DDOS on Realmpt

[rptps 1]

"It has become evident that the reason for the downtime is that our servers are being DDoS attacked. This mean that someone (using a 'botnet') is intentionally 'overloading' our server so it becomes inaccessible for others. Usually it costs money or resources to initiate this, someone must've found it worthwhile to target our game server. We're still waiting for it to pass on."

LOL

[Quant 0]

I think some people wants to DDOS, just because they want to hunt boss morif haha

 

I'm happy to say, I'm off work soon, hopefully can hunt some sheltoms after work 8) 8)

[AC/DC 0]

They do that because they want to fuck up the server. Jealous people~

[Shade 5]

how long do they lasts? and can it b traced?

[RebornAgainz 0]

lol.  They can last for a while.

 

"It has become evident that the reason for the downtime is that our servers are being DDoS attacked. This mean that someone (using a 'botnet') is intentionally 'overloading' our server so it becomes inaccessible for others. Usually it costs money or resources to initiate this, someone must've found it worthwhile to target our game server. We're still waiting for it to pass on."

LOL

 

Gotta love it lmfao.  "Someone mustve found it worthwhile"  Even at the worst of times, sarcasm brings a smile to my face ;]

[Crius 0]

Protection against DDoS attacks is not easy. There are protection/response software, but it's not all that common and I'm guessing this is a bit too small-scale for having it. Probably, the only way to do anything about it is to find out where the attacks are coming from (which could be any number of computers) and blacklist them. This can be done if there is a manageable number of attackers and connections require handshakes, but it's quite a bit of work. If the connections are stateless, you're screwed either way since IPs can be faked, and if there are too many attackers, the denied requests themselves may drain available resources enough for the attack to work. Otherwise, there's not really much that you can do on the receiving end short of notifying the ISP and have them deal with it.

 

As for catching whoever is behind it? Well, I wouldn't hold my breath. If you have the skills to perform a DDoS attack, you probably also have the skills to ensure at least plausible deniability.

[RebornAgainz 0]

Protection against DDoS attacks is not easy. There are protection/response software, but it's not all that common and I'm guessing this is a bit too small-scale for having it. Probably, the only way to do anything about it is to find out where the attacks are coming from (which could be any number of computers) and blacklist them. This can be done if there is a manageable number of attackers and connections require handshakes, but it's quite a bit of work. If the connections are stateless, you're screwed either way since IPs can be faked, and if there are too many attackers, the denied requests themselves may drain available resources enough for the attack to work. Otherwise, there's not really much that you can do on the receiving end short of notifying the ISP and have them deal with it.

 

As for catching whoever is behind it? Well, I wouldn't hold my breath. If you have the skills to perform a DDoS attack, you probably also have the skills to ensure at least plausible deniability.

 

Well put man.  Well put.

[rptps 1]

Protection against DDoS attacks is not easy. There are protection/response software, but it's not all that common and I'm guessing this is a bit too small-scale for having it. Probably, the only way to do anything about it is to find out where the attacks are coming from (which could be any number of computers) and blacklist them. This can be done if there is a manageable number of attackers and connections require handshakes, but it's quite a bit of work. If the connections are stateless, you're screwed either way since IPs can be faked, and if there are too many attackers, the denied requests themselves may drain available resources enough for the attack to work. Otherwise, there's not really much that you can do on the receiving end short of notifying the ISP and have them deal with it.

 

As for catching whoever is behind it? Well, I wouldn't hold my breath. If you have the skills to perform a DDoS attack, you probably also have the skills to ensure at least plausible deniability.

botnet means anything to u? 

Trace back ?? i dont think they can.

Just want this thing to be over so I can play again.

 

[Crius 0]

botnet means anything to u? 

Trace back ?? i dont think they can.

Just want this thing to be over so I can play again.

 

Uhm, are you agreeing or disagreeing with what I said? It doesn't particularly make sense either way.

