These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

Unscheduled Downtime - 31/12/2013

First post
Author
Previous Topic Next Topic
Altstar Erata
Pirates Of The Seven Stars
#121 - 2014-01-01 03:07:03 UTC
Same problem here (East Coast , Australia). Cannot even ping the cluster, trace route dies @ 199.16.95.146 Sad
Xarolith Speedstrike
Caldari Provisions
Caldari State
#122 - 2014-01-01 03:14:47 UTC
Oh ya before I forget I also can't access my account page so I can manage my accounts. But my phone can.
Zylithi
Four Mouseketeers
#123 - 2014-01-01 03:25:03 UTC  |  Edited by: Zylithi
For those experiencing connection difficulties:


The reason you're unable to connect is likely due to DDoS mitigation techniques used by CCP's upstream network service provider. A DDoS is defined as sending extremely large quantities of garbage to a destination but, fortunately, said garbage is very easy to detect if you look for the right pattern (ESPECIALLY the application these "hackers" used). The challenge is what is to be done once said pattern is detected, and the only thing really an NSP can do is add a simple rule that says "WHEN IP = [range] THEN Forward traffic to 0.0.0.0" which tells the high-speed router to simply discard said traffic when the IP matches. Generally a separate machine will "sniff" some of the traffic moving through and tell the router to add rules matching those garbage characteristics, but there is lag time as the analyzer can only handle so much traffic.

Quite often traffic will come from similar IPs such as 40.40.40.1 and 40.40.40.10 so the software, detecting this, in the interest of speed, will just add one rule to match the range instead of 10 rules matching each. A lot of times entire business networks can be compromised, so this is often the case, more so than residential connections, so as a network analyst is is common to see floods coming from 200,300,500 consecutive IPs.

What this means for you is you may have issues for another few hours, until this garbage traffic from similar and close IPs ceases. I've heard that the FBI did countermand the botnets' command and control network (cutting the head off the chicken so to speak), meaning it shouldn't be much longer until the straggler machines still flooding CCPs servers withouut instructions from thhe C&C network stop sending garbage (when Granny's comp is restarted for example).

If you're handy with computers, you could try and force a release/renew on your router to try and mitigate this. This generally will give you a new IP. DSL customers? Just power-cycle your modem.

New Information

Before doing that, open command prompt inn Administrator mode and type "ipconfig /flushdns"

If this all still fails, go yell at your ISP for cheaping out and breaking Internet conventions on DNS time-to-live.
James Amril-Kesh
Viziam
Amarr Empire
#124 - 2014-01-01 03:39:20 UTC
Hesod Adee wrote:
KIller Wabbit wrote:
Given that Twitch knowingly allowed a channel to encourage this attack - I hope CCP is dropping their integration in a patch ASAP.



I agree that Twitch should have taken down his channel as soon as they knew what was happening there. But when did Twitch find out ?

Should they have? Or is it a potential tool investigators can use to help them find the perpetrators?

Enjoying the rain today? ;)
KIATolon
Black Omega Security
Minmatar Fleet Alliance
#125 - 2014-01-01 05:43:34 UTC
Zylithi wrote:
For those experiencing connection difficulties:


The reason you're unable to connect is likely due to DDoS mitigation techniques used by CCP's upstream network service provider. A DDoS is defined as sending extremely large quantities of garbage to a destination but, fortunately, said garbage is very easy to detect if you look for the right pattern (ESPECIALLY the application these "hackers" used). The challenge is what is to be done once said pattern is detected, and the only thing really an NSP can do is add a simple rule that says "WHEN IP = [range] THEN Forward traffic to 0.0.0.0" which tells the high-speed router to simply discard said traffic when the IP matches. Generally a separate machine will "sniff" some of the traffic moving through and tell the router to add rules matching those garbage characteristics, but there is lag time as the analyzer can only handle so much traffic.

Quite often traffic will come from similar IPs such as 40.40.40.1 and 40.40.40.10 so the software, detecting this, in the interest of speed, will just add one rule to match the range instead of 10 rules matching each. A lot of times entire business networks can be compromised, so this is often the case, more so than residential connections, so as a network analyst is is common to see floods coming from 200,300,500 consecutive IPs.

