These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

Unscheduled Downtime - 22/08/2014

First post
Author
Previous Topic Next Topic
Amhra Rho
Accujac Elimination
#421 - 2014-08-22 16:46:30 UTC
Thegasp Cupcakes wrote:
If i was CCP, i wouldn't waste money on preventing this kid's attack.. For one, he gets distracted too quickly, servers were interrupted for what? 60 seconds this time?

If he does it again, expect the servers to be back normal within the hour.

I calculated six hours and fifty-one minutes, and that was just one of the occurrences.

There's real reasons why your Eve character doesn't do /dance.
Thegasp Cupcakes
CareBears Gone Dark
#422 - 2014-08-22 16:57:53 UTC  |  Edited by: Thegasp Cupcakes
Amhra Rho wrote:
Thegasp Cupcakes wrote:
If i was CCP, i wouldn't waste money on preventing this kid's attack.. For one, he gets distracted too quickly, servers were interrupted for what? 60 seconds this time?

If he does it again, expect the servers to be back normal within the hour.

I calculated six hours and fifty-one minutes, and that was just one of the occurrences.


60s in reference to his latest hit, hes getting more and more like the hyperactive ADHD child he is.. he doesn't stay on anything long, compared to what has hit CCP before. Hes getting bored, and he has no reason, people with reason wait, and wait.. Eve Pilots should know this.. The ones that wait, should be feared.

BUT.. Hes just a kid (or equivalent), and hes bored, I doubt he will be taking EvE down for many hours again. He attacked asla.org (charity) for about 2 minutes after Eve online.. I bet asla didn't even notice their site was unreachable.. If it didn't knock us out of game, we probably wouldn't have noticed either (last time).
Ninteen Seventy-Nine
Pator Tech School
Minmatar Republic
#423 - 2014-08-22 17:26:49 UTC
Amhra Rho wrote:
Amanda Orion wrote:

It is not quite true to say there is nothing that can be done against a DDOS.

http://en.wikipedia.org/wiki/DDoS_mitigation

http://en.wikipedia.org/wiki/SYN_cookies


Exactly. DDoS is such a mundane, everyday predictable attack, you can just pick up a security appliance like this Checkpoint CPAP-DP4412 and drop it into your rack.

Will it work? For this last amateurish attack, yeah, it might be all you'll need. If not - as I've stated before - there's dozens of other highly effective strategies you can deploy. European castle, Asian castle, pre-filtering through your gateway load balancers (if you deploy load balancers), targeted stateful packet inspection from your primary firewall, or your secondary firewall, or both, etc.

Easy, yes. Cheap, no. That Checkpoint appliance alone runs about USD 70K. You can almost buy a Tesla for that.

It's an absurd notion that you can't utterly defeat a script kiddy DDoS attack. Amazon.com is victimized by DDoS all the time and it's never down. Microsoft.com is the most hacked/attacked site on the internet and it has been for 20 years, but it's never down. Never. They couldn't care less about DDoS attacks because they've deployed many layers of defenses against it. Microsoft.com was happy to have a Bill Gates budget to do it, though.


Lol i have individual optics on my desk right now worth more than 70k.

Most the things you talk about will not protect you from any serious attack. Hell, not even a moderate one.

I'm not sure what raw throughput is being generated by these attacks, or what specific forms they are using but I've seen small botnets takedown routers which cost far more than 70k and generate unreal Gbps in raw traffic.

Trying to weather the brunt of serious attacks and processing packet by packet your way through it could translate into millions of dollars. This is really the big problem w serious ddos. Its just so...much...crap the equipment or even circuits just get overwhelmed.

To say "geez ccp, just loadbalance" is so Lol it really makes the lack of knowledge on the topic self evident. (I know this and im not even an expert in security)

If you arent a big boy (larger corporations, which ccp is not) usually your best bet is to kill the traffic before it gets to you.

And unfortunately a lot of times that means either lopping off /20's or even lists of /16's to /12's on your provider side (killing traffic from entire nations and continents) or... just killing routing to the target of the attack itself.

