DDoS Attacks Confirmed

[negiman4]

DDOS attack is usually done by what's called zombie computers. Basically, millions of computer are already infected with malware and such right now that didn't do anything noticeable, and when the someone want to use them they just signal those thousands of millions of infected computers to send data to the place they want to DDOS, without the owners even realizing. That's why DDOS is hard to defend against, because it's so cheap and simple to do.

Alright. Then why not block the ip addresses of the computers that the attack is coming from? I'm assuming that if you play ffxiv, then you're sending data to their servers anyway so it wouldn't really matter if actual ffxiv players were infected.

[Rawrrior]

Alright. Then why not block the ip addresses of the computers that the attack is coming from? I'm assuming that if you play ffxiv, then you're sending data to their servers anyway so it wouldn't really matter if actual ffxiv players were infected.

The IP of the attackers are constantly changing and being masked to make it look like the attack is coming from X location at any given moment. You can't simply block the IP without blocking real, or potential players.

All they can do is pay extra bucks to put in DDoS attack relieving tech that can eat up the "fake" multiple connections while letting through the real ones. It ain't cheap!

And don't worry, everything will go back to normal in a week or 2 at most. These attacks don't usually last that long, and neither does the current problems happening in-game.

[wicked-one]

Alright. Then why not block the ip addresses of the computers that the attack is coming from? I'm assuming that if you play ffxiv, then you're sending data to their servers anyway so it wouldn't really matter if actual ffxiv players were infected.

The Keyword and difference between an classical DOS Attack is that D in front of DOS -> meaning Distributed.

That´s why its hard to mitigate such stuff because it´s coming from so many different IP´s (think 5-6 digit numbers) and it now try to sort out good from bad traffic...

[YitharV2]

Alright. Then why not block the ip addresses of the computers that the attack is coming from? I'm assuming that if you play ffxiv, then you're sending data to their servers anyway so it wouldn't really matter if actual ffxiv players were infected.

You must have not read my post, because I specifically said that there are too many IP addresses for the router to block. If it were that simple, DDoS attacks wouldn't be much of a threat.

Rawrrior also makes a good point that IP addresses can be spoofed/faked. The Internet was designed at a time when everyone was trusted so security was an afterthought to the Internet.

[Paladinleeds]

Alright. Then why not block the ip addresses of the computers that the attack is coming from? I'm assuming that if you play ffxiv, then you're sending data to their servers anyway so it wouldn't really matter if actual ffxiv players were infected.

A legitimate user could have been infected by malware (perhaps not even by doing anything wrong, legitimate sites do get hacked and infected with malware too that then gets installed on users computers, with new strains that anti-virus can't yet detect), so you'd be punishing someone and essentially banning them from the game for simply potentially getting infected by bad luck. That would create a PR calamity that would put the last Calamity that hit Eorzea to shame! Plus, that'd start measures for a class-action lawsuit, and you can bet lawyers would be foaming at the mouth for THAT opportunity.

Also, as has been previously mentioned, they're constantly flushing out the IP addresses of the botnet to give them new IPs. You'd have to ban pretty much the entire internet to stop it!

Name one MMO that hasn't been DDoSed, and they likely weren't even worth existing.

DDoS protection varies in strength, as does the magnitude of the attacks themselves. This was obviously a high-level attack that a game with small protection would've struggled to keep the servers operational period. Consider how the attacker has been proceeding and there really isn't any shame at all, except for the DDoSer who clearly is full of shame. Some people are saying SE is lying to us, but can they prove it isn't a DDoS attack? Until they can SE is being honest with us and not hiding anything, which is credible.

Hmm, did you quote the wrong person by accident? I don't think they were the one outright trying to say it wasn't a DDoS attack...