DDos or how we lost our games to a Lizard

btw @BRiT
how do you explains DDOS is different from hacking to laymen?

i try to explain this using "clogging roadway to sony headquarters with cars" is different with beating security guards and breaking in into sony headquarters. But they still get confused.
 
A member of the hacker group that claimed responsibility for the Christmas Day shutdown of Sony and Microsoft’s gaming networks has been arrested.
I feel a need to go all legal (and human rights) on your ass here and state that, unless convicted (or at least with a truck load of evidence that'll obviously lead to a conviction), the guy's innocent until proven guilty and is an alleged hacker. The correct response is,"if he's guilty, I hope he gets it, and if he's innocent, I hope a miscarriage of justice is avoided and the true culprits are found."

Reading on, it sounds like this kid's a small-fry and not a major player. In the comments on that article, someone says he isn't even Lizard Squad who don't behave in such a nooby fashion, so I wouldn't take it at face value. Needs some proper corroboration.

Also, of real concern/interest, is the announcement that Lizard Squad are releasing a DDoS service for anyone to use. That's capitalism for you! :p I'd have thought would that open them up for easier tracking via the money.
 
Last edited:
DDoS is you can't get to your data.
Hacking is your data has been stolen.

DDoS is traffic jam.
Hacking is stealing the car.

DDoS is busy signal on your phone.
Hacking is eaves dropping on your phone conversations.

Hackers is a term that's been much abused by the media. A lot of white hats, like myself, still use the term hacker to refer to a programmer capable of finding clever solutions to problem spaces and are capable of appreciating, and understanding, the hacks of others. We more commonly refer to individuals who find and abuse flaws in software or hardware as crackers (as in 'they get in through the cracks).

Sadly this definition will probably only remain is use amongst those who know and the world will continue to use the term hacker as they do without realising that they are sullying the work of decades of true hackers!
 
Yup, I have given up on trying to get the world to properly use the terms or have the ability to distinguish good from bad on the same term. The simple people do not have that capacity.

I say that as having grown up as a long time hacker out of curiosity sake. So it does trouble me that a good term has lost its true meaning. Hacking, it's how I taught myself during the entire 8bit revolution. At times the curiosity lead me to cracking game protections to develop game loaders or trainers (boost stats or infinite lives) but I never released my projects to the outside world. It was all done for gaining information and educational purposes. During college I worked on the admin teams to keep our networks secure and I do similarly with the companies I work for as an extra benefit for them; even though I am just a software engineer they allow me to do some pen-testing now and then in my extra time. I am amazed at how many commercial systems are open to the basic attack of Susie O'Drop Tables; --
 
Why would I change my MTU settings back to 1500? Will it noticeably improve my bandwidth/ping?

It won't affect latency (ping) unless you're using a non-standard MTU size that some routers will reject, necessitating re-routing - this is unlikely but theoretically possible. But the smaller the packet size you use, the more effective bandwidth you will lose because of the increased number of packets each with their own header information.

Whether it'll be noticeable is debatable, but I doubt it for gaming.
 
Considering the terms of the service state they don't have to compensate at all I think it's a very good offer.

No one lost 5 days, so essentially everyone does well out of the deal not that subscribers will notice.

The discount is a one time use voucher code that can be applied to everything in your cart at that time, not a permanent period with 10% off everything.

Sometimes reading is fun.
 
I don't know what is the optimal MTU setting for your connection, you should do MTU ping test as described in link I posted.
Well, I did it, (thank you for you advice) and fortunately I really didn't do what PS told us in their tweet, my best MTU (before fragmentation) is 1492 (1464 + 28)!

It really confirms my doubts about this "1500" rounded number. They really shouldn't advise millions of PS4 owners to use this best case scenario setting and they really shouldn't set by default this number either.

I think I read elsewhere here that the standard TMU settings in XB1 was 1480, right? That's a more reasonable estimate.

DDoS is you can't get to your data.
Hacking is your data has been stolen.

DDoS is traffic jam.
Hacking is stealing the car.

DDoS is busy signal on your phone.
Hacking is eaves dropping on your phone conversations.

That from the point of view of the users. But what about from Sony, Microsoft and the publishers point of view? they certainly lost dollars when people couldn't buy their products for Christmas. Not sure those users would still buy them 3 days later. If you organize an illegal strike in front of a big supermarket during christmas, preventing people buying stuff in the store, do you think the owners of the supermarket will be happy about it?

Now imagine if you do those strikes regularly, I think many of the customers would simply stop going into that particular store...
 
