SAKUJ0
Authorized
- Joined
- Apr 25, 2016
If you are using Occam's Razor while not even mentioning the possibility that this might be a competing private server, it is very hard to take you (at all) seriously.
Explanation - What is happening!? (Network Engineer)
- Thread starter Defeated
- Start date
If you are using Occam's Razor while not even mentioning the possibility that this might be a competing private server, it is very hard to take you (at all) seriously.
Muneca
Authorized
- Joined
- Oct 2, 2015
No .
As much as I don't want to open Pandora's box... Here I go...
Work at support where? I can assure you I have no affiliation with any host, upstream provider or gaming community. This would actually breech my non-compete/nondisclosure. I work as a Network Engineer for an MPS (Managed Professional IT Services Provider) in NYC/Manhattan.
Conjecture?
I have solid information, which I have acquired myself, backing up my theory on Bredband2's network infrastructure. If you think the claim is pure speculation, you're wrong, believe me.
As far as who attacked them.. I stated in a previous post, this IS speculation backed by logic - My guess happens to be that of Kronos' Staff as well. You want to say it's Blizzard, Nost Staff, other private servers? Be my guest, but those aren't good guesses friend.
i believe most are like the post said the gold farmer because i remember ban wave of gold sellers thanks to forum reports. The most famous gold sellers in wow are chinese but not all are i believe, the problem is one, for my ignorance: are the ddos attacks stronger than kronos admins? because is likely the ddoss will keep on going until server will be dead. Ppl will not wait forever to server reopening.we
ll personally i wish all the best to kronos staff and hope for the best. thanks for the clarifying post.
ll personally i wish all the best to kronos staff and hope for the best. thanks for the clarifying post.
Needed to reply to one, this one seemed better than any but really relates to anyone doubting it's the banned farmers. All modern games are based around avoiding gold sellers or just simply making it not worth their time. In-game currencies are devalued to the point that the $per hour is so low that farming in game currencies is a waste of time. Vanilla is not like this, not if you know what you are doing when you are farming gold.
i would bet it's revenge from the chinese, they lost THOUSANDS of dollars worth income, it must have been huge slap in the face. They might try to make Kronos example on what happens if you mess with them.
It only costs little money and the customers might move on servers that they can dominate and have no protection against gold spam.
Best you can do is to stay on Kronos and support this awesome staff and server.
It only costs little money and the customers might move on servers that they can dominate and have no protection against gold spam.
Best you can do is to stay on Kronos and support this awesome staff and server.
Hm, interesting post - indeed. But a question: Wouldnt it be possible, to only allow "whitelisted" IPs to connect? And if this would be possible, why not create a tool (in whatever language you prefer) which you can download and then you have a captcha (a difficult one - which is only a image generated by the server) and if you solve the captcha you can unlock your IP for the next ~3 hours (just an example) and then you can connect?
I was just thinking. I am just a normal programmer and no network specialist. Of course this is only a temp. solution... until the server provider got better protection.
I was just thinking. I am just a normal programmer and no network specialist. Of course this is only a temp. solution... until the server provider got better protection.
Last edited:
Sort of. You are right in assuming you need certain variables configured properly on your default gateway. Configuring part of your LAN/Routing Table to match that of the attack subject is not performed though. The attacker, with physical control of said gateway, can easily accomplish what they need to. The end result being the spoofed packet hitting your ISP's edge router.
Edit: If we're talking about an attack that would reach 300+Gbp/s, you're right in assuming one would have to find and then compromise the required resources (Servers), capable of spoofing, behind a network that isn't properly setup.
When these packets hit your ISP's edge router, they will not be dropped unless the ISP's edge routers utilize RFC2827/BCP38 (Network Ingress Filtering). Sadly, A LOT of ISPs do not enforce this standard on their routers. Without this, the packet is treated normally and not dropped as it should be.
Last edited:
Snailswrath
Authorized
- Joined
- Jun 27, 2015
A well put together case with a reasonable conclusion. I must say it's the most convincing (and probably the only) qualified theory out there. It's sad to see all the replies by those who read 1/7th of the post and say "fuck it" and decide to roll with the theory of the most popular on reddit 40 minutes ago. Seemingly for some sort of need to look stupid.
