This is not a DDOS, Tell the truth SE.

What i find interesting is that those news notices that SE puts out concerning DDoS attacks sometimes mention countermeasures. What countermeasures do they speak of and when will they take effect?

Quote:

---

Originally Posted by caffe_macchiato

Facts in support of server overload:
- FFXIV is still the world's most popular MMO with over 30 million players (WoW, in comparison, only has around 3 million). We know that Square Enix did not anticipate FFXIV being this popular.
- A lot of people are running the new deep dungeon (if the game world feels empty, this is why).

---

It does not have 30 million ACTIVE players. It's sold 30 million copies. This also includes people who have to buy the game 2 times for both console and PC play.

We don't know how many active accounts there are but if I had to make a wild guess, it's not over 2 million active accounts.

Quote:

---

Originally Posted by Krojack

It does not have 30 million ACTIVE players. It's sold 30 million copies. This also includes people who have to buy the game 2 times for both console and PC play.

We don't know how many active accounts there are but if I had to make a wild guess, it's not over 2 million active accounts.

---

I think the latest lucky bancho survey said there were less than 800k active.

I already have friends who canceled their sub cause of the ddossing. Sucks but this is where we are at.

I hope someone brings it up during Fanfest

Didn't even get through one roulette. Recollection down to 11%.

Quote:

---

Originally Posted by PvpRaiden

I already have friends who canceled their sub cause of the ddossing. Sucks but this is where we are at.

I hope someone brings it up during Fanfest

---

If they do, I hope it's a damned incident at this point. This is getting to the point that if we don't hear something long before the Fanfest, one has to question whether they want a North American playerbase of any kind by the end of 7.x.

Yeah these DDOS attacks are really getting out of hand. They're happening really frequently too. Especially today :(. Like every 30 minutes or so? It's definitely making the game unfun right now, getting kicked out so frequently, and I'm not sure why it keeps happening so frequently all the time.

They certainly need to invest further into defending against ddos attacks, or at least try to devise a way to prevent players from getting kicked, because whatever they're doing isn't working at all. I don't blame anyone who unsubs because of this because the game is pretty much unplayable during ddos attacks since we're getting kicked so frequently we can't even play the game.

Quote:

---

Originally Posted by jesseleewelch

What i find interesting is that those news notices that SE puts out concerning DDoS attacks sometimes mention countermeasures. What countermeasures do they speak of and when will they take effect?

---

Whatever countermeasures they've done, they've either only done it for JP/EU/OC, or the bulk of the DDoS has shifted to NA in the past two years. Either way, they've put out the same generic message of

Quote:

---

During the time listed below, we were experiencing network technical difficulties due to a DDoS attack. Players may have experienced the following issues as a result. We will continue to monitor the situation and work with ISPs to come up with countermeasures.

---

since September 25, 2021.

So much conspiracy theory from our American cousins (shock) about "false" DDOS. I mean why would SE lie? It makes no sense. If they were having network issues at the DC then they would just say that.

I've had no connection problems on the Light Data Centre and not had any DC's since I re-joined 5 months ago. Around expansion launch different story, as for all, but EU data centre seem to be dodging what ever has been going on on NA for the past months. Come join us!

What is being lost in the whole thing is the countermeasures are use being able to log right back in instead of fully shutting the server down from the overload.

And it's pretty clear they only hit NA servers.

Quote:

---

Originally Posted by DaKitten

A DDOS in pretty much all scenarios is a consistent denial of service attack, if it were happening it would not be as inconsistent as this "DDOS" is.

Even with DDOS protection in place, it would still not be this inconsistent.

This is a server overload or server hardware issue, I'm not buying the excuse.

Please fix the actual problem.

---

Actually it is a DDoS .... BUT it's not an attack directed at XIV specifically.

IF XIV was being targeted directly then surely they'd hit all regions, not just NA, right?



