Slashdot Mirror
Lizard Squad: Xbox Live, PSN Attacks Were a 'Marketing Scheme' For DDoS Service
blottsie writes The devastating Christmas Day attacks against the gaming networks of Sony and Microsoft were a marketing scheme for a commercial cyberattack service, according to the hackers claiming responsibility for the attacks. Known as Lizard Squad, the hacker collective says it shut down the PlayStation Network (PSN) and Xbox Live network on Dec. 25 using a distributed denial-of-service (DDoS) attack, a common technique that overloads servers with data requests. The powerful attacks rendered the networks unusable for days, infuriating gamers around the world and causing yet-untold losses of revenue. Now, members of Lizard Squad say the group is selling the DDoS service they used against Sony and Microsoft to anyone willing to pay.
not like you can play any game on the first day anyway
everything is virtualized to the point where they support average players months after release and not the day of release and idiots not only pre-order the games, they change the store country to play it the second it goes live somewhere in the world.
a justice reward to these lil Asshats. I am quite pleased that Anonymous has already done their homework and spread all the information about these douchecanoes throughout the internet so their lives are wrecked for the foreseaable future. I'd hate to think that some mouthbreather CoD player go word that him and his mates are kicked off line by that kid down the street and enact vengeance for all of us.
Wheel of Time: Book by Book and Sumview (summary review) Bigdady92 style: http://bigdady92.blogspot.com/
"anyone willing to pay" -- you mean like an FBI agent with a credit card?
Old age and treachery almost always overcome youth and skill.
Sounds like an awesome way to get caught and shutdown. Keep at it boys.
X
devastating
No, there are lots of things that have happened in the past week that qualify as devastating, but these were not on that list. A major annoyance? Sure. Devastating? Not so much. Just because some people who paid too much for a gaming system weren't able to use it the first day after they got it; and the companies who sold it to them had to wait a little longer to get credit card numbers to charge monthly fees for these people, doesn't make it devastating.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Dammit, get it right!
They were just exploring for unsecured systems in order to benevolently improve the Internet.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
I wonder how much target validation they do.
If I were sony I might pay someone to be their first customer. Target of course would be important backend infrastructure for a major retailer..... then hand them a list of DoD IPs to hit.
Oh you want me to pay you to poke sticks at sleeping animals? Here is $10 go poke that bear.
"I opened my eyes, and everything went dark again"
1) Yes, DDoSing someone is illegal
2) In order to carry out the DDoS they very likely have millions of PCs in a botnet. Every single one of those is a count of unauthorised use of a computer system.
Why pay for something that can be found searching duckduckgo"they have to change that name lol" for free? And its not like theses scum are what i would call a trustworthy business or humans.
Jack of all trades,master of none
"Just send us your address, so we can mail you the check."
SJW's don't eliminate discrimination. They just expropriate it for themselves.
They certainly do have laws against this. Here in the UK there is the Computer Misuse Act which is the most obvious. As regards to a solution, you can't really defend against a DDoS. There is no way to distinguish a legitimate request to www.google.com from one from a machine that is part of a Botnet until its done a certain number of retries which makes it obvious.
I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
It comes under the CFAA.- http://www.law.cornell.edu/usc...
"knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;"
a DoS is transmitting information at some point.
Damage is broadly defined: "the term “damage” means any impairment to the integrity or availability of data, a program, a system, or information"
Protected computer is broadly defined to include: "which is used in or affecting interstate or foreign commerce or communication"
"without authorization" might be an issue, but I can't see courts not deciding that the DoS wasn't authorized even if one a "public" channel is being used (say slamming the authentication servers).
GP knows what he's talking about - he was already stoned when he wrote that.
Either humanity has gotten way stupider, or this is a PsyOp to help get public backing for new and restrictive legislation?
If I'd said 10 years ago there would be hacker collectives bringing down corporate information services then selling the hacks and software for money I'd have said there's no way.... wait, I'd of probably said that sound reasonable. Things will get much worse. Does anyone have a suggestion about how organizations can prevent these attacks? Bruce Schneier, where are you?
where was this claim LAST YEAR when the same little shits did the same thing to several online games?
