Well, on most games servers, you are able to block users from using over a certain amount of connectivity/only connect a certain amount of times. Ddos, however, is much harder to stop than just a dos. This is because they use vast bonets not originating from a specific location.
To those defending the firewall idea:
Why would an end point firewall help if hundreds of COD servers are sending packages? Yes, the packages will be rejected, but they have to arrive first in order to be rejected. A firewall can't stop messages that haven't arrived to the machine's network card yet.
The COD DDoS as a bandwidth flood. It doesn't matter if the COD4 packages are read and interpreted by the end machine. The only thing that matters is that all those packages are going over the line, eating up all bandwidth.
That is what people in here mean with line saturation. it's the network cables and the end point routers closest to the server that are being flooded, not the server itself. This is why you often hear that several servers go offline in an attack.
- the COD servers send data to those who don't need it
- they are aware of the exploit
- it can be easily fixed (by using an acknowledge system. It will take one Round Trip Time longer to get server info though)
- they refuse to fix it
- Companies have been successfully sued in similar cases (there was some Spanish company that sued game studios for similar reasons I believe)
As far I know leaving smurf amplifiers open even after notification is a good case for a lawsuit yes.
Ive been undergoing a DDoS attack from devnull for like the past two days, I have a private firewall and IPS on my boxes and they don't experience downtime from the attack, we are only getting hit with like 200 - 250 mbits max. The only issue is it running up our bandwidth, not it giving us downtime.
Its really starting to piss my DC off.
Apologies if I'm not understanding this right, but couldn't someone write something that checks all the CoD servers, then adds them to a blocklist, it runs say, once a day since people add/remove servers often? That would take care of the majority of it, unless there's something I'm missing, again I'm not 100% sure on how the whole thing operates so apologies if this is dumb. Although this doesn't cater for what FPtje said about;
It's quite scary how there's not really a solution to it.
I'm also happy that I'm entirely wrong except for the only point I made.
Regardless, Revenge's post stands true that it doesn't matter, because in many of these attacks your internet connection isn't made to handle that amount of data, and simply doesn't, even before it reaches the server.
I was once DDoSed, I called my provider to ask them if they could do anything. They acknowledged: "Well it LOOKS like you're getting a lot of inbound traffic!". I said "I know that, I'm being DDoSed, can you do anthing about it?".
They replied with "Have you tried restarting your computer/router?". It pissed me the fuck off.
But yeah in theory the ISP's can both detect and kill DDoS attacks at network level. Why? Because they own and control the routers that lead to your house/datacenter, and they are able to drop the packages as soon as they pass one of their routers. Killing the attack before it even reaches your house/datacenter.
As things stand now it's not much of an issue to Activision and everyone's ISPs/hosting. Now if there was a class-action law suit with a good platform, which from the looks of things there already is when everyone has their terminology correct, there is a serious chance that Activision would make an easy fix.
Look at it this way, they either make an easy fix that takes a short amount of time to complete, or they get into legal issues with a group of people who they either need to pay off or pay for layers to fight. Put in that situation they're going to lose some amount of money no matter what. Compared to how much they already have it could be a negligible loss, but they can only fight it for so long before they have to fix it or win the case.
Then your problem is finding and organizing people to take part in the whole thing, which is the hard part.
You won't have a court case, there isn't a single court in the world which would care short of suing stan for damages over the services he runs.
No one maintains any of the games being used in these attacks, there really aren't any developers who work on these games. If you want them fixed your best bet is to start abusing the fuck out of them against anything related to the people who are responsible for the development of the game. It's a rather sad reality but most of the time you have to get your hands a little dirtier than most people are comfortable these days. No one gives a single fuck about a problem unless it becomes their own, developers have no pride in the programs they work on anymore.
The worst part is that these meaningless gameserver DRDoS attacks aren't anything compared to what is in store if these rather worthless exploits are patched. Stan never sold his good shit until he had something better. Even if all the gameserver refection attacks were to be fixed that still leaves the much more powerful DNS based attacks which will never be fixed thanks to how the internet works.
The only thing which can stop a DoS attack is the attacker themself. If no desired outcome of an action is provided there won't be a desire to do the action. If the attacks don't work, they don't happen.
The could possible be a performance increase or something by comparing length instead of matching hex or strings but I never noticed one which was justifiable. It is rather stupid for him to be suggesting people to use rules which they would have very little knowledge of what they do as they will only cause more problems than they would most likely fix.
I didn't know srcds had such exploits. But if that's the case, would you even have to distribute your DoS to take down srcds if you use the exploits?
An average booter hosted by a single server on at least 100mbps used to be plenty to take down SRCDS, I personally had a intense whitelist based IPTables ruleset on my dedicated servers for the last year at least so I'm not sure what attacks still work short of line saturation..
The Garry's Mod community seems to have a huge issue with DoS attacks, someone once brought to my attention that many gameservers for other games are ran on bottom dollar servers that could even be on 10mbps lines. 1gbps being required for a single small community is something which is absolutely unique to us.
However, I'd like to think that the stakes are higher and the money is more lucrative as if you play your cards right it's simple to make more than a full time job at minimum wage in certain situations off "donations". The people who develop things for Garry's Mod are also significantly more intelligent than lets say the plugin developers for Minecraft or the developers of almost every single sourcemod.
This brings just as many intelligent people who see an opportunity to make fucking bank off of little kids which throw their parent's money/credit cards around like they do their in-game monies. Places like GangwarsRP who have no self respect and let people simply pay2win only add to this by inviting the further devaluation of real money in a game.
Microtransactions don't help either as many games these days are enabling players to dump hundreds or even thousands of dollars into games. When people get this far in with hundreds and thousands of hours played people won't look at that $100 program which lets them ruin it all for anyone who wronged them as "overpriced" at all.
I'm not all that pessimistic, it's just that things are starting to shift into something completely new that hasn't fully taken place yet. Things definitely aren't the same as they were back in 07 and I just don't think many people are bringing us in a better direction.
I agree that taking down the CoD4 exploit might make stan simply move over to DNS Amplification based attacks, and eventually make the attacks DevNull can do several times stronger as a revenge. The best option we have now is to get rid of stan himself from the internet scene, and not the exploit he's using because there are still a dozen other exploits out there that he can switch over to.
The only positive thing about DNS Amplification attacks is that they are relatively easier to block at ISP level because all attacks will always come from port 53 and you can just block all incoming traffic coming from port 53 except your own set of name servers.
I agree slayer, those rules are exactly the best, they do have a few valid rules in there... and any bit to help mitigate skiddys DoSing your servers for the hell of it helps.
There's a fix for CoD4 servers that prevent your server for being used in a DDoS attack, but I think it's for linux servers only. How about we multitask, if Activision isn't fixing it soon why don't we get CoD4 servers owners to fix it? After that we can go for the other master servers that DevNull is using, like Enemy Territory and so on.
I don't know why CoD4 doesn't put a limit on how frequent you can refresh the master server.
looks like he's already addressed the issue, from the looks of thing this drdos is causing CoD4 servers to go down
lpatch can be run from any OS, maybe whoever has the initiative to contact all these owners can zip together a batch file that does (most of) any work that may be needed
CoD4 server owners won't give a single fuck about you anyways, most of them probably aren't even contactable.