DDos or how we lost our games to a Lizard

[djskribbles]

Also, it was Christmas day. Maybe gamers should have stopped being babies and spent the day with their families instead of worry about whether they could play online. Lizard Squad wanted people to get outraged on twitter, forums etc. They're trolling. Crying about it is them winning. Can't believe some of the stuff I read from gamers. It's one day - a day that should be about family and friends.

There's plenty of time in the day to spend time with your family, AND for kids to be able to play their new consoles on Christmas day. Plus PSN/XBL issues extended past Christmas. I was finally able to log into PSN last night after nearly 3 days, but I can't log in today. XBL seems to be a bit better, but people are still having issues.

 

[Scott_Arm]

There's plenty of time in the day to spend time with your family, AND for kids to be able to play their new consoles on Christmas day. Plus PSN/XBL issues extended past Christmas. I was finally able to log into PSN last night after nearly 3 days, but I can't log in today. XBL seems to be a bit better, but people are still having issues.

All I'm saying is, if you can't play a video game, you can do something other than give the trolls exactly what they want (crying), especially on Christmas Day.

 

[Deleted member 11852]

Under-sea routers? Sounds like bullshit.

Assuming you would only need a router at a point where signals converge and packets needing routing this way or that, take a look at the mapping of undersea cables. While there do seem to be a few points of convergence between different continents, if there are any subsea routers then they are very few. There may well be relays (more like signal repeaters) down that are susceptible, which you'd probably want to be addressable for diagnostics and maintenance purposes.

 

[JPT]

Does this perhaps explain the difference with MS, that MS's security couldn't enable such fragmentation?

Yes and no?

In my opinion no, since handling fragmentation attacks is standard on any type of firewall setup, its more down to configuration.
But of course it could be a known bug in the devices that are employed, that they get false positives on legitimate fragments or the checking is to strict or that the handling is done poorly and it just overloads the firewall, ie buffer overruns etc.
Heck it could be a bug in the Core router when it fragments and have to fragment more than x packets per second.
Anything is possible, would love to see a writeup about it when they figure out what was going on.

Simplified setup

Internet - Big Core Router ----- Firewall ---- Datacenter

Traffic arrives from the "Internet" to the Core router, which allegedly is under the control of LizardSquad.
LS har reconfigured the Core Router, and lowered the MTU on the port connected to the Firewall (it can be on the other side of the country, but if all traffic destined for the Firewall leaves the same port or ports it will be affected)
Now, a lot of the traffic that arrives on the Firewall is fragmented, the firewall has to handle it somehow. Either by reassembly or dropping fragments etc.
And basically disrupting the network, but its a bit far fetched, then again life is wonderfully weird sometimes.

Now if this scenario is what was happening, then LS would need to get access to the Big Core Router and reconfigure it. And the owners of the router either must not have noticed or been locked out. If they are locked out, they probably should notice that
Also LS would need to know what type of firewall and software version running on it, unless its a widely known limitation of the firewall they are abusing.

As for router underseas, no I do not think that is normal, regeneration/amplification sure, but not routers. Those are usually on the shore where the ocean cables comes in.

 

[Scott_Arm]

Assuming you would only need a router at a point where signals converge and packets needing routing this way or that, take a look at the mapping of undersea cables. While there do seem to be a few points of convergence between different continents, if there are any subsea routers then they are very few. There may well be relays (more like signal repeaters) down that are susceptible, which you'd probably want to be addressable for diagnostics and maintenance purposes.

All of the dots in the middle of the oceans are named after islands, or cities on continental land. I'm not sure why they're drawn out over the ocean. Maybe for readability?

If you had all of the data from several countries converging in the middle of the ocean, you'd need a huge core routing network under-sea, and that just doesn't make sense. How do you service it, power it? An undersea central office? Repeaters I can understand, but they're not routers and they're not really smart enough to be useful to a hacker, except maybe to just turn them off and cause havoc that way.

 

[deathindustrial]

PSN has been good to me all day now , played lots of BF.

Lucky for you. PSN has been functionally dead for my wife and I since the 25th. Still can't log into PSN as of this morning and have to turn off the Internet connection to play local games (Terraria for example).

