DDoS: The Reality

Customer Support
Aside from the acronym itself, I suspect very few people have a good grasp on what DDoS means. It's another acronym or abbreviation like "PST" where the vast majority think it means "psst, pay attention to me" rather than "Please Send Tell." DDoS is not a word, it only has one meaning, and it isn't left open to interpretation.

DDoS is "Distributed Denial of Service".

Let's break that down for the unwashed masses:

Distributed

This means it is spread across many source machines (the machines that are actually attacking Blizzard). The load of the attack is distributed across hundreds, thousands - and yes, even millions - of individual drone machines that sit idly by waiting for some henchman to put them to work flooding some unsuspecting internet portal (like WoW).

It's distributed because there are few (if any) individual connections that would be able to generate enough noise (aka internet traffic) to bring down a corporate infrastructure like Blizzard. These drones are distributed across the country, and across countries, and are located in disparate locations. By synchronizing all of these drones to flood a site, or server with traffic, they effectively multiply the bandwidth caps.

In short: 100 machines on 100 different cable networks at 10Mbps gives an effective traffic flood of 1000Mbps (1Gbps). Which is a lot more effective at bringing down a service.

Denial

Denial is pretty straightforward. Many of you deny you're addicted to WoW. Many also deny that they really don't know what DDoS is, how it works, and why you can't just "fix it."

In this case, however, denial means something entirely different. It means to deny access to something. The attackers have at least three potential goals:

1. Disrupt access to WoW
2. Disrupt Blizzard's ability to function
3. Cost Blizzard money in resources to alleviate the issues

To be clear: Denial means to prevent access to something - whether it's users/players, or Blizzard technical staff.

Service

The service is World of Warcraft - and probably any other Blizzard Battle.net game. The service also includes access to the web portal for shopping, accessing forums, or just perusing Blizzard's ample advertisement of an upcoming expansion.

All together now!

"Distributed (spread out) Denial (blocking access) of Service (World of Warcraft)". So, what we have is a Spread Out Blocking of Access to World of Warcraft or a SOBAWOW. Yes, we have been experiencing SOBAWOWs frequently lately. And it's created a player base of network engineers who attended either "The University of Ididagooglesearch" or "Wikipedia College for the Technically Disinclined."

The Reality

The reality is that there are very few things that can be done to alleviate DDoS attacks. There are a few best practices that involve routing, peering, and firewall adjustments. None of this is magical like the unicorn farts we use to obliterate enemies in one of Blizzard's WoW raids. One does not simply "fix it."

The big problem is the "Distributed" nature of a DDoS. This isn't some geek in his basement using his fat digital subscriber line to flood Blizzard with random garbage that overloads their servers. If that were the case, it would just be a DoS (simply: Denial of Service). No, no, this is a DISTRIBUTED Denial of Service attack. One chunky kid in his mom's basement could be the one orchestrating it, but he's leveraging bandwidth and machines he does not own.

How does this little mook accomplish this? Is he RICH?! Does he have billions of dollars to buy millions of machines spread out all over the world?! RICH PEOPLE SUCK ZOMG!!!

No. That's not how it works either. Instead, what happens is quite simple. Many of you are probably unwitting participants in these DDoS attacks. How, you ask? Well, every time you download some random installer for some cool new app, or game, or hack for your computer from a torrent, a pirate site, or from random emails you receive (with attachments you download and click) you run the risk of installing a virus or a trojan.

These viruses or trojans have many jobs. One of which is probably to send random garbage traffic to a designated destination: i.e. World of Warcraft.

Have you ever read the warning during a Windows Update that reads something like, "removed X to prevent malicious access to a user's computer, allowing system to be remotely accessed." Yeah, that's one of the reasons there are Windows' patches so often. Little freaks are out there all the time finding ways to compromise your system so that they can use it to perform idle, and evil deeds.

So, at the click of a button that probably reads "Initiate Attack!", the basement tubbard can start a DDoS attack by signaling all of these little viruses and trojans to start flooding some service like WoW.

Fixing It

First, to ensure you're not a part of the problem, install anti-virus software. There are many free choices, start here:

http://free.avg.com/us-en/homepage

Just Google "AVG Free".

Finally, you're just going to have to suck it up. There is no fix for this other than to make it troublesome for the attacking machines to reach Blizzard. This is both time-consuming (as in DAYS, not hours) as there are billions upon billions of packets going to Blizzard, the vast majority of which are legitimate. Finding the bad ones takes a lot of research, resources, and time. You don't just issue the command:

"stop ddos; execute;"

So, be patient, these kiddies usually get bored after a while and find someone else they'd rather piss off.

Blizzard is not at fault here. There's nothing they could have done in advance to prevent it. The FBI can't find the culprit because it's not just some person they can find. There are many thousands of machines involved - most of them innocent victims themselves. Blizzard has done their due diligence as is obviated by the vast number of connections they already handle for you boobs.

