These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

Server Issues - Feb 28, 2014

First post First post
Author
Previous Topic Next Topic
GM Spiral
Game Master Retirement Home
#41 - 2014-02-28 11:22:48 UTC
CCP Eterne wrote:
You'll have to file a ticket. I'm unsure on the exact policy regarding this, but we tend to show leeway in these cases.


  • We'll be able to reverse any standings penalties attributed to the DDoS.
  • We'll also be able to reset any lost/failed COSMOS, storyline, or Epic Arc missions so you'll have a fair shot at doing them again.
  • Asset reimbursement for losses attributable to the DDoS will be strongly considered.


We apologize up front for any delays in responding to tickets submitted due to this, but we assure you that all will be responded to.

Senior Game Master | CCP Games Customer Support Team

Helping capsuleers since 2004.
Anhammerad
Doomheim
#42 - 2014-02-28 11:23:02 UTC
Yarda Black wrote:
Is there a way to figure out if your computer is enslaved into a bot network?

I run virusscans alot and I just ran one again cos I thought it was just little old me having the problem. I dont have virusses or, spyware or other unhealthy stuff going on it seems. Does that mean I'm not infected and thus not part of the botnetwork?



Install a good third party firewall that shows and allows control of incoming and outgoing connections, outbound filtering is what you need to have control over.

Mac: I use 'Little Snitch'
Windows ? maybe a windows user can suggest a good one...

Outbound filtering FTW
Daenna Chrysi
Omega Foundry Unit
Southern Legion Alliance
#43 - 2014-02-28 11:23:22 UTC
CCP Eterne wrote:
It seems the DDoS has stopped and we are currently in our regularly scheduled downtime. We'll continue to monitor things as we bring the server back online.


I am getting a funny feeling the attack was done by someone who doesnt know about the daily downtimes, I mean if you go through all the trouble of doing such an attack, wouldnt you time it better to make it as efficient as possible?
seth Hendar
I love you miners
#44 - 2014-02-28 11:25:12 UTC  |  Edited by: seth Hendar
Yarda Black wrote:
Is there a way to figure out if your computer is enslaved into a bot network?

I run virusscans alot and I just ran one again cos I thought it was just little old me having the problem. I dont have virusses or, spyware or other unhealthy stuff going on it seems. Does that mean I'm not infected and thus not part of the botnetwork?


there is no way to be 100% sure you are not, but a few basic things can make it higly unlikely.

1- SPI firewalls on network head (modem / modem-router) most modern router come with this
2- firewalls on each computer on your local network, any windows OS does have one
3- an up-to-date operating system, with user access control preferably (requires visa or higher)
4- an antivirus software, with real time scanning and comportemental detection, with the latest update ( database and soft, should be done at least once/ day, and a daily quick scan ) this doesn't take more than 5 minutes usually (most antivirus, even free ones, pack those features)

if you also are carefull about the websites you visits and the mail you receive (especially the atached content), there is very little risk.

now, there is still the possibility of a worm using 0-days but tbh, not much one can easily do in that regard.

if you are in doubt, it could also be a good idea to run a scan from an external OS (CD-rom / usb boot device) to ensure from an external POV the system is clean, this can help getting rid / ensuring there are no threats that would have disabled your antivirus
seth Hendar
I love you miners
#45 - 2014-02-28 11:29:36 UTC
Daenna Chrysi wrote:
CCP Eterne wrote:
It seems the DDoS has stopped and we are currently in our regularly scheduled downtime. We'll continue to monitor things as we bring the server back online.


I am getting a funny feeling the attack was done by someone who doesnt know about the daily downtimes, I mean if you go through all the trouble of doing such an attack, wouldnt you time it better to make it as efficient as possible?

or this could be a test run, and the attack will resume after the servers are back Cry

anyway good luck to CCP and the hamsters, not fun for us, but definitely not fun for them either!
Murdock4711
State War Academy
Caldari State
#46 - 2014-02-28 11:35:12 UTC
Just logged in, everything seemed to be normal, but then all of a sudden "socket closed" message. I have a feeling that it is not over yet.....
seth Hendar
I love you miners
#47 - 2014-02-28 11:36:08 UTC
Anhammerad wrote:
Yarda Black wrote:
Is there a way to figure out if your computer is enslaved into a bot network?

I run virusscans alot and I just ran one again cos I thought it was just little old me having the problem. I dont have virusses or, spyware or other unhealthy stuff going on it seems. Does that mean I'm not infected and thus not part of the botnetwork?



Install a good third party firewall that shows and allows control of incoming and outgoing connections, outbound filtering is what you need to have control over.

Mac: I use 'Little Snitch'
Windows ? maybe a windows user can suggest a good one...