What I don't get is why their CDN can't be used to at least push out a notice to their users about what is going on. It's not like all of Akamai fell over.

 

[Grall]

They're trolling. Crying about it is them winning. Can't believe some of the stuff I read from gamers. It's one day - a day that should be about family and friends.

While I agree with you on the complaining bit - that's just stoking their fires - some people are lonely during holidays, and games consoles are also popular gifts during christmas. It's natural people will be disappointed.

While there do seem to be a few points of convergence between different continents, if there are any subsea routers then they are very few.

I doubt there's any actual undersea cross-connections. That would be difficult as hell to construct and maintain, as well as more fragile than just a straight cable. What you're seeing is probably just several cables converging, or so I assume.

Also, multi-gigabps heavy duty routers, as you'd expect for intracontinental trunks like these, are bulky and incredible power hogs on top; just supplying electricity to an undersea router perhaps a hundred km or more from the mainland would be a rather expensive engineering challenge; you'd need a high voltage powerline strung down along with the optical cable (low voltage and high power draw would mean massive resistivity losses), with suitable transformer and power supply for the router... Bulky stuff, 500-1500m under sea and so on. Then cooling everything, encasing it securely to prevent leaks... You wouldn't want any moving parts that can wear out (such as coolant pumps), and so on... Just call me incredibly sceptical regarding undersea router claim. It seems rather crazy to me. Just put the damn router on the mainland where you can get at it when needed, okay?

 

[BRiT]

I wonder how this would of played out if our consoles were 'always online required'

From what I understand, the MS Xbox Always Online Console would have been fine, as the "always online" was just a phone home every 24 hours to check for license revokes.

 

[babybumb]

It has bandwidth to use, but it does not have the cpu cycles to create it, if that makes any sense

A router is basically a specialized computer, that is designed to do a few things very well and that is mainly move packets from point a to b based on certain rules. But creating/generating data/traffic is not what is considered a priority, so it does not do it very well or have cycles todo it.
Without ever having played with the really big stuff, I doubt that you can create very much data with a router. SNMP is a possible amplification attack vector, but all devices I have ever come across, things like that has had much lower priority to resources.

lol. Misconfigured Routers are very easy to manipulate to send answers to fake queries. If the router has access to a lot of bandwidth its very powerful

http://nominum.com/news-post/24m-home-routers-expose-ddos/ 24 million exploitable home routers. Not going to be fixed any time soon. Teliasonera network in sweden collapsed because home routers were being exploited by hackers just a few weeks ago http://sverigesradio.se/sida/artikel.aspx?programid=2054&artikel=6054684

 

[Strange]

For one thing, cross ocean cables only have a set length that they can cover. Optical signal only travels ~80km or so, so you need to have at least several repeaters in the middle.
If you're going to put repeaters there might as well as put a fully configurable equipment there so you can troubleshoot stuff on land to find out stuff like where it broke.

 

[Scott_Arm]

What do you mean by "fully configurable"? What's most likely being used is an optical amplifier. The transport equipment at the ends of the run would be able to detect where the breaks in the fibre are. That doesn't need to happen under sea. The transceivers can potentially do it, or a specialized equipment attached at the ends of the run.

There is absolutely no reason to put a router under the sea. Each fiber is a pipe that's unidirectional. There is no reason to route anything. No reason to be layer 3 aware, let alone layer 2 aware. Put it this way, you have a fibre bundle pushing 100GE per strand. The bundles are most likely huge, so you'd probably need something like a core router to handle it. There is no way there's one of those sitting in an enclosed cabinet on the ocean floor.

The idea that they've hacked under-sea routers is bullshit.

 

[JPT]

lol. Misconfigured Routers are very easy to manipulate to send answers to fake queries. If the router has access to a lot of bandwidth its very powerful

Read the article again, they where talking about core routers not millions of home routers. They claimed they hacked core routers and used those in the creation of the DDoS.

If you get all of those home routers to send replies to spoofed hosts sure, but they are not very powerful devices. Top of the line home router in the market today got maybe 128MB of ram 600Mhz MIPS CPU. If your lucky their multicore, but none of the standard embedded distributions are very good at leveraging the extra cores.