Last edited:
Isn't spoofing impossible on windows 7+ due to not allowing raw sockets to be used? I thought windows automatically adds in their data to the headers on the packet, and that you could only spoof in linux now.
If I'm not mistaken you don't do anything with your router at all. These spoofed packets aren't coming from your connection anyway usually. It's done (usually) via an executable made in C/C++ that can utilize its low level capabilities to create a packet and specifically have the target's ip as the source address.
https://github.com/ethanwilloner/DNS-Amplification-Attack/blob/master/main.c
Here's a pretty simple example of a program that does it, if you ran that from a linux box you could spoof your ip.
If I'm not mistaken you don't do anything with your router at all. These spoofed packets aren't coming from your connection anyway usually. It's done (usually) via an executable made in C/C++ that can utilize its low level capabilities to create a packet and specifically have the target's ip as the source address.
https://github.com/ethanwilloner/DNS-Amplification-Attack/blob/master/main.c
Here's a pretty simple example of a program that does it, if you ran that from a linux box you could spoof your ip.
Last edited:
When initiating an attack behind your own network, you will be configuring your default gateway (router) and you are almost always going to be utilizing a flavor of Linux (ex. KaliLinux). If you are using comprised resources to launch a larger attack, you aren't changing the configuration of a router (you don't have access to anyway) - you could care less if the attack can be traced back to it.
One more thing to add. I realize my explanation in the OP lacks A LOT of the details, but it wasn't meant as a tutorial. I simply aimed to explain what is happening, to the best of my ability, in layman's terms.
The truth is, to pull something like this off, although easy in terms of the work involved.. It requires a lot of knowledge. If you want to know the specifics, the nitty-gritty, the bread and butter.. If you want to spend time learning.. There are a lot of great resources out there to do this. If you want suggestions, PM me. However, I am not going to provide you with a step-by-step how-to guide to hacking/causing chaos.
One more thing to add. I realize my explanation in the OP lacks A LOT of the details, but it wasn't meant as a tutorial. I simply aimed to explain what is happening, to the best of my ability, in layman's terms.
The truth is, to pull something like this off, although easy in terms of the work involved.. It requires a lot of knowledge. If you want to know the specifics, the nitty-gritty, the bread and butter.. If you want to spend time learning.. There are a lot of great resources out there to do this. If you want suggestions, PM me. However, I am not going to provide you with a step-by-step how-to guide to hacking/causing chaos.
Last edited by a moderator:
Because. More than 1 person is selling gold.
Also. More than 1 group is selling gold.
And. The gold sellers are not all from the same Country.
CCNP R&S here.
This is one of the major problems why such attacks are even possible on todays Internet.
If *you* (i address everyone reading this) want tho help prevent this kind of attack anywhere - not just Kronos,
write your ISP and ask if they enforce this standard, and to enforce it if they don't..
I admit it's a little bit naive approach, but if even one ISP reacts to such a mail and enforces it,
it will have made the Internet a better place.
Last edited:
Couldn't the ddos'ers "white list" a temp solution to log in to the server themselves, farm/dupe gold at their leisure for future RMT (real money trade) for the next week plus, and be ready to sell an epic amount of gold once Kronos fixes their networking problem?
You mentioned that Nostalrius faced the same thing but had a different outcome. Is it possible they gave in to the chinese demands? I remember them unbanning a lot of chinese wintraders around the same time Kronos had their 7x event, maybe because they threatened with DDoS again?
G
gismorum
Guest
Nostalrius provider in france has specialized data centers for swallowing ddos attacks. Going over the Website it says they can counter and nullify DDoS attacks with up to 480 Gbps which is an amount most ddosers can't even remotely come up with.
Your Op and follow up posts have been by far the most well educated and interesting material that I've read on a forum in a long, long time.....But I have to say I'm extremely disappointed that with all that knowledge that you are one of the people that actually believes that Blizz is about to sit down and have any sort of productive conversation with the Nost. Devs. This was all started by a comment made in a blizz post that was just worded to sound that way, then eaten alive by keyboard warriors to make it mean exactly what they wanted it to mean. There will be no meeting. There will NEVER be Blizzard vanilla servers....EVER. It's that simple.
I assumed that everyone understands blizzard wont make vanilla servers because of one simple reason: It would prove that ppl were right and they were wrong. Also its kinda a kick in the nutz to the current developers that the game from the old dev. team was much better
Maybe I'm in a position which has allowed me access to certain information regarding both Nostalrius and Blizzard :innocent:
As far as Blizzard and Vanilla servers are concerned, no one knows what will happen.
