Xbox Live Players Targeted In Denial-of-Service Attacks

The BBC reports on a growing trend where some Xbox Live players are launching denial-of-service attacks against those who beat them or otherwise irritate them in games. Quoting: "'The smart thing about these Xbox tools is that they do not attack the Xbox Live network itself,' [Chris Boyd, director of malware research at Facetime Communications said.] He said the tools work by exploiting the way that the Xbox Live network is set up. Game consoles connecting to the Xbox network send data via the net, and for that it needs an IP address. Even better, said Mr Boyd, games played via Xbox Live are not hosted on private servers. The tools mean anyone with a few dollars can boot rivals off Xbox Live. 'Instead,' he said, 'a lot of games on Xbox Live are hosted by players.' ... For $20 (£13) some Xbox Live hackers will remotely access a customer's PC and set up the whole system so it can be run any time they need it. Some offer low rates to add compromised machines to a botnet and increase the amount of data flooding a particular IP address."

Re:Private servers

[Exawatt]

The servers allowing you to find each player are Microsoft's. The servers you play on are the player's own Xboxes (or is it Xboxs?). Some games may not use this method, but many games (e.g. Halo 3) do. Proof would be when the game host leaves, and everyone has to wait while the game says "selecting new host." Microsoft servers determine the game host as the one with the best connection to the other players, but from that point the game is played directly between the involved players.

It should be noted that many games work this way. Not just Xbox games. Not just FPS games. This "tactic" is nothing new. It's just a DoS targetted at an opponent.