Still how much bandwidth does the average home router have disposable to it?

In 2015 we will probably start to see the first wave of the new ARM based multicore chips from Broadcom, they got some more serious wump and the OS they run are based on newer linux kernels 3.something, but not bleeding edge 3.0.19 or what it is.

l
http://nominum.com/news-post/24m-home-routers-expose-ddos/ 24 million exploitable home routers. Not going to be fixed any time soon. Teliasonera network in sweden collapsed because home routers were being exploited by hackers just a few weeks ago http://sverigesradio.se/sida/artikel.aspx?programid=2054&artikel=6054684

From what I learned it was Telia Sonera's own fault, your brainded if you put a 4 letter password on your device and allow it to be accessible from remote for EVERYBODY, if they had put in an ACL rule to limit access to it from their NOC or something similar, it would have been a much more pleasant experience for them.

 

[-tkf-]

All I'm saying is, if you can't play a video game, you can do something other than give the trolls exactly what they want (crying), especially on Christmas Day.

Yeah, because that will be easy explained to kids that got a console for Christmas.

And even if I agree that it's not worth giving them the satisfaction I would lie if I didn't say it pissed me off.

For me it's not a question of being able to do something else with my time. I have plenty to spend time on, actually I have to little time as it is. It's a question of when I want to play or be online with my Xbone or Playstations it's a limited period where I am able to do it. And that missed opportunity can't always be redone.

 

[-tkf-]

From what I understand, the MS Xbox Always Online Console would have been fine, as the "always online" was just a phone home every 24 hours to check for license revokes.

It would be the perfect target, keep live down for more than 24 hours and every console would be a door stopper.

 

[orangpelupa]

read on TF... Kim from megaupload bribed the lizards to stop the attacks?

 

[BRiT]

If you get all of those home routers to send replies to spoofed hosts sure, but they are not very powerful devices. Top of the line home router in the market today got maybe 128MB of ram 600Mhz MIPS CPU. If your lucky their multicore, but none of the standard embedded distributions are very good at leveraging the extra cores.

In 2015 we will probably start to see the first wave of the new ARM based multicore chips from Broadcom.

To be pedantic... The Asus RT-AC68U and Linksys EA6900 use 800Mhz Cortex-A9 dual-cores (BCM4708). The Netgear Nighthawk AC1900 (R7000) uses 1Ghz Cortex-A9 dual-cores (BCM4709). I think they all have 256 Meg ram, 64K NVRam and 128Meg Flash.

Your prediction of what they're using is off by a year. Those routers were hitting the shelves in December of 2013 (http://us.hardware.info/reviews/5085/4/asus-rt-ac68u-and-linksys-ea6900-review-interior) and March 2014 (http://us.hardware.info/reviews/519...wk-ac1900-review-the-new-boss-r7000-nighthawk).

 

[BRiT]

read on TF... Kim from megaupload bribed the lizards to stop the attacks?

But they didn't stop the attacks.

 

[Scott_Arm]

Yeah, because that will be easy explained to kids that got a console for Christmas.

And even if I agree that it's not worth giving them the satisfaction I would lie if I didn't say it pissed me off.

For me it's not a question of being able to do something else with my time. I have plenty to spend time on, actually I have to little time as it is. It's a question of when I want to play or be online with my Xbone or Playstations it's a limited period where I am able to do it. And that missed opportunity can't always be redone.

It should be easily explained to kids on Christmas. If I threw a suck about not being able to play video games for a day, my parents would have set me straight. In my lifetime, my parents gave me many lessons about what is and isn't important in life. If you're a person with limited time to play games, then maybe your next chance to play will be in a week, or a month, then oh well. Read a book, go outside, start another hobby. Do whatever. The griefers only do things because they get the response they're looking for.

 

[Scott_Arm]

It would be the perfect target, keep live down for more than 24 hours and every console would be a door stopper.

a door stopper? A little perspective may be in order. Your console doesn't become a doorstop if you can't play it for a day. It just means you have to do something else for a day.

 

[orangpelupa]

When my friends able to go online yesterday... Wow lots lots of cheer and cursing lol.

We are destiny players so PSN is a must. Lucky that we have not planned any raid on Christmas.