Internet traffic travels through nodes usually ran by the hosting providers (NTT in this case) or the big internet exchanges like AWS, Cloudflare, Level3, Twelve99, Arelion etc.


It's a lot harder to DDoS one of the big internet exchanges as they invest millions into DDoS mitigation and protection, they have the resources to mitigate thousands of terabytes of DDoS traffic.




On the route to the XIV servers there is a problematic Node hosted by NTT in San Jose that keeps getting hit.

Because XIV routes through that node, the attacks against that node are having a knock on effect.


The only way things change is if they finally accept NTT is trash anywhere outside of Japan and changes hosting provider.

Either that or they massively upgrade their DDoS protection plan, JP is protected by Akamai so I heard and isn't hit anywhere near as much as NA



EU Servers route through nodes run by Arelion aka Telia (TeliaSonera). No NTT San Jose node and we're fine.



I don't know why they can't just come out and say -

"Our current hosting provider isn't living up to standards of service we and our customers expect and we're exploring other options"




I don't know if they stay with NTT because it's cheap or whether they use NTT because they wanted to stick with a Japanese company but come on now.......


The fact JP is unaffected but NA is riddled with issues is a big eye opener that either NTT sucks ass outside of Japan or the DDoS protection plan they have for NA is insufficient.




Some NA players found that VPN's like Mudfish and Exitlag can change the route your traffic takes which reduces your disconnections...

Quote:

---

Originally Posted by DaKitten

A DDOS in pretty much all scenarios is a consistent denial of service attack, if it were happening it would not be as inconsistent as this "DDOS" is.

Even with DDOS protection in place, it would still not be this inconsistent.

This is a server overload or server hardware issue, I'm not buying the excuse.

Please fix the actual problem.

---

SquareEnix is a Foreign and successful company that also got servers in the USA.... a certain Orange person is more likely to be blamed for it, if anything, as anything successful in NA is apparently a bad thing.

And there you have it... we don't have the issues on the EU/JP DC and it is the same hardware pretty much.

Quote:

---

Originally Posted by NightHour

Actually it is a DDoS .... BUT it's not an attack directed at XIV specifically.

---

The DDoS started 9 minutes after Savage released, and heavily disrupted everyone's progression in the NA region.

World First racers traveled to Materia (the OCE region) in order to avoid the DDoS attacks. Almost immediately, there was a DDoS attack on Materia in the Oceanic region.

And you think it's not targeted? This removed all doubt. It is very targeted. Considering it has affected WoW recently as well, perhaps the attacker does not like MMORPGs in general.

Quote:

---

IF XIV was being targeted directly then surely they'd hit all regions, not just NA, right?

---

Maybe the other regions have better DDoS mitigation. Or maybe they just need to focus the attack somewhere and choose where. They obviously were capable of attacking Materia, but didn't do it before because nobody hardly plays on it.

Quote:

---

It's a lot harder to DDoS one of the big internet exchanges as they invest millions into DDoS mitigation and protection, they have the resources to mitigate thousands of terabytes of DDoS traffic.

---

I emailed NTT myself and asked them to sort the general DDoS attacks on their nodes. Their response was from their security team, and they did not seem aware of a DDoS attack on their nodes otherwise they would probably have told me. They did, however, tell me that there can be DDoS targeted at specific organizations and that they have "DDoS mitigation services" that they can purchase.

They did not confirm nor deny whether Square Enix has purchased these DDoS mitigation services (obviously for privacy policy reasons), but I was able to find that NTT have several tiers of DDoS mitigation tools you can purchase allowing increased levels of packet analysis, filtering and configuration.

Quote:

---

Originally Posted by Themarvin

SquareEnix is a Foreign and successful company that also got servers in the USA.... a certain Orange person is more likely to be blamed for it, if anything, as anything successful in NA is apparently a bad thing.

And there you have it... we don't have the issues on the EU/JP DC and it is the same hardware pretty much.

---

There's a reason folks call it "derangement". This isn't Reddit, guy. That "certain Orange guy" has nothing to do with our problems here.

