This is not a DDOS, Tell the truth SE.

[Kailyn_Swiftheart]

Unless you want to implement some rather draconian privacy violations to make sure that attacks such as this are traced back to everybody involved and punished, we have to accept that there will be disruptions.

Spoken like a true non-cybersecurity expert.

I work in offensive cybersecurity at the NSA. (It's my job to do things like DoS, hacking, etc)

There are absolutely ways to prevent DDoS attacks, assuming they are happening directly against SE servers themselves, and not somewhere immediately upstream.

If SE separates their active directory server from their game servers, and only allows connections to the game server once authorized by the active directory (this can be done via ESTABLISHED lines in iptables on a Linux system), you can drop all packets unrelated to legitimate connections to the game servers. This would not prevent a DDoS attack against the active directory, of course, but any such attack would only prevent people from trying to log into the game. It would have no effect on active connections.

You can also limit the number of connections per second, among other actions. There are a myriad of solutions available in the modern era.

If the attacks are coming from upstream, the ISP should have alternate routes for traffic. If they don't, then it's a terrible ISP, and SE should consider changing contracts. I've heard this is the case.

There is absolutely no excuse for bad cybersecurity policy. The fact of the matter is, that's exactly what is happening here, whether it's on SE's side or on their ISP. Someone isn't doing their job, and we're all made to suffer for it.

[DendrielConcade]

I'm mentally dragging over this, being a Venue Owner opening around this time practically makes it impossible to entertain a full shift without issues, let alone if people would want to come back to the game just to come and idle and chill at my place if I brought everything back up and running. One of the new bits of content requires dedicated time and effort only to be ruined by this kind of stuff, raids getting their rewards uncapped won't matter if you're DCing during attempts. What the hell are they gonna do about this that's less quietly in the background maybe-so-probably-not fixing this? I love lingering and feeling comfy in this game only to just get DC'd each day, multiple times, and not even consistently(I've been DC'd often around the later times in the night, but one day it was like 2pm to 4pm EST and not at night).

Are we really just gonna be stuck with the game doing this for like another whole week or something just for the people to get bored or Squeen doing something half-assed?

[Kanehana]

It's been about 9 days since the November 3rd notice, and unofficially 11 days of this going on from word of mouth. 1/3 of a month in, and the attacks at least happen on a timely basis at midnight on the dot in Central NA, and at seemingly random times when the sun's up around here.

Every player in NA is anticipating the next attack that will destroy hours of progress and time spent, and they're watching other people complain on platforms, they're watching the subreddit that doesn't often get looked at by developers, they're watching Party Finder to see other people acknowledging the service disruption, and they're certainly watching the forum posts here.

I dunno, I'm just kinda speaking my mind out here, but this issue has definitely gone on longer than it should have? It isn't insulting, but it certainly does feel insulting, when FFXIV fires off the latest Moogle Treasure Trove event in the midst of these attacks, and in the tail end of October they tell us exciting news about glamour being unrestricted in the 89th Live Letter, only for not even less than a week later, the start of both periodic and random DDOS attacks happen, while people come online to see what cool things they could be wearing and bracing themselves for the December patch with the limited time they have.

Maybe SE really can't do anything (because NTT sucks that much, and ISP issues are outside of their ability, but they CAN break their contract if it's not being upheld properly, I think, hopefully, in usual cases, I don't know man, I just wanna play,) but the silence on the issue and the persistence of these attacks are really starting to disappoint everyone and it's getting so bad that people you would not see otherwise are really speaking up about it LOL

If you're a lurker, I suggest you post here in the forums as it's the closest we can get to being seen, if you feel like it? Especially since there's less people looking at other community hotspots, there probably aren't any people looking in the FFXIV subreddit or watching the hashtags on Twitter. I hope we all get something soon. Anything is better than the silence.

[Basteala]

Maybe we just drown them in snail mail and tell them to do something about the DDOS? I don't even know at this point.