"The unending paradox is that we do learn through pain."
Amhra Rho
Accujac Elimination
#424 - 2014-08-22 18:03:28 UTC
Ninteen Seventy-Nine wrote:
Amhra Rho wrote:
Amanda Orion wrote:

It is not quite true to say there is nothing that can be done against a DDOS.

http://en.wikipedia.org/wiki/DDoS_mitigation

http://en.wikipedia.org/wiki/SYN_cookies


Exactly. DDoS is such a mundane, everyday predictable attack, you can just pick up a security appliance like this Checkpoint CPAP-DP4412 and drop it into your rack.

Will it work? For this last amateurish attack, yeah, it might be all you'll need. If not - as I've stated before - there's dozens of other highly effective strategies you can deploy. European castle, Asian castle, pre-filtering through your gateway load balancers (if you deploy load balancers), targeted stateful packet inspection from your primary firewall, or your secondary firewall, or both, etc.

Easy, yes. Cheap, no. That Checkpoint appliance alone runs about USD 70K. You can almost buy a Tesla for that.

It's an absurd notion that you can't utterly defeat a script kiddy DDoS attack. Amazon.com is victimized by DDoS all the time and it's never down. Microsoft.com is the most hacked/attacked site on the internet and it has been for 20 years, but it's never down. Never. They couldn't care less about DDoS attacks because they've deployed many layers of defenses against it. Microsoft.com was happy to have a Bill Gates budget to do it, though.


Lol i have individual optics on my desk right now worth more than 70k.

Most the things you talk about will not protect you from any serious attack. Hell, not even a moderate one.

I'm not sure what raw throughput is being generated by these attacks, or what specific forms they are using but I've seen small botnets takedown routers which cost far more than 70k and generate unreal Gbps in raw traffic.

Trying to weather the brunt of serious attacks and processing packet by packet your way through it could translate into millions of dollars. This is really the big problem w serious ddos. Its just so...much...crap the equipment or even circuits just get overwhelmed.

To say "geez ccp, just loadbalance" is so Lol it really makes the lack of knowledge on the topic self evident. (I know this and im not even an expert in security)

If you arent a big boy (larger corporations, which ccp is not) usually your best bet is to kill the traffic before it gets to you.

And unfortunately a lot of times that means either lopping off /20's or even lists of /16's to /12's on your provider side (killing traffic from entire nations and continents) or... just killing routing to the target of the attack itself.

Oh, geez. There's so much wrong with this, I hardly know where to start. I didn't even say half the things you say I did.

You already do packet-by-packet inspection of every packet that comes in to your network from the cloud. And we already know exactly what type of bandwidth these a DDoS attack will generate because we know just about everything about modern DDoS attacks from constant exposure and analysis. A DDoS generates GB of trash, you say? It sure does. So the Checkpoint I mention is indeed spec'd in the GB of translated data throughput. If you need more than one, buy more than one, or buy one of Checkpoint's bigger ones - the one I use in my example is about mid-lvl.

Now we're in agreement about pre-processing being the best solution. That's why you load balance - you set up a preprocessor before each gateway load balancer. Did I suggest that CCP deploy this strategy? No. I pretty much suggested the opposite - that it would be too expensive by far for a small gaming company to consider. For a small gaming company, you'd better just maximize design logistics (European castle, Asian castle, etc.), and do what filtering that's practical.

Look, you admit that you're not an IT security wonk. I get it! Leave that job to me.

There's real reasons why your Eve character doesn't do /dance.
Celthric Kanerian
Viziam
Amarr Empire
#425 - 2014-08-22 18:06:11 UTC  |  Edited by: Celthric Kanerian
"Posted: 2014.08.21 17:57"

Still working at 17:57... CCP must be paying some nice overtimes.
But thanks nonetheless to the CCP team for working long hours for our enjoyment.
NiteNinja
Doomheim
#426 - 2014-08-22 18:16:08 UTC
We were briefly hit again this morning EDT (Not too long after downtime) but didn't last 7 hours like yesterday.

You would think Lizard Squad would've left a digital fingerprint somewhere. Even if the IP address is blocked/scrambled, a hardware address can be pulled from it, and so on.