As regards to a solution, you can't really defend against a DDoS.
Incorrect, we defend ourselves all the time. It takes manpower to do this, but it's absolutely possible. Sure, not many companies want to invest in the manpower and expertise required, but that is not the same thing as what you said. If you are lazy or the attack is too big, there are companies that will block the DDoS for you.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
... it's a code name for FBI sting op.
It little behooves the best of us to comment on the rest of us.
The positive side is that hopefully it provides further incentives for companies like Microsoft to work harder to try to mitigate DDoS problems at the source.
Microsoft are in a unique position as their operating system is - it seems - in many cases the base platform for launching these attacks. It'd be great to see a concerted effort along with a company like Google to start actively trying to massively reduce the number of systems that are regularly involved in DDoS attacks.
It's Mechanical Turk. They ask people to logon to Xbox over and over for $.00001 a attempt. It's the Mechanical Turk, so they never pay, but that doesn't stop the dupes from signing up.
US law applies only in the US. If these people live in West Banana Island then nobody can arrest them.
In soviet russia the government regulates the companies.
Moriarty: How hard do you find it? Having to say, "I don't know."?
Sherlock: I don't know.
Moriarty: Oh that's clever. That's very clever. Awfully clever. Speaking of clever, have you told your little friends yet?
Sherlock: Told them what?
Moriarty: Why I broke into all those places and never took anything.
Sherlock: No.
Moriarty: But you understand.
Sherlock: Obviously.
Moriarty: Off you go then.
Sherlock: You want me to tell you what you already know.
Moriarty: No, I want you to prove that you know it.
Sherlock: You didn't take anything because you don't need to.
Moriarty: Good.
Sherlock: You'll never need to take anything ever again.
Moriarty: Very good. Because...
Sherlock: Because nothing—nothing in the Bank of England, the Tower of London or Pentonville Prison could possibly match the value of the key that could get you in to all three.
Moriarty: I can open any door anywhere with a few tiny lines of computer code. No such thing as a private bank account now, they're all mine. No such thing as secrecy. I own secrecy. Nuclear codes. I could blow up NATO in alphabetical order. In a world of locked rooms, the man with the key is king, and honey, you should see me in a crown.
Sherlock: You were advertising all the way through the trial. You were showing the world what you can do.
Moriarty: And you were helping. Big client list. Rogue governments. Intelligence communities. Terror cells. They all want me. Suddenly, I'm Mr. Sex.
Sherlock: You could break any bank. What do you care about the highest bidder?
Moriarty: I don't. I just like to watch them all competing. "Daddy loves me the best!". Aren't ordinary people adorable? Well you know. You've got John. I should get myself a live-in one.
If they live in any first world country what they are doing is illegal. If they live in a country where it is not illegal that is what drones are for.
I am not saying we should use drones. It is definitely not ethical but it is a inevitable outcome. If you do a great deal of damage to powerful people and then try to avoid any punishment they will use other methods to get back at you.
I also doubt that any country is going to keep these people from the USA. The other first world countries won't and the third world countries cant.
Computer modeling for biotech drug manufacturing is HARD!
Sure, which is irrelevant given "fine congress critters" is something I've only ever seen in reference to the US.
>US law applies only in the US.
Mod Funny
Correction: an FBI agent with some Bitcoins.
... all the compromised boxes to set up this DDoS network run MS software, and that is licensed, so you CANNOT sell what you don't own when you own it, even if you didn't own it when you owned it.
Or from Kim?
"Here in the UK there is the Computer Misuse Act" So why did Gordon Brown recommend and Tony Bliar give Bill Gates an honorary knighthood? Where's the law there?
You can't block a DDOS at your doorstep; it has to be blocked on the Internet backbone itself.
Support my political activism on Patreon.
Agreed that "gamers" waste their lives on pursuits that gain them zero + take their money ontop of it.
> Every single one of those is a count of unauthorised use of a computer system.
You're implying that these people aren't voluntarily allowing their computers to be utilized.
LOIC, anyone?
As written your point is complete nonsense. My point was not defending your Comcast@home account from a DDoS, it was about protecting a business from DDoS. I work at an ISP and we defend ourselves just about every day from various DDoS attacks. We have had to bring in additional bandwidth at times to cope with massive attacks, but the majority we handle in house with a strong staff and good setup (multiple access points, and layering for entry points).