[Kanehana]

Going after their investors would be way more notable than sending mail that they can curate LMAO

[Basteala]

Going after their investors would be way more notable than sending mail that they can curate LMAO

Well don't leave us in suspense...

Go on.

[YumieYumiki]

Maybe just keep opening support tickets. They won't be able to do anything, but surely the dev team looks at ticket statistics and will notice if there's a lot of tickets getting opened about this. (That is if the support people don't end up also pestering the devs like "hey we're getting shitloads of tickets about ddos")

Of course that's assuming that they are oblivious of the problem instead of struggling to resolve it. (Like I would imagine that the incidents are showing a spike on some server monitoring graph somewhere anyway)

[Kanehana]

Well don't leave us in suspense...

Go on.

And I won't pretend that I didn't see you post an address without certain intentions! I know that you, in particular, can do the research ^^ I believe in you!

[FeyFavilla]

Spoken like a true non-cybersecurity expert.

I work in offensive cybersecurity at the NSA. (It's my job to do things like DoS, hacking, etc)

There are absolutely ways to prevent DDoS attacks, assuming they are happening directly against SE servers themselves, and not somewhere immediately upstream.

If SE separates their active directory server from their game servers, and only allows connections to the game server once authorized by the active directory (this can be done via ESTABLISHED lines in iptables on a Linux system), you can drop all packets unrelated to legitimate connections to the game servers. This would not prevent a DDoS attack against the active directory, of course, but any such attack would only prevent people from trying to log into the game. It would have no effect on active connections.

You can also limit the number of connections per second, among other actions. There are a myriad of solutions available in the modern era.

If the attacks are coming from upstream, the ISP should have alternate routes for traffic. If they don't, then it's a terrible ISP, and SE should consider changing contracts. I've heard this is the case.

There is absolutely no excuse for bad cybersecurity policy. The fact of the matter is, that's exactly what is happening here, whether it's on SE's side or on their ISP. Someone isn't doing their job, and we're all made to suffer for it.

This mirrors more or less exactly what we were told when WoW was having issues years back and how they managed stuff. Login servers died but the game and all instances were fine. So I am not insane and there really are ways to fix the situation, coming from a professional. At this point then they HAVE to know there are ways to stop it and are actively choosing not to. What, to punish the players for the low sub numbers? Because they don't think our peace of mind is worth investing in a new system to protect the game not just now but in future down the line too?
Fantastic.

[Jeeqbit]

There are absolutely ways to prevent DDoS attacks, assuming they are happening directly against SE servers themselves, and not somewhere immediately upstream.

If the attacks are coming from upstream, the ISP should have alternate routes for traffic. If they don't, then it's a terrible ISP, and SE should consider changing contracts. I've heard this is the case.

Usually it's attacking an upstream ISP. SE usually says "we will continue to monitor the situation and work with ISPs to come up with countermeasures". Additionally, most DDoS we've ever had on this game, there have been players unaffected that are on different routes.

This particular DDoS is successfully disconnecting the vast majority of players. I was able to count 844 players on Jenova (that weren't in a duty), after going through a queue of 600ish, which suggests the majority of people got disconnected. When I'm in a party of 8, typically all 8 of us got disconnected.

I have thought they could solve it if they tried harder by having their own network of VPN/proxy servers and rotating which ones we connect to in order to avoid ongoing attacks on certain routes or IPs, or force attackers to distribute their efforts across more IPs. And then have a process to try and carry over connections to prevent game disruption.

They could also solve it by just making the client not disconnect so quickly. Ever notice how, when you log back in, it says "there is someone still logged in on another client". So the server thinks we are still connected, it was just the client that decided to give up too quickly. They need to make the client more risilient. I get that is difficult because packets are numbered and build up, but maybe they need to find a way to reverse the actions of those packets if they didn't reach the server and then discard the packets, so the client doesn't give up so quick (speaking of which, SE doesn't use UDP, which is what makes it harder for them to do this).