live event "Den stora älgvandringen" (the great moose migration) flawlessly during the Solar Flares to the internet. You can see some aurora borealis in live stream around 0:29 am today. For them it did not seemed to be a huge problem. SVT also use Arelion/Twelve99 as ISP btw, the same company that also SE uses for its EU servers.

As far as I know there is only one company in the world that is known to be immune to DDOS attack ... and it is Amazon. First, because Amazon is in the business of selling server so they naturally they always have a large reserve capacity. Secondly, and probably more importantly, they did the math and see that they stand to lose hundred of millions for each minutes the website is down, or even billions if it's during holiday season. I think in the past Amazon came under concentrate attack for a straight 3 days, then the attackers gave up because Amazon's servers just shrug it off. I have never heard similar thing from any other tech companies. The joke is you can't DDOS Amazon, because the massive amount of business they process at any given moment means they're already ALWAYS DDOSed by their actual customers.

But in case if anyone wondering why there is no business incentive to preemptively stop DDOS attack ... just looks at amazon to see how big such incentive needs to be.

Quote:

---

Originally Posted by Raven2014

As far as I know there is only one company in the world that is known to be immune to DDOS attack ... and it is Amazon. First, because Amazon is in the business of selling server so they naturally they always have a large reserve capacity. Secondly, and probably more importantly, they did the math and see that they stand to lose hundred of millions for each minutes the website is down, or even billions if it's during holiday season. I think in the past Amazon came under concentrate attack for a straight 3 days, then the attackers gave up because Amazon's servers just shrug it off. I have never heard similar thing from any other tech companies. The joke is you can't DDOS Amazon, because the massive amount of business they process at any given moment means they're already ALWAYS DDOSed by their actual customers.

But in case if anyone wondering why there is no business incentive to preemptively stop DDOS attack ... just looks at amazon to see how big such incentive needs to be.

---

yeah, in this one instance I would agree with the thought that some have here that SE is a "small indie company" in comparison. Amazon = $514 billion annually and SE...$2.49 billion... Amazon makes it money doing many sales online and SE doesnt, not many companies need that kind of "protection" against these kind of attacks. though, does Amazon have a real defense, or are they servers just much more robust because of the volume they need to handle on a normal basis?

Quote:

---

Originally Posted by Kes13a

though, does Amazon have a real defense, or are they servers just much more robust because of the volume they need to handle on a normal basis?

---

That's exactly it, as other have said there is no "real" defense against DDOS beside outcapacity the attacker, Amazon's infrastructure is just "innate" in that regard. Basically they make sure they always have the capacity for holiday shopping (Prime day, Black Friday .etc.) when the traffic will increase many fold ... So to Amazon, a DDOS attack is no difference than the increase traffic spike they would see on a holiday, and they ALWAYS have more than enough capacity for it. Whenever an attack happens, Amazon's serve just look at it and thought "oh, is it Christmas today?" and scale up. Because of their ceiling is so high that I doubt any attacker would be able to exceed it.

Quote:

---

Originally Posted by hynaku

Why can't they just trace back to where all the massive DDOS logins are coming from. There should be a way to trace where they come from.

---

tracing will end up with a massive web of compromised devices. the first D in DDoS stands for "Distributed". which are only getting easier to do as we get more IoT devices (smart fridge? is that really something you want?), which can be compromised to be roped into a botnet with pretty much zero alarm raised to the end user because they don't think about them as being computers.

I've heard that DDoS attacks can be costly for the attacker as well, so it's not really sustainable for a long period I think. I think also the longer the attack goes the more Intrusion Protection Systems (IPS) start to kick in...I found it very interesting but I plan to research it further because my brain isn't wrinkly enough for this.

So I wonder if it's more of a 'weather it out' kinda thing until the body guard kicks in.

My smooth brain translated DDoS to this following analogy

Imagine you're at a restaurant, making an order....suddenly an influx of hundreds of customers come in, they start to occupy the space and begin to engage with the staff be it by complaining or placing an absurd amount of orders. The staff is overwhelmed by this chaotic situation and you (the legit user) is not getting proper service. The manager (network admin) then calls the police (IPS) starts to restore order (mitigate the attack) by dealing with these troublemakers (malicious traffic)

I guess an upside of all this is a stress test for SE to hopefully prepare for DT. Here's to hoping for a smooth release...