Anyone using the EVE Launcher gets kicked right away when the Logon server goes down, but anyone who launches from exefile.exe stayed connected and just had some serious lag when the Distributed Denial of Service attacks happened (unless the user disconnected because of lag).

I'm sure someone above linked Lizard Squad's Twitter feed, too lazy to dig through 22 pages of posts, but you can see what they're doing there.

Chribba's nice little eve-offline.net tool really helped troubleshoot that it was a DDoS and not an issue with my client/connection.

And thanks to CCP in keeping people up to date on their server status twitter feed.
Daniel Jackson
Universal Exos
#427 - 2014-08-22 18:19:51 UTC
Tippia wrote:
xRyokenx wrote:
Up and down, then up and down.

TQ is the new Vengaboys?

yesh ^^

I Vote YES! for Downloadable HI-RES Textures!!!!
Carribean Queen
Vadimus Quarrier Works
#428 - 2014-08-22 19:28:40 UTC  |  Edited by: Carribean Queen
Amhra Rho wrote:
Look, you admit that you're not an IT security wonk. I get it! Leave that job to me.


Oh look, it's THIS **** again.

Your idea of being a 'security expert' lines right up there with "Installing Norton"

Here's the brass tacks cupcake, based on some of your other previous statements:

these giant anti-DDoS systems cost money. LOTS of it.

Last year Fiscal 2013, CCP Games generated 23 million in revenue, which you've been comparing the service they provide to Amazon several times. Amazon made 74.45 BILLION.

Amazon can afford these things. And they still suffer outages from time to time. CCP Games? Not so much.

Get over yourself. "Security Expert".

Pssssssshhhhhhh.
Amhra Rho
Accujac Elimination
#429 - 2014-08-22 19:40:23 UTC
Carribean Queen wrote:
Amhra Rho wrote:
Look, you admit that you're not an IT security wonk. I get it! Leave that job to me.


Oh look, it's THIS **** again.

Your idea of being a 'security expert' lines right up there with "Installing Norton"

Here's the brass tacks cupcake, based on some of your other previous statements:

these giant anti-DDoS systems cost money. LOTS of it.

Last year Fiscal 2013, CCP Games generated 23 million in revenue, which you've been comparing the service they provide to Amazon several times. Amazon made 74.45 BILLION.

Amazon can afford these things. And they still suffer outages from time to time. CCP Games? Not so much.

Get over yourself. "Security Expert".

Pssssssshhhhhhh.

Oh, so cuuuuuute. Someone named Carribean Queen is telling me stuff he doesn't know the first thing about. Oh, look - he doesn't even have the first clue about what I've even written!

There, there. Run along now . . .

There's real reasons why your Eve character doesn't do /dance.
Drago Shouna
Doomheim
#430 - 2014-08-22 19:53:22 UTC
DJentropy Ovaert wrote:
IIshira wrote:


Remind me not to mess with your Eve time... I was going to suggest a few months in Mexican prison lol



Confirming that jokes about inhumane prison conditions are top level comedy, right up there with jokes about getting sexually assaulted in prison. Way to take the high road, IIshira :P Though, I admit, your response is a lot more rational and level headed then shooting people in the head lol :P



Sooo, someone from Code pulling someone up about their attitude?

Thats different.

Solecist Project...." They refuse to play by the rules and laws of the game and use it as excuse ..." " They don't care about how you play as long as they get to play how they want."

Welcome to EVE.
Drago Shouna
Doomheim
#431 - 2014-08-22 20:03:15 UTC
IIshira wrote:
SF BrooD wrote:
i wish i could pew pew, i blew my gf off tonight so i could pew pew and now its no sex and now pew, im very sad...

Wow I think you need more downtime from Eve. If you keep blowing her off she might find someone else who won't


Or at least blow her off then play ^^

Solecist Project...." They refuse to play by the rules and laws of the game and use it as excuse ..." " They don't care about how you play as long as they get to play how they want."