Quote:

---

Originally Posted by Jeeqbit

I just traced my route and the last node I can see an IP address for belongs to NTT. However, the geolocation on that IP was in Illinois. Is this the same one causing all of the problems? Or is it some other IP down the chain that's filtering out ICMP echo messages that I can't see? I would like to figure out if I need to switch to another node on my VPN to route around this problem.

---

Quote:

---

Originally Posted by ijuakos_xqwzts

I just traced my route and the last node I can see an IP address for belongs to NTT. However, the geolocation on that IP was in Illinois. Is this the same one causing all of the problems? Or is it some other IP down the chain that's filtering out ICMP echo messages that I can't see? I would like to figure out if I need to switch to another node on my VPN to route around this problem.

---

All I know is that when they filter suspected DDoS traffic it can be redirected.

"NTT DATA has globally deployed best-of-breed infrastructure with robust DDoS mitigation capabilities and sufficient capacity to combat large-scale attacks. When notified of a possible DDoS attack, our security experts analyze network data to confirm an attack is underway and then apply various countermeasures including the redirection of all traffic destined for the DDoS target through NTT DATA’s mitigation platform for scrubbing."

Quote:

---

Originally Posted by Jeeqbit

The DDoS started 9 minutes after Savage released, and heavily disrupted everyone's progression in the NA region.

World First racers traveled to Materia (the OCE region) in order to avoid the DDoS attacks. Almost immediately, there was a DDoS attack on Materia in the Oceanic region.

And you think it's not targeted? This removed all doubt.

---

Doesn't remove all doubt for me, yet, because of the simple possibility that it can be both things. 99% of the time, it could be a non-targeted attack on the NTT node. The other 1% of the time (aka when Savage released), malicious actors who do want to target FFXIV and are already clearly aware of the weak point (NTT node) do their thing. Wouldn't change that they have nothing to do with it the rest of the time. There can be multiple malicious actors with different motivations involved.

Quote:

---

Originally Posted by Jeeqbit

The DDoS started 9 minutes after Savage released, and heavily disrupted everyone's progression in the NA region.

World First racers traveled to Materia (the OCE region) in order to avoid the DDoS attacks. Almost immediately, there was a DDoS attack on Materia in the Oceanic region.

And you think it's not targeted? This removed all doubt. It is very targeted. Considering it has affected WoW recently as well, perhaps the attacker does not like MMORPGs in general.
Maybe the other regions have better DDoS mitigation. Or maybe they just need to focus the attack somewhere and choose where. They obviously were capable of attacking Materia, but didn't do it before because nobody hardly plays on it.
I emailed NTT myself and asked them to sort the general DDoS attacks on their nodes. Their response was from their security team, and they did not seem aware of a DDoS attack on their nodes otherwise they would probably have told me. They did, however, tell me that there can be DDoS targeted at specific organizations and that they have "DDoS mitigation services" that they can purchase.

They did not confirm nor deny whether Square Enix has purchased these DDoS mitigation services (obviously for privacy policy reasons), but I was able to find that NTT have several tiers of DDoS mitigation tools you can purchase allowing increased levels of packet analysis, filtering and configuration.

---

If it was targeted, why hit 1 region?

Why not hit multiple or all?


Half assed DDoS if it was targeted tbh.


I ran a traceroute to OCE dc... guess what came up...


NTT.

Quote:

---

Originally Posted by NightHour

If it was targeted, why hit 1 region?

---

They hit 2 as I said.

Quote:

---

Why not hit multiple or all?

---

If you were in control of an army, would you split the army and attack 4 countries, or send them all to attack one country?

The risk of splitting the army is that the attacks on the 4 countries are weaker than if they all focus on one country. Same logic for a DDoS attacker.

Quote:

---

I ran a traceroute to OCE dc... guess what came up... NTT.

---

Just yet another reason why they are hitting 1 region instead of all of them. It's probably the weakest target.