Outbound filtering FTW

the integrated windows firewall can do that, but not using the default settings, you need to get your hands under the hood a bit.

see: http://social.technet.microsoft.com/Forums/windows/en-US/ac125536-37eb-44cf-ab4c-1ebd31cead2a/windows-7-firewall-outgoing-configuration?forum=w7itprosecurity

also, there are many 3rd party firewalls, able to do this.

but i shall warn that before installing or blocking outbound connections, one should know what he is doing.

unlike the other advice i gave a few post earlier, you could endup with non working softwares (or no network access AT ALL), and if you don't know how to configure firewalls, it an be a pain in the rear to solve the issue, so i would recommend it only if you have basic knwoledge regarding firewalls and networks
Cebraio
State War Academy
Caldari State
#48 - 2014-02-28 11:43:29 UTC  |  Edited by: Cebraio
Anhammerad wrote:
Yarda Black wrote:
Is there a way to figure out if your computer is enslaved into a bot network?

I run virusscans alot and I just ran one again cos I thought it was just little old me having the problem. I dont have virusses or, spyware or other unhealthy stuff going on it seems. Does that mean I'm not infected and thus not part of the botnetwork?



Install a good third party firewall that shows and allows control of incoming and outgoing connections, outbound filtering is what you need to have control over.

Mac: I use 'Little Snitch'
Windows ? maybe a windows user can suggest a good one...

Outbound filtering FTW

I use the Comodo toolset on Windows and I like it a lot. It has Firewall, Virusscan, Sandbox mode and other stuff for free. Also no annoying advertisement yet.

It shows in and outbound traffic in a very easy to understand way. However, with any third party firewall, you may run into issues when hosting/joining peer-to-peer games. Sometimes you may have to disable the firewall or put it into gaming mode.
Casandra Elise McIntire
Science and Trade Institute
Caldari State
#49 - 2014-02-28 11:48:24 UTC
Just wanted to state 10:30 eve time is a bit off, myself and others I am/was on comms with started having issues closer to 10:15 eve time, starting with disconnects and then inability to log in.
Haansu Mikairu
Echelon Research
Goonswarm Federation
#50 - 2014-02-28 11:59:58 UTC
Rastafarian God wrote:
Hopefully some gifted programmer finds a way to negate massive ping requests from a command prompt from several sources and this will be a thing of the past before long.


What year is it? Pirate

ICMP Echo (i.e. ping) floods are quite uncommon and rare these days.

Most DDoS attacks comprise of SYN Floods.

The latest and greatest in DDoS is that the script kiddies (i.e. noobs) have finally realised the potential for "amplification attacks" using NTP or DNS. The DNS Amplification attack is quite old, but since there are a lot of open resolvers on the Internet it still works. These typically range from a few Gbps up to 100-200Gbps.

The NTP Reflection/Amplification attack is considered "new" as it has been in the news recently, hitting targets with 400Gbps. (CloudFlare)

It should be noted that after the Open NTP Server Project went live, around 80% of open NTP servers are now not usable in this kind of amplification DDoS attack.


Tailoring a DoS attack against a specific type of service, is also common (but not as common as SYN floods). See "slowloris denial of service". (Slowloris most likely not the problem in this case.)

Last but not least, NTP and DNS Amplification attacks are hard to track/"triangulate", because the attacker sends a small spoofed packet where the source IP points to the target. It is known that some of these people performing DoS are quite often juveniles. The largest provider of DoS services are generally Russian. (Sorry, but that's generally the image in the community. That doesn't mean they choose the targets though.)


Anyway, I hope CCP finds a viable solution as DDoS'ing an online game is just plain annoying and stupid. Keep in mind some DDoS attacks are meant to cover other types of attacks, and I hope CCP will check their payment system for any suspicious activity as I'd rather not have any of my details disclosed despite that I don't use my credit card with EVE.
Haansu Mikairu
Echelon Research
Goonswarm Federation
#51 - 2014-02-28 12:06:35 UTC
Gaming God wrote:
CCP Eterne wrote:
As of 10:30 UTC, Tranquility is currently undergoing a DDoS attack that has knocked players offline and is preventing them from reconnecting to the server. We are currently investigating the attack and implementing countermeasures. We apologize for the inconvenience this may be causing players and hope to have functionality restored as soon as possible.


Just google on UNDER ATTACK OF DDOS and you wil find a rappid solution .

Link


I already recommended them to contact Prolexic. If their server is hosted in the UK, the attack could've originated from Romania:
http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16129&view=map

Bandwidth: 247Mbps

If this is the attack, it's relatively small to some of the recent attacks.

To compare:
247Mbps == 0.25Gbps

Recent attack on CloudFlare: 400Gbps.
Haansu Mikairu
Echelon Research
Goonswarm Federation
#52 - 2014-02-28 12:08:37 UTC  |  Edited by: Haansu Mikairu
Anhammerad wrote:
Yarda Black wrote:
Is there a way to figure out if your computer is enslaved into a bot network?