Regards,
Mirasol
Not to mention, they don't even have to be in a country that US laws have effect. They could be sitting in Palestine, China, or Argentina. If they don't have cyber crime laws, or if they don't have a treaty stating that criminals in their country attacking the US are subject to extradition to the US, there's nothing that can be done legally anyway.
Well, I don't know enough about computers to have an opinion on how to solve it, but I know that Blizz can't magically flip a switch and suddenly all problems are gone.

This post is really good and I wish more people, especially those crying they're going to quit because "Blizz not doin' stuff" would read and understand what might be going on here.

I'm still confused if it's really a DDOS attack or if it's still the AT&T backbone problem. I saw a blue post confirming that it was a DDOS attack but now I'm not finding it anymore. It doesn't matter which of those problems is the one to blame, it's not in Blizzard's hand to provide a fast solution either way.

All we can do is wait it out.

Requested sticky
Tene, it is still DDoS. On the Bnet app there's a breaking news saying that they have been subject to intermittant DDoS attacks and that things seem to be getting better, but they are still monitering.

So basically, the whole thing was a DDoS, as the skiddies could have targeted the AT&T backbone pipe, knowing AT&T is Blizzard's ISP of choice. Bring that down, down goes Blizzard.
08/26/2014 09:17 AMPosted by Tenebraeus
I saw a blue post confirming that it was a DDOS attack but now I'm not finding it anymore.


I think that was a temporary measure, until something more "official" goes up from either a CM or even a Developer. Irvine had a shindig yesterday so most everyone was out of the office. I expect something today.
08/26/2014 09:17 AMPosted by Tenebraeus
This post is really good and I wish more people, especially those crying they're going to quit because "Blizz not doin' stuff" would read and understand what might be going on here.


While I agree with you, you're asking the average forum user to not behave like the average forum user. I'm sure this involves some law of physics you simply can't break...
08/26/2014 09:58 AMPosted by Rakeri
08/26/2014 09:17 AMPosted by Tenebraeus
This post is really good and I wish more people, especially those crying they're going to quit because "Blizz not doin' stuff" would read and understand what might be going on here.


While I agree with you, you're asking the average forum user to not behave like the average forum user. I'm sure this involves some law of physics you simply can't break...


Fixed point in time. I'm so sorry.
08/26/2014 10:00 AMPosted by Thunderwulf
08/26/2014 09:58 AMPosted by Rakeri
...

While I agree with you, you're asking the average forum user to not behave like the average forum user. I'm sure this involves some law of physics you simply can't break...


Fixed point in time. I'm so sorry.


Darn Time Lords.
And here he is just now getting used to his new regeneration - might be a bit before he can get to us.

Great post - So many of the explanations are in techno-jargon. Really glad to have found one that explains it more and shows off less.
Excellent post and description Mirasol, thank you. Linking to my guild's website

08/26/2014 09:08 AMPosted by Mirasol
You don't just issue the command:

"stop ddos; execute;"


dang, that would be great tho
Excellent. Should be a sticky!
Short version...

Someone gets a bunch of computers to all go to a specific web site, en mass, over and over again.
This overloads that web site and its servers, denying normal use of that site.
It seems that the DDoS attacks are targeting pvp instances for the most part. As it happened to me only while I'm in a BG. Such trolls, I hope they get a lengthy sentence in the worst prison in their region.
08/26/2014 11:01 AMPosted by Cheapshotqt
It seems that the DDoS attacks are targeting pvp instances for the most part. As it happened to me only while I'm in a BG. Such trolls, I hope they get a lengthy sentence in the worst prison in their region.


They won't. They can't even determine who initiated the attack since the attacker(s') machine is probably not participating in the DDoS. Instead, he/she/they rely on the mass of drone machines that have been compromised to execute the flood.

Hackers get caught. Miscreants who hide behind botnets, and compromised computers don't. At least not with any frequency so as to become a deterrent.

Think of it this way: you steal a mobile phone, and make threats to some public official. It does no good going after the owner of the phone since he/she didn't place the call. And the thug who used it has long since abandoned it. That's the cat & mouse game involved, only there are no GPS tracking devices pointing back to these DDoS clowns.

As someone else pointed out, the culprits are often in other countries that aren't going to enforce any laws. Even if they did, the odds of extradition to face the music in the U.S. are slim to none.
08/26/2014 09:08 AMPosted by Mirasol
Aside from the acronym itself, I suspect very few people have a good grasp on what DDoS means. It's another acronym or abbreviation like "PST" where the vast majority think it means "psst, pay attention to me" rather than "Please Send Tell." DDoS is not a word, it only has one meaning, and it isn't left open to interpretation.

DDoS is "Distributed Denial of Service".

Let's break that down for the unwashed masses:

Distributed

This means it is spread across many source machines (the machines that are actually attacking Blizzard). The load of the attack is distributed across hundreds, thousands - and yes, even millions - of individual drone machines that sit idly by waiting for some henchman to put them to work flooding some unsuspecting internet portal (like WoW).