[Divineforce 0]

Protection against DDoS attacks is not easy. There are protection/response software, but it's not all that common and I'm guessing this is a bit too small-scale for having it. Probably, the only way to do anything about it is to find out where the attacks are coming from (which could be any number of computers) and blacklist them. This can be done if there is a manageable number of attackers and connections require handshakes, but it's quite a bit of work. If the connections are stateless, you're screwed either way since IPs can be faked, and if there are too many attackers, the denied requests themselves may drain available resources enough for the attack to work. Otherwise, there's not really much that you can do on the receiving end short of notifying the ISP and have them deal with it.

 

As for catching whoever is behind it? Well, I wouldn't hold my breath. If you have the skills to perform a DDoS attack, you probably also have the skills to ensure at least plausible deniability.

I don't claim to fully understand DDoS attacks, and you probably know more than me, but from what I understand aren't our computers the bots? Wouldn't blacklisting the responsible computers just blacklist all of us?

[Crius 0]

I don't claim to fully understand DDoS attacks, and you probably know more than me, but from what I understand aren't our computers the bots? Wouldn't blacklisting the responsible computers just blacklist all of us?

 

No, at least not necessarily. A DDoS is performed by several computers (or any sort of compatible device really) that have been infected by malware of some sort. This can for example be small virus- or worm-like programs with preconfigured attacks that start automatically, or trojans that lets the attacker control the computer remotely and start/stop attacks at any time. For the attack itself, it doesn't matter which machines are doing it as long as they send traffic to a target server in the way you want to. When you do a DDoS, you want quantity over quality, and you really shouldn't be picky about which machines you infect. It's a lot easier to just throw as much infected malware out there as you can and hope that as much of it sticks as possible, than to try to infect specific computers.

Whatever way it is done, the host becomes an agent, or zombie, or bot or whatever you want to call it, and several of these form a botnet. Usually, this is completely unknown to the people who own and use these machines. Sure, some of the people playing RPT could potentially have an infected computer, but unless the program for the DDoS was somehow included in the game itself or some other software that is common in this community, it is very unlikely that it would be more than a handful. Of course, I suppose it would be possible that the attacker is a member of the community and has managed to infect others by sending them files or whatnot, but it's not particularly likely otherwise. If you're worried, you can check if you're infected yourself by downloading a packet sniffer (winpcap and windump works well if you're on a Windows machine) and see if there's an unusual amount of traffic being sent, specifically to a certain Dutch IP.

 

What a DDoS does is to essentially have the agents send seemingly legitimate requests to the server, but in volumes that the server is not capable of handling. The result is that bandwidth and server resources will be used up to the point of being unable to handle the legitimate requests. The trick to stopping it is to identify which of these requests are legitimate and which are not, then filtering out those that are not. There is software to handle this automatically (I can't readily imagine how though I would assume it performs some sort of anomaly detection, but this is not really my area. Whatever, it's not important), or you can try it manually. However, like I said, it doesn't always work and can require a lot of time.

[AC/DC 0]

Fight fire with fire. Track & attack them!!

[TommyDeal 0]

Hm from what I understand, someone is most likely paying to ddos RPT. And I wouldn't know why someone would do this, unless maybe they had their own private server. Usually rival private servers ddos other private servers(it was like this with another game). If it's not some rival then it's probably a big waste of money, which means we're dealing with someone incredibly stupid.

[lusca 0]

They do that because they want to fuck up the server. Jealous people~

agree

[Crius 0]

It doesn't have to cost money to do a DDoS. Do it yourself and all it it takes is time and skill. People do these things for various reasons, whether economical, idealogical or good ol' fashion revenge. Or just because it's a challenge and for fun, that happens as well. Depending on what you're targeting, you may not really need a lot of resources either. If you want to bring down Google or YouTube or some enormous site like that, you've got work to do since they've got mirrors and redundancies and hardware with ridiculous capacity. But a relatively small-scale place like this? Unless I'm severely underestimating the kind of hardware RPT uses, you really don't need that much raw power to take it down. Your machines don't need to handle requests or maintain connection states like the server does, they just have to pump traffic towards it at a rate high enough to keep it too busy to handle the real requests.