If your point was correct as written, companies like Verisign that can alleviate a DDoS attack for you would not exist. Low and behold, they do!
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
I've noticed that in the leadup to these attacks somebody going by Lizardpatrol1 had just been running around vandalizing Wikipedia. I think they're just cashing in on the instability of simultaneous new consoles being attached to sell the vapor product.
For those who seek perfection there can be no rest on this side of the grave.
You can't block a DDOS at your doorstep; it has to be blocked on the Internet backbone itself.
If the bottleneck is your border router, sure. For many services, I would imagine that the bottleneck hit by a DDoS attack is in the processing, which should be easily mitigated by blocking requests at the border router.
If their BBC interview is any indication, provide these guys/gals with your credentials and they'll gladly pass it along to the next set of bandits (GoP)... except, since this is a new service, they'll also take your money AND they'll gladly take down your organization.
It's merely a sucker's bet.
If you work for an ISP, you should be fired because you're an idiot. When bits haven been delivered to you, it doesn't matter what you do with them, because they still took some of your available bandwidth when they were delivered. If several hundred gigabits per second of bits are delivered to you, you are fucked...unless you are a tier 1 or 2 ISP or you are a DDoS mitigation service provider. Sure, you can block or filter the traffic, but it still took bandwidth. Sure, you can advertise blocks with pre-negotiated comm/ext comm values to upstream providers to auto-null the traffic before it's handed off...but do that for millions of IPs across dozens of providers and you've effectivitely taken yourself down. There is not an effective way to block a DDoS when an attacker is using a giant botnet composed of otherwise legitimate user machines. There's never enough bandwidth and even if a residential ISP has implemented uRPF on all customer handwidths, the IPs aren't spoofed because the attacker doesn't need them to be.
As long as you define "getting more bandwidth" as "defending against DDOS," I suppose your statement is true.
I work at a broadcast company. I have worked for the Government. I have worked for a Government contractor.
In all of these cases, Verizon or Comcast or Qwest run a cable to your site. You plug in your router, your firewall, demarc equipment. A packet sent to your network comes to that before you can do anything; you can't get on the backbone of the Internet and block it.
For businesses who do not control the Internet backbone, 1000Mbit/s coming down their 1Gbit/s pipe means they can no longer receive client requests. If they block traffic coming from DDoS sources (static or dynamic detection, but assume correctly blocking only DDoS packets--impossible best case), they will still have traffic coming to their firewall, being evaluated, and being dropped. There won't be room for traffic to come from other sources: a site receiving 5000 connections per second at 20k/s per connection requires 100Mbit/s, but has more than that in DDoS packets trying to force it's way down the pipe, and so will receive few legitimate packets. The packets it does receive will be delayed (this is why you receive few legitimate packets: they start queueing, infinitely, and then get dropped off the end).
To stop this, you must have some upstream router (controlled by your ISP) block those packets before they propagate down your link. For DDoS from infected computers, this means your ISP must be able to reliably detect DDoS packets and differentiate them from normal traffic. If you have an on-going short list (50, 100 nodes), you may be able to provide a temporary NULL route. More than likely, you will have one particular server under attack, with a specific public IP, and so will have to have your ISP NULL route YOUR server (take it down entirely) so that your OTHER services stay up.
Our DDoS attacks on our CDN are allieviated automatically by NULL-routing our servers: the server's IP address is sent to the upstream ISP, which drops all packets going to that server. That server has its cable cut from the Internet for a few hours, and becomes non-functional; attacking another server would result in the same, until there is nothing left of our network. Blocking by firewall on the network not only fails to allieviate the problem, but also causes the DDOS traffic to affect all other servers connected to the Internet from that link.
Support my political activism on Patreon.
The bottleneck is the 1Gbit link that's carrying 1Gbit of DDoS traffic to your border router, which is evaluating it and dropping it all. Dropping that traffic doesn't free up additional bandwidth to carry legitimate traffic; you'd have to block the traffic further upstream.
Support my political activism on Patreon.
