PSA - What is a DDOS, and why you shouldn't piss and moan

To start with, what is a DDOS? Distributed Denial of Service.

How does it work? In a nutshell, you get a farm of compromised devices, and they spam connections/traffic to the server as hard and fast as they can.

An analogy, imagine you’re a librarian (the server). Normally, people come in and make their inquiries of you. There’s a decent number of people, but nothing overwhelming.

DDOS happens, and now all of a sudden there are thousands of people all start making inquiries all at once. So you answer someone, only to find they’re already asking you another question. And another, and another.

Backing out of that analogy, a DDOS consumes resources that were intended for players, in a way that they were not intended to be consumed. When one of the zombies attacks, it’s not even waiting for the server to answer before it sends more input to the server.

It used to just be botnets of computers. But these days, with the advent of exceedingly unsecure IOT devices, even your smart tv can be participating in the attack. Or you smart phone, your smart watch, your smart toaster, even smart light bulbs could be attackers.

What can be done to mitigate this? With limited success you can observe the “etiquette” of the client, and then if it turns out it’s being too aggressive, start preventing connections from that IP altogether.

You can use proxies to validate that the communication is what it should be, and not just random noise.

The only sure-fire way to mitigate it, however, is to simply increase the resources you have so that you’re able to respond to legitimate communication amid the junk.

The downside to all of this is you’ve got a 100% chance of impacting legitimate users. IP addresses are not unique. IPv4 has a little under 4.3 billion IP addresses, and a decent chunk of them aren’t even usable for this purpose (used for other purposes such as pre-NAT allocation, local subnets, multicast, etc). Your ISP will invariably aggregate your traffic with a massive number of other people. Insofar as the internet is concerned, your IP is the same as thousands of others. Having public reserved IPs is a thing, but 99.99% chance you won’t have one unless you’re paying extra for it.

TLDR, there’s precious little CCP can do to mitigate a DDOS. This is true for literally every other service on the internet.

10 Likes

7 posts were merged into an existing topic: 2018/08/08 - DDoS Attack!