Quote:

---

Originally Posted by NightHour

If it was targeted, why hit 1 region?

Why not hit multiple or all?

---

One easy reason is that it is easier to target NA because the NTT nodes are so terrible it doesn't take much to cause them to start failing. And there's all sorts of reasons. Could be a JPN person not liking the NA playerbase because they are convinced SE listen to us more just as much as we are convinced of the reverse. Hell this most recent one could have even been a JPN raider wanting to ensure JPN won the race. Let's be honest, the JPN teams keep getting caught cheating so I wouldn't actually be shocked if they did this too.

What i find extremely funny that doesn't even make any sense is that if it was DDOS then using a vpn wouldnt help at all

Quote:

---

Originally Posted by Deejudanne

What i find extremely funny that doesn't even make any sense is that if it was DDOS then using a vpn wouldnt help at all

---

Yes, it does, we've established this. The method of attack targets an NTT node and traffic not routed through that node doesn't get disconnected. We should probably clarify what we mean by "targeted" when we have targeting as in NA servers and targeting as in attack method.

I don't know why we're taking NTT's word as trustworthy over Squenix's, and I don't know why we're expecting NTT to be open about DDoS when random people are emailing them. When Squenix had internal issues they put it on Lodestone, "DDoS attacks on NA" is a shoddy cover story at best and ignores the fact that a) internal failures would be hitting EU/JP/OC as well and b) Squenix failing to implement proper cyber security measures looks just as bad as internal failures.

Quote:

---

Originally Posted by KihyiFelhede

Yes, it does, we've established this. The method of attack targets an NTT node and traffic not routed through that node doesn't get disconnected. We should probably clarify what we mean by "targeted" when we have targeting as in NA servers and targeting as in attack method.

I don't know why we're taking NTT's word as trustworthy over Squenix's, and I don't know why we're expecting NTT to be open about DDoS when random people are emailing them. When Squenix had internal issues they put it on Lodestone, "DDoS attacks on NA" is a shoddy cover story at best and ignores the fact that a) internal failures would be hitting EU/JP/OC as well and b) Squenix failing to implement proper cyber security measures looks just as bad as internal failures.

---

Square-Enix failing to implement proper cyber security features is unfortunately not new given how hard they bungled the mute/black list systems not even a year ago.

thats not even true......its a nod connected to the NA servers. It's an ISP problem.

A quick google search would of told you that.

do some research before you try to farm outrage.

At the end of the day, does it really matter to us if it's DDoS or if their servers can't handle the traffic? The only thing that really matters is that this needs to be fixed asap.

I'm not have this issue.

I play on PS5 from Brazil with no VPN.

Hope this information helps.

I'm not having this issue.

I play on PS5 from Brazil with no VPN in the NA server, Behemoth world.

Hope this information helps on finding out the true problem.

I haven't opened the game despite being subbed for the past month.

Every day I would get DC or the Balmung server crash in the middle of the Frontline. I couldn't even see the new FC map because the server crashed like 2 times in a row.

Sad.

I was waiting for my DDOS this weekend, played on NA all weekend and nothing happened. It's only when I of course switched back to my EU main and started crafting high end gear that I got randomly disconnected. And lost my materials. And had to buy more. :)

Yeah it seems to have eased up post savage. Guy's probably waiting on his next paycheck to start buying more DDOS traffic....

Quote:

---

Originally Posted by ijuakos_xqwzts

There's a reason folks call it "derangement". This isn't Reddit, guy. That "certain Orange guy" has nothing to do with our problems here.

---

Can you make a character and log in when you want on a none NA DC... you can start with trying that part.

At the end of the day, the fact it's still happening while numerous other games and rival MMOs seem to fair better in response to DDOSing is telling on the quality of the game and its functions.
Bottom line: Mismanagement is very telling, Square Enix is set to start replacing more of their jobs with AI (quality care and assurance reportedly being one of them), and the angry swell of players hasn't stopped since Endwalker.