Welcome to EVE.
Zhilia Mann
Tide Way Out Productions
#432 - 2014-08-22 22:34:50 UTC
CCP Falcon wrote:
UPDATE 08:30 - CONNECTIVITY TO TRANQUILITY HAS BEEN RESTORED


Sorry for the connectivity problems this morning guys, hopefully they're resolved now.

Apologies for any inconvenience!

- F


You've had a hell of a long week, haven't you? Would buy liquor if I were anywhere close. Nicely done, all in all.
Ninteen Seventy-Nine
Pator Tech School
Minmatar Republic
#433 - 2014-08-23 14:04:22 UTC  |  Edited by: Ninteen Seventy-Nine
Amhra Rho wrote:

Oh, geez. There's so much wrong with this, I hardly know where to start. I didn't even say half the things you say I did.

You already do packet-by-packet inspection of every packet that comes in to your network from the cloud. And we already know exactly what type of bandwidth these a DDoS attack will generate because we know just about everything about modern DDoS attacks from constant exposure and analysis. A DDoS generates GB of trash, you say? It sure does. So the Checkpoint I mention is indeed spec'd in the GB of translated data throughput. If you need more than one, buy more than one, or buy one of Checkpoint's bigger ones - the one I use in my example is about mid-lvl.

Now we're in agreement about pre-processing being the best solution. That's why you load balance - you set up a preprocessor before each gateway load balancer. Did I suggest that CCP deploy this strategy? No. I pretty much suggested the opposite - that it would be too expensive by far for a small gaming company to consider. For a small gaming company, you'd better just maximize design logistics (European castle, Asian castle, etc.), and do what filtering that's practical.

Look, you admit that you're not an IT security wonk. I get it! Leave that job to me.


I'm not an IT person, I'm a networking person. If you work for a company where you do both, you aren't fixing this problem yourself as they already haven't dedicated the resources needed to take either job incredibly seriously (usually small-med sized businesses dont need to). So, it is possible we're talking past each other a bit, as it's one thing to overload an auth server and another to bring someones network to a stop or to saturate their peering points.

If you're talking routers (and not some dell box running router software), the tax on system resources increases logarithmically as you increase the various types of rules. IP table look ups are one thing. But you need to examine a lot of different aspects of a packet to tell the good from the bad. Thus the more discriminate you wish to be, the more rules you'll need. This will involve different types of lookups which translate into different processes run by a different daemons on the device. The more rules you have, the more stressful traffic analysis becomes. This is essential understanding for any "serious" ddos as you will not be receiving uniform source destinations, packet types and even completely valid headers. That's how you take down routers (as in the device itself).

If you can "load balance", "preprocess" this, or whatever away with a firewall, you're probably not dealing with a very complex attack. Either it's going to be designed to cruise right past your typical firewall or saturate the links to the firewall.

This is why major networks don't have magical firewalls at every peer point. Your router is in its policies a firewall. If it was that easy, everyone would do it and be untouchable by DDoS attacks.

Less refined attacks that are a simple mass of udp or whatever can be processed, but again, usually used to overload circuits. You don't just load balance this away on the fly if it happens to you. Unless your bottleneck is in your datacenter and you can have someone run in there and start running cables :P (it isn't so you wont be) , you need to stop that traffic before it ever reaches your circuits or network. This isn't "preprocessing", this is killing it on an completely separate upstream network from yours or poisoning the route entirely so many AS's away someone says "hey I don't have a route to that" or "hey, i'm not supposed to pass along anything from you to that other place"

I did not say a DDoS generates GB of trash. I said it can generate many Gbps of raw traffic. These statements are not equivalent in any way.

-Trash is more easily taken out than traffic that is designed to appear legitimate.
-A GB is a specific volume set. A value usually reserved for disk size. Gbps is a rate of volume over time usually reserved for communication rates (hey, network speed!).

That aside there is a huge difference between GBps and Gbps and GB and Gb.
And while you can easily convert between the two, absolutely no one that actually works with this stuff, uses big Bs for anything but disk space and no one uses anything but little b's for rates nor would they confuse the two. That's usually the point where they fail the interview.

"The unending paradox is that we do learn through pain."