It's too bad they used XBOX LIVE and PSN as the target. So people who spent their own money on something that required internet access were told "It's only a game, relax, go outside". If they really wanted to impact "real people", they'd have attacked Netflix. There's a lot of blaming the victim in this thing. You paid too much for your toy! That's what you get for trying to play games!! It's your fault for buying something that requires internet access! Bottom line is people paid for something. The company was otherwise able to provide the service. A third party stepped in and blocked that.
Cough Ahem sorry about that, seem to have had a tickle in my throat....
The hackers would cash in, order their bots to do the job they were hired to do and go on with their lives. DDoSes are not done from the attacker's computer; he controls many machines, usually without the owner's knowledge. If caught, Sony would be in a heap of trouble explaining why they hired hackers to attack military targets.
> The hackers would cash in, order their bots to do the job they were hired to do and go on with their lives.
and then they would likely find their botnet being rapidly dismantled, and identified as a threat since they obviously can't keep their activities in the civilian world. Not too many really want state security apparatus, who have little sense of humor and no qualms about working overtime, actually looking to identify them.
> If caught, Sony would be in a heap of trouble explaining why they hired hackers to attack military targets.
If caught they would also likely re-attract the ire of the service owners too. However, thats why I said pay someone else to hire them, their part in the fiasco could be quite small I would assume they should be in a good position to keep their own part hidden.
Shit, pay someone in China to do it and I doubt anyone will look past the persons country of origin since "chineese hacker" is good enough for all they care a press release.
"I opened my eyes, and everything went dark again"
I can appreciate the skill behind a clever, intelligent hack, but DDOS is just lame squared.
For ruining Christmas for so many kids, I hope those skript kiddie fuckers get caught and have their whole lives ruined.
... the free market!
Hail Eris
I also worked at numerous companies, and I can tell you that at exactly 0 companies have we had a _single_ access point to the Internet. At the DOD we ran no less than 3 vendors at every site with access, and in commercial work I have seen not less than 2. At an ISP we obviously have more than the average commercial company.
If a Level3 line is getting hit with a DDoS you reroute traffic to the AT&T line, etc.. etc... and obviously you start blocking protocols, networks, etc.. when transitioning routes. If all lines in the same data center get hit you start moving traffic to different data centers.
This is not an uncommon thing to do even when a DDoS is not an issue. I can't tell you how many times we have had fiber cuts from one vendor impact traffic, so we have to reroute traffic to a different carrier.. In some ways, dealing with a DDoS is the same thing as practicing high availability.
As to the renting additional bandwidth, we have used the Verisign service for cleaning some traffic because the DDoS far exceeded anything we could do on our own (and we have a shit ton of bandwidth). This was done once in the last 2 years, and we only needed the service for a day even though the DDoS ran for about a week.
The way you portray it, a company can only have 1 vendor and 1 access point to the internet. Your assertion is false, as is your assertion that you can't defend against a DDoS. Not paying for it is not the same as it being impossible, it does take planning and investment. Nope, nothing is perfect as my Verisign example above should clearly demonstrate.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
I think the largest DDOS was around 600gb/s, which is about $36k/month of bandwidth from your local IX.
1) Buy up terabits of bandwidth around the world at prices as low as $0.06/mbit at an IX
2) Filter data at the edge
3) Forward filtered data back to your non-general-Internet-routable datacenter.
You just need to move your edge to where bandwidth is plentiful and cheap and do all of your filtering there.
If a Level3 line is getting hit with a DDoS you reroute traffic to the AT&T line
72.133.15.2, which is on your assigned 72.133.15.0/24 block, is being hit by gigabits of traffic per second. That means everything else on the 72.133.15.0/24 block is affected.
To reroute, you have to call your ISP and failover your incoming route. It comes off the Level 3 line, and onto your AT&T line.
Now your AT&T line is being hit by gigabits of traffic per second, as the traffic is still going to 72.133.15.2, which is routed to the 72.133.15.0/24 subnet.
