These amplification attacks rely on spoofing ... why the fuck in this day and age can we still spoof our IPs with so many ISPs? Routers should have been designed long ago to allow them to do ingress/egress filtering by default (they can do it, but it takes scarce resources). The problem is perverse incentives ... on average DDOS's don't generate losses for the big networks and ISPs so they aren't in a hurry to solve it.
DDos or how we lost our games to a Lizard
- Thread starter -tkf-
- Start date
Turn off web configuration, there's no reason to have it enabled for regular joe schmoes, then it doesn't matter what your password is because you have to be on your own private network to try and get past it, and if some baddie's having physical access to your devices you've already lost anyway.
They could just do a hard reset on your modem/gateway and restore default password that way if you changed it...itsmydamnation
Veteran
theres a very simple reason why, IP addresses are portable, routing can be very asymmetric a simple multicast style Reverse Path forward check is fraught with danger. its very easy to backhole Multicast traffic on large networks let alone the internet, you would break legitimate traffic.
Other solutions exist but i dont know if they can scale to these DDOS sizes.
the problem is the modem still accessible from WAN although the setting already set to Local-only.
for example for my adsl modem, the telnet still run through WAN.
default firmware just not good
theres also some modem that use special port that always open.
ars have good article about modem security a while ago but i did not bookmark it.
for example for my adsl modem, the telnet still run through WAN.
default firmware just not good
theres also some modem that use special port that always open.
ars have good article about modem security a while ago but i did not bookmark it.
Smaller and smaller blocks can move around, but that's not really a problem. The ISPs know what IPs they route traffic too, or they couldn't route it in the first place ... all the data necessary for the filtering is present in the routers. A tiny subset of their customers will have multiple upstream links with internal routing and they should just be contractually obliged to do egress filtering. For the vast majority of people on the internet it's trivial for the ISPs to do ingress filtering, there is no reason to let me spoof ... they don't let me multicast to begin with.
steveOrino
Regular
If ya think DNS and NTP amplification is bad, SNMP has GIGANTIC theoretical amplification factors... hold on to yer butts.
D
Deleted member 11852
Guest
The PIN-variety of WPS, if left enabled after setup, is subject to brute force attack. But not the other varieties of WPS, nor if you disable WPS after setup. It's there to get your router up and running, not really meant as a long-term security solution for the router.
There are remote root exploits that don't require remote (web) configuration to be enabled. That's just another one
These sort of exploits aren't likely to be stopped by a custom password, tho. They rely on fundamental flaws in the firmware.There are remote root exploits that don't require remote (web) configuration to be enabled. That's just another one
D
Deleted member 11852
Guest
Changing the admin password will, for many SOHO routers, change root because 'admin' is actually root. So he exploits relying on default root passwords will be defeated by changing the password.
Some custom firmware will let you have separate root and admin accounts for control of the router, so you'd want to make sure both weren't the default passwords, or easily guessable ones
but even worse, some modem also have hidden port that can be accessed with default (undocumented) password that still active even after disabling the web access and changing admin password.
there were 3 or more article series from ars techinica about this issue. its just unbelieveable how bad is the security practice of consumer grade internet modem.
i think some of the editor also promised about making "best practice" for inernet security. but it was months ago and it is quite normal for arstechnica to take their sweet time to write article :/ (if they do will make it)
there were 3 or more article series from ars techinica about this issue. its just unbelieveable how bad is the security practice of consumer grade internet modem.
i think some of the editor also promised about making "best practice" for inernet security. but it was months ago and it is quite normal for arstechnica to take their sweet time to write article :/ (if they do will make it)
So is that a cool 3 days that PSN has been limb? At least Microsoft got their shit together and was able to get it up .. argh!
https://support.us.playstation.com/app/answers/detail/a_id/237/~/psn-status:-online
https://support.us.playstation.com/app/answers/detail/a_id/237/~/psn-status:-online
3 days or not, these attacks are really starting to get on my tits.
Do they seriously have nothing better to do?
Is this their way to be seen and hopefully picked up by big tech companies as their new 'wizards'?
Can't they just go for a bloody job interview like everyone else without the need to disrupt everyone else's services?
And of course, can't these big tech companies protect themselves better? Sony especially seems to be entirely in the hands of anyone who is willing to attack them and shut them down for days.
The whole thing is getting very old very fast.
Do they seriously have nothing better to do?
Is this their way to be seen and hopefully picked up by big tech companies as their new 'wizards'?
Can't they just go for a bloody job interview like everyone else without the need to disrupt everyone else's services?
And of course, can't these big tech companies protect themselves better? Sony especially seems to be entirely in the hands of anyone who is willing to attack them and shut them down for days.
The whole thing is getting very old very fast.
2 days then, and i will be back tomorrow to add my drama queen 3rd day!
And to quote my original post
I think both Sony and Microsoft (maybe nintendo as well) needs to incorporate some kind of offline mode, many games run on different servers anyway, Destiny has it's own servers, it just the sign in that is missing. The weird thing is, GT6 updated just fine, and registered my login, maybe i was lucky or maybe GT6 has it's own online mode.
deathindustrial
Regular
I figured out yesterday that I could still play Terraria as long as I yanked the ethernet before booting the PS4. Way too many blocking network calls in the PS4 operating system if you ask me.
Its not as easy as it sounds to just stop this. Mainly because if you start dropping traffic, you also drop to much legitimate traffic.
And when you start looking at what traffic to drop, your hardware just can not cope with the checks its just to much traffic to check.
So you need to go after the sources, which is ofcourse not that easy since its amplification attacks mostly. Ie the whole bot net sends something to a bunch of servers and asks for tons of info and fakes the return address to be Sony or MS instead of the machine requesting the info.
And when you start looking at what traffic to drop, your hardware just can not cope with the checks its just to much traffic to check.
So you need to go after the sources, which is ofcourse not that easy since its amplification attacks mostly. Ie the whole bot net sends something to a bunch of servers and asks for tons of info and fakes the return address to be Sony or MS instead of the machine requesting the info.
But for some reason Microsoft seems better at "fixing" these things. So there must be other ways to handle problems like this.
More spare servers that aren't known but only spin up when the main servers are down? Aggressive rotation of IP addresses. Servers spread over many providers? Sony seems so weak and vulnerable, i have very little confidence in them learning anything from when they were down for 23 days :-/
Imho it's getting to a point where there needs to be a way more robust offline mode that doesn't strip every feature of the games that rely on a online connection. I can live without Trophies, the PSN shop, hell even without party mode. But gimme my GT6 online connection when i want to try the new Vision GT Mazda, let me play the daily in Destiny, to much stuff break because of the always on requirements.
Ohh and i expect to get the offline time added to my paid subscription.
Speaking about fixing things, here is what the Anonymous group has said about things on Twitter, when they were targeting LizardSquad last night and this morning.
FYI: Xbox Live has been fine for me the entire day Friday, however I have not been purchasing items and I might just be in an area they fixed first. Right now MS says there may be some issues with purchasing and multiplayer games (5:56 pm EST). However, their status page isn't as quick to update once things are working. https://support.xbox.com/en-US/xbox-live-status
Similar threads