What this means for you is you may have issues for another few hours, until this garbage traffic from similar and close IPs ceases. I've heard that the FBI did countermand the botnets' command and control network (cutting the head off the chicken so to speak), meaning it shouldn't be much longer until the straggler machines still flooding CCPs servers withouut instructions from thhe C&C network stop sending garbage (when Granny's comp is restarted for example).

If you're handy with computers, you could try and force a release/renew on your router to try and mitigate this. This generally will give you a new IP. DSL customers? Just power-cycle your modem.

New Information

Before doing that, open command prompt inn Administrator mode and type "ipconfig /flushdns"

If this all still fails, go yell at your ISP for cheaping out and breaking Internet conventions on DNS time-to-live.

I cant log on one PC and can log on with another. I've tried rebooting and flushing DNS. It works through the launcher but not from the bin/ folder
Steven Alfrir
Republic University
Minmatar Republic
#126 - 2014-01-01 05:49:27 UTC
Is our personal account/login details safe from being captured by "zombie servers" as the rumors have put it?
Because is a point of concern for me.

I like crazy plans
Xarolith Speedstrike
Caldari Provisions
Caldari State
#127 - 2014-01-01 08:49:36 UTC
Altstar Erata wrote:
Same problem here (East Coast , Australia). Cannot even ping the cluster, trace route dies @ 199.16.95.146 Sad


Just did a trace myself and same thing happens to me. Are you possibly on satellite Internet as well?
Kagura Nikon
Native Freshfood
Minmatar Republic
#128 - 2014-01-01 09:37:30 UTC
Steven Alfrir wrote:
Is our personal account/login details safe from being captured by "zombie servers" as the rumors have put it?
Because is a point of concern for me.



I doubt the eve client send the passwword to the server on authetication. It shoudlrpobably send only the hash of the password so that even sniffing that youc annto for example access another CCP system like accoutn page.

"If brute force does not solve your problem....  then you are  surely not using enough!"
Kagura Nikon
Native Freshfood
Minmatar Republic
#129 - 2014-01-01 09:40:19 UTC
CCP Explorer wrote:
Jebediah Walsh wrote:
I wish I knew where that prebuscent derp lived... I'd come over and bully his sorry acne infested face around for a few hours before I shoved his head into the toilet and flushed it... then shove him into a locker and put insinuating comments on his locker door in lipstick... pink lipstick...

then again...

he probably just needs a hug.... you'd be surprised what people do when they lack that one little human interaction in their daily lives.
They probably just need a hug.



..from behind...

"If brute force does not solve your problem....  then you are  surely not using enough!"
Maichin Civire
#130 - 2014-01-01 10:38:25 UTC
Do you guys know, how long can it last yet? For more than twelve hours I can play, yes - but not more as five minutes, after that my client crashes.

This idiot from stream slightly looks like Mad. Are they all the same?
Erin Crawford
#131 - 2014-01-01 10:58:58 UTC
Lugia3 wrote:
https://twitter.com/DerpTrolling


They must be a bunch basement dwelling losers! Who does this kind of stuff!!! I mean really! WTH?!?!

http://i.imgur.com/CIIXlnl.gif

"Those who talk don’t know. Those who know don’t talk. "
Rammix
TheMurk
#132 - 2014-01-01 11:24:33 UTC
Maichin Civire wrote:
Do you guys know, how long can it last yet? For more than twelve hours I can play, yes - but not more as five minutes, after that my client crashes.

This idiot from stream slightly looks like Mad. Are they all the same?

Guys, don't watch such streams, don't support those fa**ots with visits on their pages.

OpenSUSE Leap 42.1, wine >1.9

Covert cyno in highsec: https://forums.eveonline.com/default.aspx?g=posts&t=296129&find=unread
Rammix
TheMurk
#133 - 2014-01-01 11:25:52 UTC
Erin Crawford wrote:
Lugia3 wrote:
https://twitter.com/DerpTrolling


They must be a bunch basement dwelling losers! Who does this kind of stuff!!! I mean really! WTH?!?!

http://i.imgur.com/CIIXlnl.gif

Nice people DDOS scientologists.