I'm not talking about fiber traffic; I'm talking about ROUTING A TON OF TRAFFIC TO AN IP ADDRESS. When you move the line that the IP address is on, ALL THE TRAFFIC GOES TO THE NEW LINE. IP addresses are routed to by subnets, which means THE WHOLE SUBNET FOLLOWS THE ROUTE CHANGE, and so the traffic and all affected addresses follow the route change. Your Web, E-mail, FTP, and VPN servers are all affected by this DDOS? Well, when you swap over to your AT&T line, your Web, E-mail, FTP, and VPN servers all go there, and so does the DDOS traffic!
You can change lines when somebody physically digs up and cuts a fiber line. That works. It works when Verizon fucks up and Qwest is working. When bombs are being brought down Green street to your house, blocking off Green street and making the bombers carry them down Violet street to THE SAME HOUSE doesn't stop your house from getting blown up.
Support my political activism on Patreon.
It's a very good implication. Yours is the strained implication.
Way up in the mountains in a small little town,
The Main Street was being decorated all up and down.
People stood in long lines, sometimes waiting hours or more,
Because Christmas needs to be bought in a store.
But out in the forest, not too far away...
Writing in all caps does not make you correct, so try normal dialogue. Following the normal Socratic method lets simplify this down to a question.
If you have a mail server on the Internet and your line is from Level3 what do you do if your line gets cut? Say fuck it, it'll be back in a few days time or do you have a second line that you can move some DNS entries and reroute all the traffic. (Routing is obviously not just the 'route' command).
In nearly all cases you need a second access point. Sure, you have to do some work to get access back, but you are not incapable of working around a cut line. Most importantly, you don't want to wait until after the fact to have this ready.
A DDoS attack is similar, except that you need to figure out what the target is so that you can start rerouting everything else and filter unwanted content (or non-critical content). Not hosting your own DNS is a cost issue, not an impossible task. Not having multiple access points is similarly a cost issue and not an impossible task. If our Level3 access route gets DDoS'd, we start routing everything over to AT&T or Qwest, or Sprint, or what ever carrier we need to use. We have numerous networks and DNS in numerous networks for just this reason. DDoS our 72.100.1.1 DNS server and our 33.122.1.1 server will still answer. DDoS a host and we change the route to that host with a lot of filtering in between (the latter being a route command issue). Clients generally don't use the IP address, they use the host name for access.
Again, you are trying to claim that you must hedge all of your bets on a single access point which is absolutely false. If your company has everything on a single network that is a financial decision. We have numerous class Cs so that we don't have a dependency on a single network. You are choosing (or your company has chosen) not to pay for things.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
1. The IPs they used for the DDoS are almost certainly known now.
2. There are several groups (Sony, FBI, probably Microsoft, some infosec companies) who want to see the botnet dismantled.
3. As each host is remediated or blocked (ISP walled garden), said botnet shrinks.
Unless these guys have some zero-days and malware kits up their sleeves, their DDoS capabilities will not be around for long.
You are correct, if the DDoS relies on raw bandwidth.
Some DDoS attacks work closer to layer 7. E.g. ask the webserver to do something complicated and slow, maybe something that requires a bunch of database queries.
That kind of DDoS relies on asymmetry. .. The response is much more expensive than the request.
AFAIK nobody has said how the Christmas DDoS attacks worked.
It's like a weapon manufacturer makes bombs and they demonstrate their products by bombing a small country.
NICE!
Next in marketing plan: hire a SEO company to optimize web page.
Writing in all caps does not make you correct,
The bold and emphasis tags haven't worked for me in 4 years.
If you have a mail server on the Internet and your line is from Level3 what do you do if your line gets cut?
A line getting cut is not a DDOS. A DDOS is when you open a web browser, go to the page, and hit REFRESH 40 times a second. On 80,000 computers. At the same time. For 2 hours.
A DDoS attack is similar, except that you need to figure out what the target is so that you can start rerouting everything else and filter unwanted content (or non-critical content)
Wrong. DDOS you black hole the server: you shut it off by having the backbone of the Internet route your shit elsewhere. That means your upstream ISP has to insert a static route into their routers--their equipment, not yours.
Not hosting your own DNS is a cost issue, not an impossible task.
