So they could spoof the TCP connections the same as UDP? I mean if the connecting using TCP it'd just be a bunch of connection establishing attempts intead of a bunch of datagrams.
Explanation - What is happening!? (Network Engineer)
- Thread starter Defeated
- Start date
So they could spoof the TCP connections the same as UDP? I mean if the connecting using TCP it'd just be a bunch of connection establishing attempts intead of a bunch of datagrams.
While passing a handshake with a spoofed TCP source address can be done, it is much harder to accomplish than with UDP and has some requirements in terms of the network it's being performed on.
As a result of UDP's "fire and forget" "conection-less" transmission, the source attribute can be EASILY spoofed and the receiver would have no way of determining its accuracy prior to responding.
Yea I get what you're saying, I was reading it's near impossible to spoof TCP because the connection is never completed, but because you're only spoofing the UDP packet for the query you could still do it, the target would just be getting flooded with TCP connections from the server instead.
Lightwish01
New Member
- Joined
- Apr 15, 2016
The truth about ddos is that any noob hacker schmuck could be behind it. The fact that the blame is being placed on the Chinese is probably a good guess; however, it could also be some kid who got banned, or someone who just thinks this is funny and plays on a rival vanilla server.
Bye then. If you really think that a little bit of down time is all it takes for you to jump ship, then you must have not played retail launch of Vanilla WoW.
caoyang186
New Member
- Joined
- Apr 26, 2016
It explains the network issue well (I guess so, cuz I dont understand network that well anyway), but the post does not prove that Blizzard is not behind this attack. Moreover, although the speculation, that Chinese know about network better because internet is censored in China, sounds reasonable in the beginning, it is easy for Chinese players to get over the "wall" and play on Kronos with a simple VPN. No deep understanding in networks is needed for Chinese players and the reality is that the general Chinese players on Kronos are just as clueless as players in Europe and North America.
When it comes to gold farmers, it is possible that some gold farmers are behind the attacks and they are knowledgeable about networks as professionals but all professionals know their jobs.
This post reaches its conclusion with pure guessing. It is possible that gold farmers are behind this but who knows. Maybe Blizzard doesnt want to build legacy server themselves and it is hard for them to reach Twinstar. So, they want to protect its right by forcing twinstar to shut down its server or at least lose its players.
We all want to see Blizzard as a good company, but after all, it is still a "company" and maximizing shareholders' equity is the single and most important goal for Blizzard, (especially in recent years).
When it comes to gold farmers, it is possible that some gold farmers are behind the attacks and they are knowledgeable about networks as professionals but all professionals know their jobs.
This post reaches its conclusion with pure guessing. It is possible that gold farmers are behind this but who knows. Maybe Blizzard doesnt want to build legacy server themselves and it is hard for them to reach Twinstar. So, they want to protect its right by forcing twinstar to shut down its server or at least lose its players.
We all want to see Blizzard as a good company, but after all, it is still a "company" and maximizing shareholders' equity is the single and most important goal for Blizzard, (especially in recent years).
Nephenthos
New Member
- Joined
- May 7, 2016
these attacks are illegal.... blizzard has lawyers and shizz if they want this server out of the air. trust me.... it aint blizzard. they would risk WAAAAAY too much
I'm so glad I'm not the only one agitated by the misinformation and whining going around. Thank you OP.
Your explanation follows pretty closely with this youtube video from BlackHat 2013 "Lessons from Surviving a 300Gbps Denial of Service Attack"
Link:
https://www.youtube.com/watch?v=w04ZAXftQ_Y
Your explanation follows pretty closely with this youtube video from BlackHat 2013 "Lessons from Surviving a 300Gbps Denial of Service Attack"
Link:
https://www.youtube.com/watch?v=w04ZAXftQ_Y
professional attack indeed,chinese gold farmers wont do like this so professional ,they have other business to live on.
Holy **** **** where do I begin? You know what, this one seems better left alone...
No, I can't.
1.) The attack on their network began shortly after TwinStar/Kronos staff banned a large number of gold seller's accounts/mules which resulted in "thousands of US dollars" in gold being banned along with them. This was stated by Davros (Kronos Staff) on IRC.
2.) My post was geared more toward explaining what is taking place (DDoS attack). Who is behind this attack will likely never be known unless the individual(s) want us to know. While I am speculating, the logic is there - The timing is just too coincidental in light of recent events.
3.) Blizzard is meeting with Nostalrius' staff to have a discussion regarding private servers, their communities, the work Nostalrius did and vanilla in general. Why would they attack another private server leading up to this meeting or, more importantly, risk a multi million dollar empire (we're not just talking about World of Warcraft anymore..) for what amounts to peanuts? I'm also pretty ******* sure if I figured out Kronos' upstream provider, Blizzard is well aware too. Prior to DDoS'ing (LOLYARITE) they would have sent a C&D/DMCA letter to Bredband2, even if they knew Swedish law would pose a challenge. A provider like Bredband2 would likely give up almost instantly (just as OVH did) the minute legal action was put on the table. Why would they go to bat for a private gaming server and risk far more than just one client? Do you understand how expensive lawsuits are? They have 140,000 customers, TwinStar is one of them..
Not sure why I wasted my time, but I feel liberated.