Those who ddos game servers are filth. They have no souls.

OpenSUSE Leap 42.1, wine >1.9

Covert cyno in highsec: https://forums.eveonline.com/default.aspx?g=posts&t=296129&find=unread
Maichin Civire
#134 - 2014-01-01 11:33:19 UTC
Rammix wrote:
Maichin Civire wrote:
Do you guys know, how long can it last yet? For more than twelve hours I can play, yes - but not more as five minutes, after that my client crashes.

This idiot from stream slightly looks like Mad. Are they all the same?

Guys, don't watch such streams, don't support those fa**ots with visits on their pages.

I am not. I was just looking after "look-at-me" Ani campaign on EVE forum. It was quite enjoying after third page Bear
Capt Lynch
Strategic Exploration and Development Corp
Silent Company
#135 - 2014-01-01 13:00:30 UTC
I am hearing rumours on various news sites covering this that the DDOS may have been cover for stealing login details...can someone from CCP tell us if we should alter our login details or not?
Zylithi
Four Mouseketeers
#136 - 2014-01-01 13:18:46 UTC
Capt Lynch wrote:
I am hearing rumours on various news sites covering this that the DDOS may have been cover for stealing login details...can someone from CCP tell us if we should alter our login details or not?


A DDoS does not penetrate the server in question, the only intention behind it is to cram as much bogus data down CCP's internet connection as it can, with the intent of preventing legitimate access.

Think of your home Internet connection. If you have a few torrents running, you notice your Netflix doesn't work as well if at all. Think of it like this, but on a much larger scale.
CCP Explorer
C C P
C C P Alliance
#137 - 2014-01-01 13:51:13 UTC
Capt Lynch wrote:
I am hearing rumours on various news sites covering this that the DDOS may have been cover for stealing login details...can someone from CCP tell us if we should alter our login details or not?
References please.

Erlendur S. Thorsteinsson | Senior Development Director | EVE Online // CCP Games | @CCP_Explorer
ElQuirko
University of Caille
Gallente Federation
#138 - 2014-01-01 15:28:29 UTC
CCP Falcon wrote:
Billy Hix wrote:
CCP Falcon wrote:
Our services have been the target of a DDoS attack this evening, and we're currently working on rectifying the situation and making sure that everything comes back online okay.


What did you do wrong this year to be the one locked in the office trying to stop the servers melting while everyone else is drunk and at parties? I feel bad for you, I remember being in the same position :-(


I was going to have more drinks tonight... I've been drinking since 10am this morning, but sadly that's off the cards now.

EVE, and you guys take priority when this happens.

Smile


Wait, we had a drunk dev in charge of the servers for a while? Shocked

Dodixie > Hek
KIller Wabbit
MEME Thoughts
#139 - 2014-01-01 15:35:52 UTC
ElQuirko wrote:
CCP Falcon wrote:


I was going to have more drinks tonight... I've been drinking since 10am this morning, but sadly that's off the cards now.

EVE, and you guys take priority when this happens.

Smile


Wait, we had a drunk dev in charge of the servers for a while? Shocked


It's all good - we had a few drunk pilots in charge of spaceships at the same time.
Nicen Jehr
Subsidy H.R.S.
Xagenic Freymvork
#140 - 2014-01-01 16:23:25 UTC
CCP Explorer wrote:
Capt Lynch wrote:
I am hearing rumours on various news sites covering this that the DDOS may have been cover for stealing login details...can someone from CCP tell us if we should alter our login details or not?
References please.
prolly this:
http://themittani.com/news/eve-online-suffers-ddos-attack
Angry Moustache wrote:
A security expert on staff pointed out that the Lulzsec DDoS campaign was used to cover larger breaches into affected systems (although CCP was not breached), and that this new attack could be similar cover for an attempt to gain user data, including login names and passwords.

Little Things to improve ≡⋁≡ | My Little Things posts