You don't fix DDOS by DNS. www.Slashdot.org here is 216.34.181.48, and the plain slashdot.org is .45; if I fire a DDOS at either of those IP addresses, they both go down (it's the same subnet, thus routed to the same link). If you change the slashdot.org DNS, the packets keep coming down that link anyway.
If our Level3 access route gets DDoS'd, we start routing everything over to AT&T or Qwest, or Sprint, or what ever carrier we need to use.
If you fail over the link from Verizon to Comcast, the packets start coming down Comcast immediately. Think about it: when you fail over the link, you are rerouting packets going to those addresses. Well, DDoS packets are going to those addresses. They're not addressed to a link (they can't be), but to an IP address. They flood your active line, always; you can't prevent that.
Clients generally don't use the IP address, they use the host name for access.
Clients generally cache the IP address for a little bit; but that's irrelevant. A DDoS attack, in particular, is ineffective if you run a DNS look-up between each packet: there would be a wide delay between packets (it takes anywhere from 20 to 500mS to run a DNS look-up; meanwhile, you're trying to send over 2000 packets per second from one node, i.e. one per 1/2 mS). Instead, you pull the IP at the beginning of the attack, and then you start shoving packets at that IP. 800 trillion packets to 216.34.181.45, one DNS look-up.
Again, you are trying to claim that you must hedge all of your bets on a single access point which is absolutely false.
I'm claiming that packets going to a route will affect all routes on that link; and that failing over that link to a different link will route all packets going to that route to the new link. If you are attacking a node on that route, failing over the link will move the attack to the new link. You can't block the attack downstream; it has to be blocked upstream, because the attack is flooding the link, and your firewall or router receives packets *after* they've traversed the link you're trying to defend. Only your upstream ISP can respond to a DDoS in any effective way.
The only "financial decision" you can make regarding this is the decision to buy a different physical line to your building for each individual public service you run. Possibly multiple physical lines for a service, e.g. two lines for a HA web cluster. That means you would pay $500/mo for Verizon 250Mbit/s to your Web server, $500/mo for another Verizon 250Mbit/s line run over a separate cable to your second Web server, $500/mo more for another 250Mbit/s fiber line run to your e-mail server, etc.
You clearly have no idea what you're talking about. This became clear the moment you started treating packet attacks like infrastructure attacks. "Oh, if they cut the link, I'll just use another link." Yeah, no. This isn't that somebody bombed the road to the bunker, so you take a different road; people are dropping bombs on YOU, and whatever road you drive down will have bombs dropped all over it trying to hit your Jeep.
Support my political activism on Patreon.
A line getting cut is not a DDOS. A DDOS is when you open a web browser, go to the page, and hit REFRESH 40 times a second. On 80,000 computers. At the same time. For 2 hours.
No, it's not the same but the reaction a company should have is similar because the result of the attack is almost exactly the same. Notice that you completely ignore the question and go off on a tangent back to your same "I only have 1 IP for access" bullshit answer. Sorry, but at this point there is no other explanation for your position. You ignore logic and reason and continue with faulty logic based on an invalid premise.
If you fail over the link from Verizon to Comcast, the packets start coming down Comcast immediately.
The only way this would be true is if I had the same IP space on the two carriers, and we don't. In fact the amount of work to move IPs between carriers means that nobody does. You have obviously never tried to do something like this, or you are forgetting all of the requirements to do so.
Clients generally cache the IP address for a little bit; but that's irrelevant. A DDoS attack, in particular, is ineffective if you run a DNS look-up between each packet: there would be a wide delay between packets (it takes anywhere from 20 to 500mS to run a DNS look-up; meanwhile, you're trying to send over 2000 packets per second from one node, i.e. one per 1/2 mS)
Straw man argument, I never said that there was an instant fix to a DDoS. I said there is a defense which takes planning, work, and expertise. This should obviously imply that it also takes time and is not instant.
Given that you can not consider a world without your invalid premise that everything must live on a single static IP address there is no point in continuing the discussion. I will tell you that every company I have worked for including the DOD has had similar mechanisms for defending against DDoS attacks. No service should ever be bound to a single interface and be called Highly Available. Ever! This means that even if an IP gets blasted for a week the server can remain functional and clients remain functional. Service degradation depends on where you can dump off traffic, and hopefully you are losing it at least a layer before the server (preferably 2 or more). And no, there is no restriction to having just 2 networks either. You can have as many as you want to justify.
