Understanding DDoS attacks
DDoS attacks have become such a big problem for online competition that we feel it's time to take a longer look at them to gain a better understanding of them.
If you've been following online Counter-Strike in recent months, you have probably also grown tired of constant crashes, pauses, and player swaps in the middle of matches.
Lately FACEIT has even gone as far as playing some games off of streams to avoid the issue of DDoSsing. Clearly, it couldn't hurt to better understand some of what is happening.
This is by no means an attempt at an in-depth look on DDoS attacks, but one hardly seems necessary -- it's more important we educate everyone on the basics first.
Maikelele has been the victim of DDoS attacks recently
Distributed Denial of Service (DDoS) attacks
An analogy my friend told me about DDoSsing goes like this: imagine traveling on a train with your friend, and having a conversation. Then imagine 5,000 more people hopping onboard, and starting to talk to you. Ultimately you wouldn't be able to hear any of them.
That is basically what happens when someone attacks you. Your internet connection is flooded with more packets than it can handle, and it will first start building up loss, and ultimately crash completely. Below is Wikipedia's explanation of it:
"In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.
"Although the means to carry out, the motives for, and targets of a DoS attack vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
"As clarification, distributed denial-of-service attacks are sent by two or more persons, or bots, and denial-of-service attacks are sent by one person or system. As of 2014, the frequency of recognized DDoS attacks had reached an average rate of 28 per hour."
If DDoSsing was rare, it wouldn't be a real issue. What makes this a giant problem in our community is that it's very cheap and easy to do, and it does affect match results -- which people have money, whether virtual or real, riding on.
Per our research, a lifetime access to a website that allows you to execute a Distributed Denial of Service attack on anyone whose IP address you're in the possession of, costs a measly $30.
Not only do DDoS attacks cause players to drop and servers to crash, they are a huge factor in the delays of many popular online leagues, and sometimes even affect LAN tournaments. For the latter, continuous attacks compound the delays even further.
On top of that, DDoS attacks do make Counter-Strike seem sort of illegitimate, as similar issues do not exist in other sports, and the viewing experience suffers greatly, thus turning many fans against Counter-Strike as the issues persist.
Constant pauses will make anyone sleepy
How can we prevent DDoS attacks?
Though it is possible to attack either the players participating in a given match, or the game server itself, these days the former are much more prevalent in CS:GO due to Valve making it much harder to find game server IPs.
Since Valve's update to hide server information, server-side DDoS attacks haven't really been a big problem, but on the other hand, you only need to go back a couple of days to recall lengthy pauses over client-side DDoS attacks.
In the past, players' IPs could be retrieved by internet relay chat (IRC) - which greatly affected its death as the messaging tool of our community - whereas today it usually happens via Steam or Skype.
People use a program that could retrieve the IP address used by any Skype username. The glitch has been fixed in the newer Skype versions, so make sure you update your Skype client as soon as possible.
You must configure Skype to only accept calls from your contacts, and to check a setting on the Connection-page to only allow direct connections to your contacts.
It's also important to never join an unknown Mumble or TeamSpeak server - as either can store your IP address - and to never accept unknown Friends requests, especially during matchmaking games.
Update your Skype and use these settings
An additional way for people to try to fish for your IP can be via an internet link - which is why you should never click on random links in e.g. Twitch chat or the forums, or coming in from unknown people via Friends after trade offers.
Even something as harmless as playing CS:GO on a public server - or any server, to which the wrong person has RCON access to - could lead to your IP becoming vulnerable to DDoS attacks.
The only way to stop distributed denial of service attacks, once they've begun, is to change your IP address -- which can be surprisingly difficult in 2014, when many internet service providers use permanent IPs.
To change your IP - which you should do as precaution as often as possible - you can try to leave your router off for the night. You can also try directly calling your ISP to try to explain the situation.
You can also use a VPN to hide your IP, but unless you also play with it - which will result in additional latency - your IP can still get out there. Still, it's smart to use when e.g. browsing.
There also seems to be a misbelief that having a VPN will somehow protect you from attacks, but that is false. If your IP is in the hands of the wrong people, VPN will do you no good. It can, too, be attacked as well.
This is the most important setting in Skype
Where do we go from here?
I have never believed that shutting down betting services - which seem to be the main driving reason for the popularity of DDoS attacks these days - is a feasible, realistic, or a smart option.
You should not force everyone to cater to the few who are in the wrong here. Instead, we, the community, should get smarter as a whole, and try to make it harder for us to become the targets of DDoS attacks.
Server side IPs are fairly well hidden these days, and if players start using VPNs when doing their browsing and become more careful with their online behavior, we can reduce the problem's size.
DDoS attacks will not be going away anytime soon, though. It's important to understand this is a long process, but blaming anyone doesn't help -- and the only ones to blame are the people behind the attacks.
However, players who continuously get attacked need to face the reality. Whining about it won't help; only changing your IP and being smarter online will. Angry tweets will not stop the attacks.
I think we can all agree we've seen this too often lately
Another thing DDoS attackers hope for, aside from affecting results, is attention. The reason DDoSsing is often not mentioned, is to not give those people what they hope for.
Though it can be annoying, in this scenario it may be better to try to do our best to avoid DDoS attacks, and to not give anyone performing the attacks the attention they are seeking.
Follow HLTV.org's @lurppis_ on Twitter.