I run virusscans alot and I just ran one again cos I thought it was just little old me having the problem. I dont have virusses or, spyware or other unhealthy stuff going on it seems. Does that mean I'm not infected and thus not part of the botnetwork?



Install a good third party firewall that shows and allows control of incoming and outgoing connections, outbound filtering is what you need to have control over.

Mac: I use 'Little Snitch'
Windows ? maybe a windows user can suggest a good one...

Outbound filtering FTW


Hahaha one single firewall will break down if it only has 100Mbps available and a DDoS attack is 110Mbps'ish. You need something far more powerful than a "good firewall".

FYI filtering outbound SYN/ACK packets during a DDoS will still overwhelm the server. Plus you could easily lock out legitimate clients.

Let's just not hope the root cause was this: http://bits.blogs.nytimes.com/2012/09/10/member-of-anonymous-takes-credit-for-godaddy-attack/
seth Hendar
I love you miners
#53 - 2014-02-28 12:28:57 UTC
Haansu Mikairu wrote:
Anhammerad wrote:
Yarda Black wrote:
Is there a way to figure out if your computer is enslaved into a bot network?

I run virusscans alot and I just ran one again cos I thought it was just little old me having the problem. I dont have virusses or, spyware or other unhealthy stuff going on it seems. Does that mean I'm not infected and thus not part of the botnetwork?



Install a good third party firewall that shows and allows control of incoming and outgoing connections, outbound filtering is what you need to have control over.

Mac: I use 'Little Snitch'
Windows ? maybe a windows user can suggest a good one...

Outbound filtering FTW


Hahaha one single firewall will break down if it only has 100Mbps available and a DDoS attack is 110Mbps'ish. You need something far more powerful than a "good firewall".

FYI filtering outbound SYN/ACK packets during a DDoS will still overwhelm the server. Plus you could easily lock out legitimate clients.

Let's just not hope the root cause was this: http://bits.blogs.nytimes.com/2012/09/10/member-of-anonymous-takes-credit-for-godaddy-attack/

tbh, it is very unlikely that one be victim of DDOS as a player, and a DDOS attack on a specific person using a regular consumer connection, will drop it, whatever the hardware behind it.

when you see how the cost scale, no point investing in DDOs resistant hardware unless you are a company
Gary Bell
Therapy.
Brave Collective
#54 - 2014-02-28 12:37:26 UTC
Tinfoil On..

What if..

Chribba added bot software to all his sites..

Eveboard..

Dotlan..

and Omg

EFT..

and Pyfa..

WE ARE DDOS OURSELVES

AHHHHHHH
seth Hendar
I love you miners
#55 - 2014-02-28 12:52:40 UTC
Gary Bell wrote:
Tinfoil On..

What if..

Chribba added bot software to all his sites..

Eveboard..

Dotlan..

and Omg

EFT..

and Pyfa..

WE ARE DDOS OURSELVES

AHHHHHHH

would be the best troll ever tbhTwisted
Victor Andall
#56 - 2014-02-28 13:08:03 UTC
Haansu Mikairu wrote:
I already recommended them to contact Prolexic. If their server is hosted in the UK, the attack could've originated from Romania:
http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16129&view=map


Guldarn Rumaniens jess won't stop invading the UK!

I just undocked for the first time and someone challenged me to a duel. Wat do?

19.08.2014 - Dinsdale gets slammed by CCP Falcon. Never forget.
Meilandra Vanderganken
Aliastra
Gallente Federation
#57 - 2014-02-28 13:10:02 UTC
Gary Bell wrote:
Tinfoil On..

What if..

Chribba added bot software to all his sites..

Eveboard..

Dotlan..

and Omg

EFT..

and Pyfa..

WE ARE DDOS OURSELVES

AHHHHHHH

ShockedShockedShocked
Cebraio
State War Academy
Caldari State
#58 - 2014-02-28 13:18:29 UTC
Gary Bell wrote:
Tinfoil On..

Dotlan is not from Chribba but Wollari.
EFT and Pyfa are also not related to Chribba.
BrundleMeth
State War Academy
Caldari State
#59 - 2014-02-28 17:04:59 UTC
Whew....

As long as my Ibis is reimbursed I'm good...
Prie Mary
Science and Trade Institute
Caldari State
#60 - 2014-02-28 17:31:33 UTC
I'd like to point out to the DEVS that stating all ships lost during a DDoS attack might be a bad move.

What if the loosing side in B-R decided to DDoS the server as "all ships lost during server issues are reimbursed"



Dont just [u]think[/u] outside the box, [u]Live[/u] outside of it...