If you continue to argue with your invalid premise regarding a single static IP address I can only assume you are a troll. Otherwise, if you can answer the question I proposed regarding a line failure and come to a single carrier solution which is HA I will concede to your amazing wisdom. You can't, so I'm not going to hold my breath.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
If Microsoft wants to hire some mercenaries to deal with these dicks in a permanent fashion, I won't complain. The fact that Sony doesn't have actual ninjas on staff is a constant source of disappointment, but easily fixed.
It depends where they are based. There are plenty of nations where even if it is technically illegal, law enforcement either doesn't care, has been bought off, or are actually responsible - such as North Korea, China, Russia, Syria, etc.
No, it's not the same but the reaction a company should have is similar because the result of the attack is almost exactly the same.
Choking on a hotdog is almost exactly the same as an angry biker wrapping a half-inch steel chain around your neck and choking you to death. The reaction should be similar.
The only way this would be true is if I had the same IP space on the two carriers, and we don't. In fact the amount of work to move IPs between carriers means that nobody does.
Uh. When our /23 fails on Verizon, Comcast takes up the link. We even have multi-path, so we can send out stuff from the same IP on Comcast OR Verizon at any time; return packets always route down whichever link is active. We have exactly one /23 address space.
Last month, Comcast managed to lose a fiber line. That line was rerouted through our Comcast link. Packets routed to the same IP addresses came down it.
Notice that you completely ignore the question and go off on a tangent back to your same "I only have 1 IP for access" bullshit answer.
We have 510 IP addresses for access. They're on a /23 routed subnet. DDoS any one of those and the rest go down. Do you know why that happens? It has to do with how routing works: a routed subnet, at its last leg, goes across one link (one cable or multiple cables bound together as one link). When you send anything to that subnet, it eventually hits that link. If you flood that link, the whole subnet is blocked off.
Straw man argument, I never said that there was an instant fix to a DDoS.
You started talking about DNS, remember?
Clients generally don't use the IP address, they use the host name for access.
This is saying, "Oh, you just go change the DNS entry for the host under attack, and the packets go nowhere." Yeah, no. DDoS attacks generally don't use the host name; they use the IP address for access.
Given that you can not consider a world without your invalid premise that everything must live on a single static IP address
My premise is that routing works the way it does in the real world, and that attacking a single IP address in a subnet takes down the whole subnet. That's how it works. My premise is also that changing the link used to route your subnet (e.g. from Verizon to Comcast) will bring all traffic--including attack traffic. You function in this imaginary world where you just switch over all your services and somehow evade shitloads of legitimate-like traffic behaving exactly like legitimate traffic, without taking out your legitimate traffic as well; that doesn't work.
I handle these things in the real world. I've handled 14 DDoS attacks this year. I know how our links are built, I know how our links fail over, I know how routing works from routing protocols right down to the way frames are forwarded across the wire. I know, physically, how DDoS attacks work--what links are lighting up, how the packets are formed, and how the routers decide where to forward them. I know how they comingle with legitimate traffic, and how they crowd it out.
I know god damn everything.
You're floundering around with inspecific and blatantly wrong comments. You don't even understand what DNS does, what it's for, or how IP and hostnames work--otherwise you wouldn't yammer on about how clients access by hostname and not IP. You don't seem to understand how useless DDoS against a DNS server is, either (since every client uses their ISP's local DNS server, which has your server's data cached anyway).
Seriously, what kinds of systems do you architect? Because they're obviously not network systems. Do you mean "System Engineer" as in "guy who builds Web servers"?
Otherwise, if you can answer the question I proposed regarding a
Support my political activism on Patreon.
Choking on a hotdog is almost exactly the same as an angry biker wrapping a half-inch steel chain around your neck and choking you to death. The reaction should be similar.
Yawn, reductio ad absurdum is extremely unimpressive.
We have 510 IP addresses for access. They're on a /23 routed subnet.
Really now? How can that be possible when nobody else can function without a broadcast address at a minimum. Or is this just an appeal to emotion trying to demonstrate that you are intelligent? I vote for the latter, and reject it as irrational just like your single point of failure argument.