And again. Entire Group kicked out of a Trial with a 400 player login queue after. How many Days is this going to last? I hope they get this sorted before Dawntrail otherwise this is going to be a disaster.

chaos - omega, booted out of game right now (error 900002), with over 700 queue, definitely DDOS-ed again :D

Booted out from Ragnarok (Chaos) with a 90002 as well!

Coeurl on Crystal. Just got the boot with no ability to reconnect due to the usual errors. Looks like NA isn't out of the cross hairs this time.

Ultros is hurting right now as well. trying to farm EX trials for my zeta weapon and it's lagging hard

And booted as well. Good ol' 90002 while trying to do dailies.

Extremely small indie company, please look forward to it.

1 week with DDOS attack? uhmm. buy this emote for 15 usd and supports us.

smol indie company

plz understand

Primal is now hit, trying to get back in with a 400 queue. Why do I have a feeling this is just a warm up for DT? I hope SE invests some of th emoney in anti DDOS software. This game makes them enough money.......

play other games - yoship

I'm so glad my subscription is over before having to see any of these DDoS shenanigans, and I think I might keep it down for quite a while.

Quote:

---

Originally Posted by Casmir_Chev

Primal is now hit, trying to get back in with a 400 queue. Why do I have a feeling this is just a warm up for DT? I hope SE invests some of th emoney in anti DDOS software. This game makes them enough money.......

---

FFXIV money going back to the game?
please look forward to Forspoken and buy the collection edition fam.

Another one? Awesome, I was going to get home from work and take a nap rather then hopping on to play, but knowing SE, the server's will still be borked hours later from this post, probably into the night. Maybe if we're lucky it'll be a quick fix.

Truly the smallest of indie companies

I believe primal was hit just a few minutes ago as of writing. My entire party suffered a huge lag spike during a dungeon. Thankfully none of us disconnected save for one and we got past through most of it w/o further incident.

Not a good omen for DT to say the least.

Okay, look guys. I just got the latest list of copes from the Official Final Fantasy XIV Community, and you MUST agree.
1) This is not a DDoS, this is actually because American nodes are down but not Japanese. You see, Japan is this wonderful place where everything is perfect, so naturally they deserve a working game but we don’t. WoW is American so if you have a problem with other cultures, go play that.
2) This is a terrorist attack made by other countries in a specific part of the developing world in retaliation for anti-piracy changes. The Axis of Evil hates us because we are free. This anti-freedom terrorism is unjustified and cruel, and it is not SE’s fault. (Insert racist dog whistles here)
3) Every single other website and game has DDoS. WoW had this issue that one time ten years ago. So did Club Penguin and Neopets. Literally every website has this issue, it’s just normal and you need to learn to touch grass and go play other games.

In fact, to show support for the developers, I’m going to preorder Dawntrail another ten times just so Yoshi-sama can feel appreciated. It’s so cruel what these terrorists are doing to us, SE is just a small indie company and I’m sure they’re doing everything they can. After all, SE has great netcode and website infrastructure, right?

Quote:

---

Originally Posted by caffe_macchiato

2) This is a terrorist attack made by other countries in a specific part of the developing world in retaliation for anti-piracy changes. The Axis of Evil hates us because we are free. This anti-freedom terrorism is unjustified and cruel, and it is not SE’s fault. (Insert racist dog whistles here)

---

Heavy allegations. Unless you have proof it's not true.

Quote:

---

Originally Posted by Rueby

I've heard that DDoS attacks can be costly for the attacker as well, so it's not really sustainable for a long period I think. I think also the longer the attack goes the more Intrusion Protection Systems (IPS) start to kick in...I found it very interesting but I plan to research it further because my brain isn't wrinkly enough for this.

---

For ddos attacks the prices differ massively, and prices arent linear. The heavier the attack, the faster the price goes up. And especialy when they become very heavy, its exponential. The price betweeen the strongest attack and one at half of that is a diffirence of like 500x here. Maintaining large botnets is very expensive.

This is why IPS systems are problematic for ddos attacks long term. Initialy the ddos is cheaper than the defense, but once they scale up, pricing here is quite linear. As long as you can buy a server, you already require a ddos to be significantly stronger to compensate.

Also, if its detected which sources are known to be part, they can be blocked well ahead of the target. It only needs to pass through 1 of the datacenters that are part of a global system to avoid big ddos attacks, and suddenly your attack becomes crippled. And yes, large datacenters do these things because they otherwise would also risk hardware damage when a target is near one of their DCs.