It’s been getting worse the last several hours, now. Random disconnects, missing channels and I can no longer get into the game at this point.
Damn took day off to get back into EVE after a few years and now cant play. Unable to connect to server. 
1 Like
It is impossible to fix. There is no fix to DDoS.
I had no problems past 12 hours, but now I am not getting back in anymore. These login problems seem to come and go. At some point it’s behaving perfectly fine for me. And then, after some time, I can’t log in, or can’t access the chat…
We know there are a-hole babies in the world and there is not much we can do about that so…do what you can and things will get back to normal soon I’m sure…
Thanks…
I had no issues last night, but this morning has taken me about a dozen attempts to get in game. It’s frustrating but I can understand why there are these issues and that it can’t be helped!
A DDOS is where a large volume of traffic is thrown at the servers.
There are a few basic types. The most basic, where they just try to overwhelm the pipe in. These are some of the easier ones to deal with, as you run everything through a DDOS mitigation service, who have some really big network connections. As the traffic doesn’t look like valid traffic, it can be dropped easily.
Then you’ve got the more targetted ones. Where the traffic is shaped to look like legitimate traffic. These are harder to pull off, as you can’t use reflection. But not much harder. There are services to do this for you. These are both harder to mitigate, and generally require a smaller botnet. Because they’re not attempting to overwhelm the network connection, but the servers behind it.
Again, a mitigation service can help here, by looking for unusual volumes of traffic from sources and cutting them off. However, a large enough botnet can overwhelm this. And there are some very large botnets out there. Which can be rented.
What you’ll normally see with mitigation services is that they’ll start off with very harsh intervention, chopping off large segments of the internet, before they loosen up on it, with more specific blocks.
There isn’t a simple solution to this. There’s a reason that DDOS mitigation is a multi billion dollar industry.
3 Likes
I would love to see examples of this explained. CCP doesn’t need to release the details of the attack as that might embolden others to try it as well. But I am sure similar attacks have been done on other mega industries and an example of how this is happening and why it’s creating such a problem for CCP to handle would be interesting to look at. Since I have plenty of time due Covid-19 and I can’t play the game, maybe some learning on how the attacks are being done at a broad scope and maybe some specifics of other attacks at other locations would be good learning.
Who knows, if someone were to post examples here maybe a whole new batch of people will become interested in the networking jobs and data security jobs that are out there. This DoS attack on CCP might be the trigger that gets some people a whole new career. 
Admittedly I know very little about DDOS but I’m surprised that such a simple for of an attack is so effective. I mean, isn’t there code the servers can use that would just instantly block suspect calls from the same IP?
I’d recommend learning the difference between MMORPG and RPG first. After that, then maybe have the mental capabilities to learn about DDoS’ing.
There’s materials out there on this kind of thing
1 Like
LOL…you’re funny…
Is true though.
Or are you telling me you know the difference?
Thanks @Steve_Ronuken I hope this actually points to what CCP is dealing with rather than ‘This is a DDoS’ flood servers with malformed SYN’s and website goes down type of talk. I think CCP has already said that a DDoS where flooding the incoming pipes is not what is happening here. I’ll get that a go cause “learning about this is interesting” (I say this as I take a ‘Ethical Hacking’ Course. 
‘suspect calls’ is a somewhat difficult thing to define. Then you’ve got fun things like how long you block them for (if you block forever, you end up with a huge table you have to check each time a packet comes in, to see if it’s on the block list. So that’s a bunch of resources being used up.)
Then you’ve got the problem that sure, you can block them. But they still have to get to you first, before you can block them. Because you can only drop them when they reach you. You can’t reach further upstream and tell them to stop sending them.
Well, that’s not quite true. That’s what a DDOS mitigation service is for. Which has a large enough pipe to accept them in the first place, before filtering it to ‘good’ traffic. (That thing which can be quite difficult to define)
2 Likes
God, not the certified ethical hacker course from EC Council?
Admittedly, I did v9, and they’re now on v10 (unless they’ve moved higher still), but v9 wasn’t a good course (too focused on specific tools, many out dated, rather than the concepts) and the exam was terrible (4 hours, multiple choice. I walked out after 1. with a pass. So did my pretty non-technical boss)
As for others, there’s the simple style like a slow loris (yes, http specific, but the principle holds) where you need to know a bit about the protocol.
Sorta related: In the course I am taking now, I just learned a real simple way to understand CIDR and how it relates to subnets and how to create table in my mind on scratch paper for exams that I now have the few things memorized that I can then design from scratch on paper a list of any CIDR /1 - /32 and know what it’s subnet mask is and how many hosts are in that network, what the beginning and ending usable IP’s will be etc. FUN stuff to learn.
No not that one. LOL I have heard that it is a lot of fluff and tools specific, which change quickly. I am sure this Udemy course is going to be similar but it’s an intro course and it is more process based learning with specific tools understanding that they will change quickly.
Thanks for the reply…
I know it isn’t easy BUT it’s still amazing that something so simple is so effective. Usually the answer to these issues is also simple but elusive…like a dedicated filter “switch” tied to a DB that does not effect the load of the servers…AFAIK bot nets cannot flip their IPs easily so the block wouldn’t have to be for long, just enough to render an attack ineffective.
You pipe size example though was very interesting…that’s a tough one.
The pipe size is the ‘classic’ DDOS. Just throw enough traffic at something, that nothing valid can actually make it though. https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon Doesn’t need to be something which is processed by the target. Just needs to flow at them.
The problem with targeting botnet IPs. They have so many. That’s kind of the point with them. It’s not just a few IPs. it’s thousands, or tens of thousands. Or hundreds of thousands. Or millions. https://en.wikipedia.org/wiki/Botnet
2 Likes