Think what you want though, free will and all.
I wonder, how many providers have 300Gbps of free BW they can fill up to one customer?
Or even 50-100Gbps to a singel customer?
Also, you talk a lot about the hardware but hardware wont help you if your connection is filled up with crap traffic.
So the only working solution is to have more BW in spare then the attackers can use to attack the target.
I mean, even blizzard did go down 2-3 days because of a DDoS some weeks/months ago and they have unlimited money resources to prevent it.
Stay strong Kronos, we will never leave!
Or even 50-100Gbps to a singel customer?
Also, you talk a lot about the hardware but hardware wont help you if your connection is filled up with crap traffic.
So the only working solution is to have more BW in spare then the attackers can use to attack the target.
I mean, even blizzard did go down 2-3 days because of a DDoS some weeks/months ago and they have unlimited money resources to prevent it.
Stay strong Kronos, we will never leave!
G
gismorum
Guest
They won't do official vanilla servers, there's a multitude of reasons why
First and most obvious, they didn't do it in 10 years, they won't do it at the (relative) end of the games lifespan. The first people have asked for classic realms as soon as TBC launched. I don't think that they have never thought of the idea of an expac-less or specific expansion realms by themselves long before it was put into the spotlight by the community. And they probably came to the absolute decision that they don't want to do it long ago.
Trouble to implement their cash shop with it's mounts and pets and paid services into the legacy realms, which is a thing they surely would want to do.
Trouble to implement the legacy client into their shiny bnet launcher. (A company like Blizzard that has this ''bling'' type of quality fetish wouldn't want people to go through a file explorer and click some exe to start up the game in a win 95 style.)
One of the most important points - what vanilla are we talking about ? Vanilla as it was back then 1:1, with all it's 2004 graphics, mostly outdated mechanics, bugs, etc ? Or a vanilla wow polished to todays standards in graphics and with updated mechanics and bugfixing ? I don't think that they will EVER release an original 1.12 client to be played on a blizzard labeled server.
The vanilla version of wow would make the current game look bad.
Lots of people would probably settle for the legacy realm and stop buying expacs.
You need to see that pretty much all this talk they do now is just because of the hugely bad PR they got from shutting down nost.
They didn't answer legacy threads until now (because there's no interest from their side), but now there was no other choice but to answer. And you will see, by the time the dust settles and every is jumping around with their demon hunters in legion the topic will be off the table again.
First and most obvious, they didn't do it in 10 years, they won't do it at the (relative) end of the games lifespan. The first people have asked for classic realms as soon as TBC launched. I don't think that they have never thought of the idea of an expac-less or specific expansion realms by themselves long before it was put into the spotlight by the community. And they probably came to the absolute decision that they don't want to do it long ago.
Trouble to implement their cash shop with it's mounts and pets and paid services into the legacy realms, which is a thing they surely would want to do.
Trouble to implement the legacy client into their shiny bnet launcher. (A company like Blizzard that has this ''bling'' type of quality fetish wouldn't want people to go through a file explorer and click some exe to start up the game in a win 95 style.)
One of the most important points - what vanilla are we talking about ? Vanilla as it was back then 1:1, with all it's 2004 graphics, mostly outdated mechanics, bugs, etc ? Or a vanilla wow polished to todays standards in graphics and with updated mechanics and bugfixing ? I don't think that they will EVER release an original 1.12 client to be played on a blizzard labeled server.
The vanilla version of wow would make the current game look bad.
Lots of people would probably settle for the legacy realm and stop buying expacs.
You need to see that pretty much all this talk they do now is just because of the hugely bad PR they got from shutting down nost.
They didn't answer legacy threads until now (because there's no interest from their side), but now there was no other choice but to answer. And you will see, by the time the dust settles and every is jumping around with their demon hunters in legion the topic will be off the table again.
Last edited by a moderator:
The solution is not more bandwidth. You want to prevent these attacks, not absorb them. Working toward a solution to stop them is regarded highly as the trumping concept. The security industry has made astounding advancements toward this goal.
Inline Hardware, Cloud Analytics (Real Time) and Scrubbing Centers are the solution.