Results 1 to 10 of 35

Hybrid View

  1. #1
    Player
    Souljacker's Avatar
    Join Date
    Apr 2011
    Posts
    1,220
    Character
    Last Hero
    World
    Coeurl
    Main Class
    Thaumaturge Lv 90
    Quote Originally Posted by Malzian View Post
    Yeah, I'm in IT and that field you are talking about (Computer Information System and Information Assurance) was my major in College. Are there ways of mitigating the attack? Yes, to a point. However, sophisticated DDoS attacks are inherently difficult to deal with since there is no single point of origin you can just cut off and be done with. The only company that has successfully thwarted a strong DDoS attack is Microsoft, which is only due to them being able to spin up thousands of virtual servers on their Azure cloud network. It's why Live was up in a day and PSN was down for weeks. So, yeah... You don't just handle DDoS attacks, you weather them and do your best to stabilize where you can.
    These things actually happen to call attention to lax security, not because there is no defense against them and we should all just give up. The guys who did those attacks (Lizard I believe?) called both targets idiots and they were mostly right.
    (0)

  2. #2
    Player
    Nezm's Avatar
    Join Date
    May 2015
    Posts
    7
    Character
    Nezm Marinr
    World
    Cerberus
    Main Class
    Goldsmith Lv 50
    Quote Originally Posted by Souljacker View Post
    These things actually happen to call attention to lax security, not because there is no defense against them and we should all just give up. The guys who did those attacks (Lizard I believe?) called both targets idiots and they were mostly right.
    Hmmm awful lot of those lax securities which may be used lie in bugs found in the NW or Infra manufacturers equipment, which has little to do with the company using it.

    Saying as such I believe LS used a route which only redundancy could prevent. Meaning your security choices are close the service down or, or have a complete separate infrastructure to re route to. And that's pretty much it.
    From there they might be able to be handled reactively, but the service is already down.
    (0)
    Last edited by Nezm; 05-27-2015 at 10:21 PM.

  3. #3
    Player
    Malzian's Avatar
    Join Date
    Aug 2013
    Location
    Ul'dah
    Posts
    1,223
    Character
    Kylrin Arresard
    World
    Behemoth
    Main Class
    Bard Lv 90
    Quote Originally Posted by Souljacker View Post
    These things actually happen to call attention to lax security, not because there is no defense against them and we should all just give up. The guys who did those attacks (Lizard I believe?) called both targets idiots and they were mostly right.
    You seem to have a misunderstanding of what a DDoS attack actually is. These types of attacks do not actually stem from any individual security flaw in a company’s system. Did Lizard Squad call MS and Sony idiots? Yes. Do both companies have issues with their security practices? Yes, most especially Sony. However, DDoS doesn’t take into effect any specific vulnerability and instead leverages the main feature of how the internet works and how servers handle traffic.

    The best example is probably the simplest, and that one is the office secretary:

    So, let us say for argument’s sake that we have an office building and that building gets a certain amount of letters per day. Each letter needs to be received and read by a secretary who then has three possible options regarding that letter: pass it on to its destination, put the letter into a queue to wait or throw the letter out. We have no idea where the letters are coming from or what they contain, though we have a specific set of rules regarding which of the three actions are taken based on whatever criteria we’ve decided on.

    Next, let’s assume that the secretary can read through and sort 1,000 letters a second with 100% accuracy. This means that if 1,000 letters come in it takes 1 second to sort through and follow the appropriate action for it. If 10,000 letters come in, it takes 10 seconds to do this provided no other letters come through in the mean-time. Also let’s assume that the maximum capacity of the room to hold letters is 1,000,000.

    If we only ever receive 1,000 letters every second then it’s no problem since the secretary can handle it all and everything is nice and smooth. If we receive 10,000 letters in 2 seconds then the room will still take 10 seconds to empty since we can only handle 1,000 every second. However… if I start receiving 10,000 letters every 2 seconds continuously then the pace at which they arrive will quickly overcome what the secretary can handle and it takes about 111 seconds… a little under two minutes, but at this point the room is full.

    This means that no new messages can make it in to the secretary for another full second during which she can only handle 1,000. But since 5,000 have just arrived and only 1,000 get in meaning the other 4,000 get dropped. (This is packet-loss in a nutshell.)

    The only… and I mean -only- way do deal with this is to hire more secretaries, or in more realistic terms is to set up new servers to handle the load. This takes both time and money, and typically lots of both. You can’t say things like, ‘Well, we’ll just stop accepting all those letters.’ The paradox there is that someone still needs to sort them to determine if they’re ones we don’t want.

    This is the exact problem DDoS causes. Millions of machines sending millions of requests per second to a system, and that system gets overloaded and can no longer deal with the requests and therefore can no longer respond. This is why Microsoft was able to deal with it and Sony was not. Microsoft didn’t need to invest in hardware to put up new servers (to make ‘new secretaries’), they just created thousands of virtual ones to do the work and had the capacity to add even more if they needed to with virtually no expense in time nor money.

    So no, we don’t just sit back and give up. We do what we can to anticipate and mitigate, we shore up the best possible system we can manage and wait for the letters to start coming in. Hopefully your redundancy pans out, sometimes it doesn’t, sometimes we have better sorting methods and can handle more traffic… but you can’t stop the letters, all you can do is put as much effort into getting them dealt with and gone before the next round comes in.
    (5)
    Last edited by Malzian; 05-27-2015 at 11:05 PM. Reason: Grammatical.