It's distributed because there are few (if any) individual connections that would be able to generate enough noise (aka internet traffic) to bring down a corporate infrastructure like Blizzard. These drones are distributed across the country, and across countries, and are located in disparate locations. By synchronizing all of these drones to flood a site, or server with traffic, they effectively multiply the bandwidth caps.

In short: 100 machines on 100 different cable networks at 10Mbps gives an effective traffic flood of 1000Mbps (1Gbps). Which is a lot more effective at bringing down a service.

Denial

Denial is pretty straightforward. Many of you deny you're addicted to WoW. Many also deny that they really don't know what DDoS is, how it works, and why you can't just "fix it."

In this case, however, denial means something entirely different. It means to deny access to something. The attackers have at least three potential goals:

1. Disrupt access to WoW
2. Disrupt Blizzard's ability to function
3. Cost Blizzard money in resources to alleviate the issues

To be clear: Denial means to prevent access to something - whether it's users/players, or Blizzard technical staff.

Service

The service is World of Warcraft - and probably any other Blizzard Battle.net game. The service also includes access to the web portal for shopping, accessing forums, or just perusing Blizzard's ample advertisement of an upcoming expansion.

All together now!

"Distributed (spread out) Denial (blocking access) of Service (World of Warcraft)". So, what we have is a Spread Out Blocking of Access to World of Warcraft or a SOBAWOW. Yes, we have been experiencing SOBAWOWs frequently lately. And it's created a player base of network engineers who attended either "The University of Ididagooglesearch" or "Wikipedia College for the Technically Disinclined."

The Reality

The reality is that there are very few things that can be done to alleviate DDoS attacks. There are a few best practices that involve routing, peering, and firewall adjustments. None of this is magical like the unicorn farts we use to obliterate enemies in one of Blizzard's WoW raids. One does not simply "fix it."

The big problem is the "Distributed" nature of a DDoS. This isn't some geek in his basement using his fat digital subscriber line to flood Blizzard with random garbage that overloads their servers. If that were the case, it would just be a DoS (simply: Denial of Service). No, no, this is a DISTRIBUTED Denial of Service attack. One chunky kid in his mom's basement could be the one orchestrating it, but he's leveraging bandwidth and machines he does not own.

How does this little mook accomplish this? Is he RICH?! Does he have billions of dollars to buy millions of machines spread out all over the world?! RICH PEOPLE SUCK ZOMG!!!

No. That's not how it works either. Instead, what happens is quite simple. Many of you are probably unwitting participants in these DDoS attacks. How, you ask? Well, every time you download some random installer for some cool new app, or game, or hack for your computer from a torrent, a pirate site, or from random emails you receive (with attachments you download and click) you run the risk of installing a virus or a trojan.

These viruses or trojans have many jobs. One of which is probably to send random garbage traffic to a designated destination: i.e. World of Warcraft.

Have you ever read the warning during a Windows Update that reads something like, "removed X to prevent malicious access to a user's computer, allowing system to be remotely accessed." Yeah, that's one of the reasons there are Windows' patches so often. Little freaks are out there all the time finding ways to compromise your system so that they can use it to perform idle, and evil deeds.

So, at the click of a button that probably reads "Initiate Attack!", the basement tubbard can start a DDoS attack by signaling all of these little viruses and trojans to start flooding some service like WoW.

Fixing It

First, to ensure you're not a part of the problem, install anti-virus software. There are many free choices, start here:

http://free.avg.com/us-en/homepage

Just Google "AVG Free".

Finally, you're just going to have to suck it up. There is no fix for this other than to make it troublesome for the attacking machines to reach Blizzard. This is both time-consuming (as in DAYS, not hours) as there are billions upon billions of packets going to Blizzard, the vast majority of which are legitimate. Finding the bad ones takes a lot of research, resources, and time. You don't just issue the command:

"stop ddos; execute;"

So, be patient, these kiddies usually get bored after a while and find someone else they'd rather piss off.

Blizzard is not at fault here. There's nothing they could have done in advance to prevent it. The FBI can't find the culprit because it's not just some person they can find. There are many thousands of machines involved - most of them innocent victims themselves. Blizzard has done their due diligence as is obviated by the vast number of connections they already handle for you boobs.

Regards,
Mirasol


This post was amazing thanks Mirasol.
This is the best post I've read here. Ever. Of course it's too long for the moron whiners to read. They want to throw their tantrums no matter how you explain things to them.

Thank you Mirasol, for raising the general intelligence level of the forums.
08/26/2014 10:42 AMPosted by Aarschott
Someone gets a bunch of computers to all go to a specific web site, en mass, over and over again.


I gave that description to a guildie who said: "oh, Blizzard is getting ganked"
08/26/2014 10:42 AMPosted by Aarschott
Short version...

Someone gets a bunch of computers to all go to a specific web site, en mass, over and over again.
This overloads that web site and its servers, denying normal use of that site.


That would not have been nearly as much fun to write, however.

But yeah, that's it in a nutshell.

Join the Conversation

Return to Forum