Last edited:
That from the point of view of the users. But what about from Sony, Microsoft and the publishers point of view? they certainly lost dollars when people couldn't buy their products for Christmas. Not sure those users would still buy them 3 days later. If you organize an illegal strike in front of a big supermarket during christmas, preventing people buying stuff in the store, do you think the owners of the supermarket will be happy about it?

Now imagine if you do those strikes regularly, I think many of the customers would simply stop going into that particular store...
Still doesn't make it theft though. No-one's saying a DDoS is acceptable. People just want the general populace to understand the difference because there is one, and people shouldn't be scared about identity theft etc,. after a DDoS attack. Websites reporting things like 'Sony hacked' when they are victims of a DDoS attack are unnecessarily scaring folk.
 
Well, I did it, (thank you for you advice) and fortunately I really didn't do what PS told us in their tweet, my best MTU (before fragmentation) is 1492 (1464 + 28)!

It really confirms my doubts about this "1500" rounded number. They really shouldn't advise millions of PS4 owners to use this best case scenario setting and they really shouldn't set by default this number either.

I think I read elsewhere here that the standard TMU settings in XB1 was 1480, right? That's a more reasonable estimate.

The reason for 1500 is because your device is using Ethernet, it should be 1500. And when needed to go lower it should do so automatically.

On your LAN, when you stream data from a NAS or copy a file to/from the console through your ethernet port or wifi, it should be 1500 for best bandwidth usage.

When it goes on the internet, ie leaves your home, PMTU is one way of detecting correct MTU, but it does not always work, because the internet is a fragile thing that runs on consensus.

So Sony's 1500 works great for your LAN and if everybody followed the agreed upon rule, the negotiation down from 1500 would be fine to. Problem is when its not fine, which sometimes its not.

MS 1480 iis a little less optimal for LAN usage, not much, and 1480 works as long as no link in the path is less than 1480.
Most likely they went with 1480 due to some measurements they have from XBLive traffic. But if the MTU is less than 1480 in your path and MTU discovery is broken, you will have the same issue as with Sony's 1500.

Your doubt about 1500, is from your POV in regards to a minor part of using PSN/SBLive, the 1500 number is an industry standard and not just a random guess. :)
 
Still doesn't make it theft though. No-one's saying a DDoS is acceptable. People just want the general populace to understand the difference because there is one, and people shouldn't be scared about identity theft etc,. after a DDoS attack. Websites reporting things like 'Sony hacked' when they are victims of a DDoS attack are unnecessarily scaring folk.
it would actually be theft but not on the side of sony or ms . The users who have their computers compromised would be the victims of theft , since its their pc and bandwidth used without their permission
 
That's not theft. Theft is when someone takes your stuff, not when they use your stuff without your permission.

Definitely not theft in the UK because the concept of theft only apples [in law - Theft Act 1968] to physical objects. This kind of stuff is caught by Communications Act 2003:

Article 125, Dishonestly obtaining electronic communications services
(1) A person who—
(a) dishonestly obtains an electronic communications service, and
(b) does so with intent to avoid payment of a charge applicable to the provision of that service,​
is guilty of an offence.
This has been debated to death in the UK.
 
Yup, I have given up on trying to get the world to properly use the terms or have the ability to distinguish good from bad on the same term. The simple people do not have that capacity.

I say that as having grown up as a long time hacker out of curiosity sake. So it does trouble me that a good term has lost its true meaning. Hacking, it's how I taught myself during the entire 8bit revolution. At times the curiosity lead me to cracking game protections to develop game loaders or trainers (boost stats or infinite lives) but I never released my projects to the outside world. It was all done for gaining information and educational purposes. During college I worked on the admin teams to keep our networks secure and I do similarly with the companies I work for as an extra benefit for them; even though I am just a software engineer they allow me to do some pen-testing now and then in my extra time. I am amazed at how many commercial systems are open to the basic attack of Susie O'Drop Tables; --

Exactly how I started out, though I was pre home computer in the popular form. If you are interested in pen-testing, cryptography et al then you should check out the UK CyberSecurity Competitions (lots of organisations are involved like GCHQ, SOPHOS, QINNETIC, MI5!). I started playing for a laugh and within a year I was a finalist and had been invited for three job interviews at GCHQ and offered at place with the JCU!! Definitely a way in and also you get to meet a lot of like minded people who are very open to sharing ideas and knowledge. Also if you get invited into the Alumni then you get access to 'stuff' that isn't normally available to the hoi polloi.
 
Back
Top