[TommyDeal 0]

It doesn't have to cost money to do a DDoS. Do it yourself and all it it takes is time and skill. People do these things for various reasons, whether economical, idealogical or good ol' fashion revenge. Or just because it's a challenge and for fun, that happens as well. Depending on what you're targeting, you may not really need a lot of resources either. If you want to bring down Google or YouTube or some enormous site like that, you've got work to do since they've got mirrors and redundancies and hardware with ridiculous capacity. But a relatively small-scale place like this? Unless I'm severely underestimating the kind of hardware RPT uses, you really don't need that much raw power to take it down. Your machines don't need to handle requests or maintain connection states like the server does, they just have to pump traffic towards it at a rate high enough to keep it too busy to handle the real requests.

Why do you assume whoever did this has skill?

[Crius 0]

Well, I don't know for certain in this case of course, but performing a successful DDoS attack would require some amount of knowledge and/or skill from someone down the line. If it didn't and could be done by snapping your fingers, they would be a lot more common. There are tools for the script kiddies to use that makes it much easier and certain forms of attacks that are easier than others (reflective attacks comes to mind), but you can't be totally clueless about what you're doing.

[TommyDeal 0]

Well if this is true, then someone has to stop him, or RPT is fucked?

[Geovane 78]

DDoS attack stops alone? i mean, u plan the attack and just let ur computer on? or u have to be in front of the computer all the time?

[Crius 0]

I'm not going to repeat myself, but there are ways that the victim may be able to do something about it, depending on the type of attack that is used. Most of the effective measures are preventative rather than responsive though, so that in combination with the general difficulty wouldn't make me hold my breath waiting for it to happen. Unless the attacker stops, usually it's the ISPs that get the pleasure of dealing with it, and it is illegal (in many places at least), so the law enforcement would have a hand in it as well. The zombies can be traced and quarantined, with or without IP spoofing, even if the actual attacker that uses them can be difficult to pin down. Most one-off DDoS attacks I've seen have lasted a few days at most. Only once have I seen two consecutive attacks on the same target. However, this is not really my area and I don't have any extensive experience with it so I'm not going to promise anything, though I do have some understanding of how they can be done from a purely networking perspective. There are way too many factors for me to make even an educated guess. If there are only a handful of zombies involved, it could be over in hours. If it's small army of them, it could take much, much longer.

[Alpha 0]

resuming we got fukd up...

[vnpro 0]

I think GM should use some Internet Security tool (such as KIS) , it have nice firewall & good AI for detected DDoS

Install it very easy but there may be problems in performance

 

Against with DDoS & do not use tool are impossible

[zpaganp 0]

I remeber around 14 or 15 years ago when I use to do warez in mirc, some dude would send out bots with some odd name like sjdkfnjd and load it in a room and 1000"s and 1000's of bots would display in all the rooms messing up mirc, I dont remeber how they fixed it, but it went on for several months maybe this is the same thing thats happening. all they need is a way to connect to the game servers and then relese havoc  and over populating the servers. but that was so long ago. anyway I have a harracane to get ready for.

[Omega 0]

I remeber around 14 or 15 years ago when I use to do warez in mirc, some dude would send out bots with some odd name like sjdkfnjd and load it in a room and 1000"s and 1000's of bots would display in all the rooms messing up mirc, I dont remeber how they fixed it, but it went on for several months maybe this is the same thing thats happening. all they need is a way to connect to the game servers and then relese havoc  and over populating the servers. but that was so long ago. anyway I have a harracane to get ready for.

LOL ur so out of touch.

[liadush 0]

Well Cirus is right, There are many things you can do to provide some sort of defence agianst DDOS attacks.

The big issue is what kind of DDOS attack we have?

Gaint packet? Unknown Destination?

For Gaint packet i would recomment to shut down the port(logical port).

For Unknown Destination there are many routing messures i can implent to resolve this case.

 

There are many more DDOS attacks.

 

If the GM need any help.

Please PM me asap.

 

Regards,