Return of Reckoning

What is a DDoS?;
The expansion of "DDoS" is "Distributed Denial-of-Service", but even that doesn't mean a whole lot without talking about what a Denial-of-Service attack is, so lets start there.

Fundamentally, all internet services take requests from the network, perform some work, and send back the result. To do this, the service will commit some amount of resources to fulfilling each request, where resources might include network capacity, CPU cycles, memory, IO, and so on.

The point of a DoS attack is to make it difficult or impossible to actually service the incoming requests. The usual way to do this is to externally find some way to exhaust the available resources so there's nothing left for legitimate requests.

There are plenty of ways that can be done, but one of the easiest for an attacker to perform is to overwhelm the network connection that the service receives its requests from. It's the "distributed" part that makes this easy - compromised computers (via malware and viruses) all over the world can be instructed to make a large number of requests to a network service at the same time, clogging up the network connection and preventing legitimate requests from getting through. The analogy we used to describe it last month was that "it is like being unable to get to your post box because a huge crowd has formed around the front door of the post office."

A distributed attack;
The idea behind a DDoS is for the attacker to generate more traffic than the receiving site can deal with. A single computer is unlikely to have enough network resources available to overwhelm a server, which is probably on the end of a high-capacity connection to the internet. But if you can get computers all over the world on many different networks to make requests at the same time, you can make it all add up to more than the server can deal with.

How you might be able to stop it if it isn't directly targeted at the host of the server;

Put some kind of globally-distributed web/DNS proxy (aka a CDN) in front of your service. These use Anycast to force traffic destined for your website to first go through a proxy geographically-close to the machine making the request. They also implement various kinds of DDoS protection and filtering so only the legitimate stuff get passed on to you.

Final thoughts;

It is incredible hard to stop a DDoS while it is happening, but if the server is offline because of this than that might help a little.

Or, without the long thread. They temporarily closed the server for now to perform maintenance. Can't always blame DDoS... Please see viewtopic.php?f=16&t=15347&start=60

Genisaurus wrote:Please stop insinuating accusations. There's no evidence that any one particular person is the culprit. Frankly, we're still compiling evidence whether or not it's even a DDoS - most of the symptoms are the same, but there is some other unusual behavior going on that makes it hard to confirm one way or another. Communication with the one or two people who might be able to say conclusively is blocked by time zones and busy schedules.

We will let you know more as we know more.

Synacy wrote:Or, without the long thread. They temporarily closed the server for now to perform maintenance. Can't always blame DDoS... Please see viewtopic.php?f=16&t=15347&start=60

Genisaurus wrote:Please stop insinuating accusations. There's no evidence that any one particular person is the culprit. Frankly, we're still compiling evidence whether or not it's even a DDoS - most of the symptoms are the same, but there is some other unusual behavior going on that makes it hard to confirm one way or another. Communication with the one or two people who might be able to say conclusively is blocked by time zones and busy schedules.

We will let you know more as we know more.

already had GM confirm its a ddos

I never said it was a DDoS, but i did see a lot of people talking about DDoS being the issue, which is why i titled this, "Information about what COULD be happening".

gurtuk wrote:I never said it was a DDoS, but i did see a lot of people talking about DDoS being the issue, which is why i titled this, "Information about what COULD be happening".

Understood, but seeing a lot of people talking about it is really just being grabbed from original sources on the forum. DDoS is being thrown around and many are simply hopping on the bandwagon, blindly blaming DDoS. It could and it couldn't, but we've been seeing "DDoS this, DDoS that", that it shouldn't be anything new. The bases should have been cleared earlier last week about this topic.

Pridebane wrote:already had GM confirm its a ddos

Correct that DDoS activity has been occurring recently but do please see that a developer had written that I quoted and linked to. The launcher shows the web and login server online; one should understand from that the current situation is that it is purposely closed. It's closed to keep people from complaining to the forums, "damn, got kicked off again", when the server closes every 5 to 10 minutes (like last night) - just until it can be stable.

Its the xrealmers fault!!!! right thats what all the bandwagoners are saying?

I've owned many servers in the past, including a few world of warcraft private servers. honestly it has a lot of the symptoms of a DDoS since i was online most of the times when the server went offline.

gurtuk wrote:I've owned many servers in the past, including a few world of warcraft private servers. honestly it has a lot of the symptoms of a DDoS since i was online most of the times when the server went offline.

viewtopic.php?f=16&t=15373

gurtuk wrote:I've owned many servers in the past, including a few world of warcraft private servers. honestly it has a lot of the symptoms of a DDoS since i was online most of the times when the server went offline.

Kinda agree here. I was playing before the server went down, as an IT Security guy IRL, the server FELT like it was experiencing a very heavy traffic load, and for the mornings EST, I think maybe there was a little over 50 people on. I've played before with that amount of traffic and it didn't do that previously.

I for one want to say thanks for the definition. I loved Warhammer on live and when my friend told me about this server a month ago I lost my mind. I could not wait to be able to play again. Issues in technology come up all the time and seeing as this is being run by people who love the game, for people who love the game I'll take what I can get and be grateful.

Over the past week, the last two days especially, most of my down time has been spent reading the boards . I've seen DDoS out there so many times it's made my head spin and while I understood there is a lot of that going on what I didn't know was it's meaning.

So again thank you for that. Every day I learn something new is a successful one in my book.