This is saying, "Oh, you just go change the DNS entry for the host under attack, and the packets go nowhere." Yeah, no. DDoS attacks generally don't use the host name; they use the IP address for access".
You attempted to first claim that a client would have a delay in connecting so HA was impossible. I rejected that as a straw man, so your defense is to then falsely claim I don't know what DNS is for (while you ignore one of many features). In your world it seems impossible for 2 or more addresses to exist on a single host, and for a CNAME point to one of these addresses. The only option is a single interface on a single host, and everything is hard coded all the time. Further, you can not have multiple networks, you must only live on a single network. If I didn't think you believed it I would laugh out loud.
My premise is that routing works the way it does in the real world, and that attacking a single IP address in a subnet takes down the whole subnet
Then you are a flipping dolt that should really learn the benefits of having multiple networks and interfaces. If any of the hosts on one network gets attacked I shift my primary connections to their second interfaces on a completely different network. These are not insurmountable challenges, at all. Stop attempting to claim that your only option is a single network. If _you_ have a single /23 then shame on you, try purchasing multiple smaller networks with different carriers.
This is the icing on the cake..
I handle these things in the real world. I've handled 14 DDoS attacks this year. I know how our links are built, I know how our links fail over,
You said that handling attacks was impossible, so by your own terms you can not be telling the truth. You are either lying here, or lying on your original premise. Your imaginary scenario of having a single access point is still wrong, You still can't answer the question regarding a single point of failure because in your world everything is a single point of failure. You are simply a troll, and not a very good one.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Simple... Get rid of psn/Xbox live sign in. Or, at least allow users to play the games if said services are unavailable.
No need for expensive anti-ddos or whatever.
Sony/MS take your money and want control but can't maintain control in these situations.
Without these single points of failure, this issue would not have happened
Yawn, reductio ad absurdum is extremely unimpressive.
It was a blunt analogy; considering a DDOS similar to a fiber line cut is patently absurd. One of them is an infrastructure problem, such as the dry rotting of a support timber; the other is an adversarial problem, such as a mob stationed outside your house with siege engines (you know, catapults, ballistas, gunpowder barrels).
Really now? How can that be possible when nobody else can function without a broadcast address at a minimum.
The broadcast address is the highest address in a subnet. For 200.100.100.0/24, the broadcast address would be 200.100.100.255. Maybe you should learn about networking.
You attempted to first claim that a client would have a delay in connecting so HA was impossible.
Yes, I covered all considerations, rather than just one.
In your world it seems impossible for 2 or more addresses to exist on a single host, and for a CNAME point to one of these addresses.
First off, it doesn't help. Second, your claims included that I can't migrate a subnet between providers. Third, I've repeatedly pointed out that having an attack come to any address on the subnet clogs that entire subnet.
I haven't claimed that you can't have 2 or more addresses on a single host, or point a CNAME to either. I claimed that it doesn't help. I have covered that: 1) when I fail over the subnet to a different line, the DDoS will follow it; 2) DNS takes time to propagate, and so changing DNS isn't a solution in any case; 3) if I change the IP address to a different subnet, the C&C can detect the change and instruct the botnet to retarget to the new IP address. I've done this many times.
You said that handling attacks was impossible
You assert that a host can magically filter DDoS and keep legit traffic by some mechanism. I assert that the way to handle the DDoS is to have the target IP NULL routed, which takes the host entirely off the network. You cannot defend against DDoS: you can only withdraw the target and concede.
Your imaginary scenario of having a single access point is still wrong
I'm working, again, in a multiple access point scenario. You claim that scenario is impossible: you claim I can't fail-over subnets to alternate providers--a task that takes about 1 minute. Fail-over works by our primary provider ceasing to hold ownership of the subnet, while the secondary provider advertises the route. This causes a propagation of routing table updates over the Internet backbone, which makes packets addressed to our subnet follow the path to our new link. It's not even a phone call; we have online UIs at each provider to make them assume ownership of the route.
You did make the claim that this simple routing update is so ungodly complex that nobody does it, anywhere, ever.
Support my political activism on Patreon.