- - - Updated - - -
Awesome. This is the CEO of CloudFlare explaining DDoS and the 300Gbp/s attack launched against one of their clients, which they we able to successfully mitigate. Good resource if you want a clearer picture painted. Thanks for sharing :biggrin:
Last edited:
comboccino
New Member
- Joined
- May 8, 2016
I got gold seller whispers on sunday during the short server uptimes. Why should those guys be online while DDoS attacks?
I would have expected some sort of empirical evidence of these claims as all I see is a bunch of well-put conjectures. Specially coming from a Network Engineer that is familiar with the terminology and support lingo (which signals you might work at support).
Don't get me wrong, I appreciate the quality of the post, all I'm saying is that going as far as accusing a specific ISP of having a misconfigured network (most of them do anyway) based on conjecture is going a bit too far and could even potentially get you in troubles if the "rumors" spread and they had a case for business damages.
Don't get me wrong, I appreciate the quality of the post, all I'm saying is that going as far as accusing a specific ISP of having a misconfigured network (most of them do anyway) based on conjecture is going a bit too far and could even potentially get you in troubles if the "rumors" spread and they had a case for business damages.
As already stated in another thread it makes no sense that gold sellers attack our server. With a shut down server they can advertise less and sell less gold.
Guess it's more some revenge thing. But saying the Chinese who got banned are attacking us is just pure speculation. Same as saying nostalrius devs are attacking us because our server runs and their server was shut down. Same BS. If you don't know details, stop being a tabloid.
Guess it's more some revenge thing. But saying the Chinese who got banned are attacking us is just pure speculation. Same as saying nostalrius devs are attacking us because our server runs and their server was shut down. Same BS. If you don't know details, stop being a tabloid.
I see. Well, if that's the case, most probably you are right and it's not ack related.
Thanks for the explanation, it was really interesting for a guy that doesn't really know a lot about network and stuff like that..
It is a pleasant alternative for all the BS-topics on the attacks to say the least.
I'm guessing we'll just have to sit this one out :mellow:
It is a pleasant alternative for all the BS-topics on the attacks to say the least.
I'm guessing we'll just have to sit this one out :mellow:
Blizzard is not doing this atack if they wanted they whould just shut it down, the server is in sweden, i live there and i think broadband2 will bend in an instant if blizzard starts talking lawsuits.
And blizzard cant reckon that they destroyed theier own game and just let us be. I hope this ddos gets fixed and the server stays up but the growing popularity is a problem, the server is the best tho 10y old game and still the best mmo! Thanks for the explenation on ddos atacks
And blizzard cant reckon that they destroyed theier own game and just let us be. I hope this ddos gets fixed and the server stays up but the growing popularity is a problem, the server is the best tho 10y old game and still the best mmo! Thanks for the explenation on ddos atacks
Last edited:
I doubt anything publicly listed would be of much use, but they are plenty of misconfigured servers of all types that can provide pivoting for an attack. It's well known that the entire IP ranged of the Internet is scanned 24/7 looking for vulnerabilities, setting up honey pots can be pretty instructive in that regard.
Point is, even if the attackers don't have such servers ready for use, they can purchase or trade for some from Russians who specialize in that stuff. It's not hard to come by.
Thanks for detailed explanation.
I guess now Kronos' staff looking for new ISP who are capable to deal with those attacks, old one was not prepared.
From first day I supposed that chinese BANNED GOLD SELLERS are behind all this, Blizz got no enough reason to do attacks in this way.
I just hope once servers will be back that we all FIGHT against damn gold sellers like never before, to ban them all permanently without discussion.. err not ban but DELETE their low level accounts!
Even we are aware that always will be someone enough naive or stupid to buy their gold but I hope number of our stupid players will go down after this and wast majority of players will report them immediatly so GMs can ban/delete them.
I guess now Kronos' staff looking for new ISP who are capable to deal with those attacks, old one was not prepared.
From first day I supposed that chinese BANNED GOLD SELLERS are behind all this, Blizz got no enough reason to do attacks in this way.
I just hope once servers will be back that we all FIGHT against damn gold sellers like never before, to ban them all permanently without discussion.. err not ban but DELETE their low level accounts!
Even we are aware that always will be someone enough naive or stupid to buy their gold but I hope number of our stupid players will go down after this and wast majority of players will report them immediatly so GMs can ban/delete them.
Got cisco certified myself but that was years ago, please refresh my memory.
In order to spoof your IP address and not have the router drop those packets, you need a non nated router config where you configure let's say a /16 block of the target network as if it's your own. After which you can just happily send the packets with the desired source address of that /16 or whatever block size on your way?
Seems quite challenging to find such a network,you would have to have misconfigured core router in a DC.
I suppose you would also have to BGP route said IP block to make it work?
In order to spoof your IP address and not have the router drop those packets, you need a non nated router config where you configure let's say a /16 block of the target network as if it's your own. After which you can just happily send the packets with the desired source address of that /16 or whatever block size on your way?
Seems quite challenging to find such a network,you would have to have misconfigured core router in a DC.
I suppose you would also have to BGP route said IP block to make it work?
Occams Razor is helpful here and with the facts in mind, it is most likely to be the gold farmers.
Blizzard would not initiate DDOS attacks. Blizzard is many things, but operating illegally and cyber warfare is not on that list of things.
lanevegame
Authorized
- Joined
- Jun 18, 2015
Let's say that Actizzard doesn't like Kronos and they'd love to put it down, but they wanna do it without generating a poop-storm, like for Nostalrius. So they would pay someone else to do it for them. Makes sense?
