Understanding DDoS attacks

DDoS attacks have become such a big problem for online competition that we feel it's time to take a longer look at them to gain a better understanding of them.

If you've been following online Counter-Strike in recent months, you have probably also grown tired of constant crashes, pauses, and player swaps in the middle of matches.

Lately FACEIT has even gone as far as playing some games off of streams to avoid the issue of DDoSsing. Clearly, it couldn't hurt to better understand some of what is happening.

This is by no means an attempt at an in-depth look on DDoS attacks, but one hardly seems necessary -- it's more important we educate everyone on the basics first.


Maikelele has been the victim of DDoS attacks recently


Distributed Denial of Service (DDoS) attacks

An analogy my friend told me about DDoSsing goes like this: imagine traveling on a train with your friend, and having a conversation. Then imagine 5,000 more people hopping onboard, and starting to talk to you. Ultimately you wouldn't be able to hear any of them.

That is basically what happens when someone attacks you. Your internet connection is flooded with more packets than it can handle, and it will first start building up loss, and ultimately crash completely. Below is Wikipedia's explanation of it:

"In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.

"Although the means to carry out, the motives for, and targets of a DoS attack vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

"As clarification, distributed denial-of-service attacks are sent by two or more persons, or bots, and denial-of-service attacks are sent by one person or system. As of 2014, the frequency of recognized DDoS attacks had reached an average rate of 28 per hour."

If DDoSsing was rare, it wouldn't be a real issue. What makes this a giant problem in our community is that it's very cheap and easy to do, and it does affect match results -- which people have money, whether virtual or real, riding on.

Per our research, a lifetime access to a website that allows you to execute a Distributed Denial of Service attack on anyone whose IP address you're in the possession of, costs a measly $30.

Not only do DDoS attacks cause players to drop and servers to crash, they are a huge factor in the delays of many popular online leagues, and sometimes even affect LAN tournaments. For the latter, continuous attacks compound the delays even further.

On top of that, DDoS attacks do make Counter-Strike seem sort of illegitimate, as similar issues do not exist in other sports, and the viewing experience suffers greatly, thus turning many fans against Counter-Strike as the issues persist.


Constant pauses will make anyone sleepy

 

How can we prevent DDoS attacks?

Though it is possible to attack either the players participating in a given match, or the game server itself, these days the former are much more prevalent in CS:GO due to Valve making it much harder to find game server IPs.

Since Valve's update to hide server information, server-side DDoS attacks haven't really been a big problem, but on the other hand, you only need to go back a couple of days to recall lengthy pauses over client-side DDoS attacks.

In the past, players' IPs could be retrieved by internet relay chat (IRC) - which greatly affected its death as the messaging tool of our community - whereas today it usually happens via Steam or Skype.

People use a program that could retrieve the IP address used by any Skype username. The glitch has been fixed in the newer Skype versions, so make sure you update your Skype client as soon as possible.

You must configure Skype to only accept calls from your contacts, and to check a setting on the Connection-page to only allow direct connections to your contacts.

It's also important to never join an unknown Mumble or TeamSpeak server - as either can store your IP address - and to never accept unknown Friends requests, especially during matchmaking games.


Update your Skype and use these settings

An additional way for people to try to fish for your IP can be via an internet link - which is why you should never click on random links in e.g. Twitch chat or the forums, or coming in from unknown people via Friends after trade offers.

Even something as harmless as playing CS:GO on a public server - or any server, to which the wrong person has RCON access to - could lead to your IP becoming vulnerable to DDoS attacks.

The only way to stop distributed denial of service attacks, once they've begun, is to change your IP address -- which can be surprisingly difficult in 2014, when many internet service providers use permanent IPs.

To change your IP - which you should do as precaution as often as possible - you can try to leave your router off for the night. You can also try directly calling your ISP to try to explain the situation.

You can also use a VPN to hide your IP, but unless you also play with it - which will result in additional latency - your IP can still get out there. Still, it's smart to use when e.g. browsing.

There also seems to be a misbelief that having a VPN will somehow protect you from attacks, but that is false. If your IP is in the hands of the wrong people, VPN will do you no good. It can, too, be attacked as well.


This is the most important setting in Skype

 

Where do we go from here?

I have never believed that shutting down betting services - which seem to be the main driving reason for the popularity of DDoS attacks these days - is a feasible, realistic, or a smart option.

You should not force everyone to cater to the few who are in the wrong here. Instead, we, the community, should get smarter as a whole, and try to make it harder for us to become the targets of DDoS attacks.

Server side IPs are fairly well hidden these days, and if players start using VPNs when doing their browsing and become more careful with their online behavior, we can reduce the problem's size.

DDoS attacks will not be going away anytime soon, though. It's important to understand this is a long process, but blaming anyone doesn't help -- and the only ones to blame are the people behind the attacks.

However, players who continuously get attacked need to face the reality. Whining about it won't help; only changing your IP and being smarter online will. Angry tweets will not stop the attacks.


I think we can all agree we've seen this too often lately


Another thing DDoS attackers hope for, aside from affecting results, is attention. The reason DDoSsing is often not mentioned, is to not give those people what they hope for.

Though it can be annoying, in this scenario it may be better to try to do our best to avoid DDoS attacks, and to not give anyone performing the attacks the attention they are seeking.

Follow HLTV.org's @lurppis_ on Twitter.

#4
suNny | 
Finland m1skaa
Nice article, as always
2014-10-12 16:38
COOL
2014-10-12 16:31
#8
 | 
Bulgaria bUHALOVIC
You can hate lurppis but he make great things like this for this place. :)
2014-10-12 16:31
#9
 | 
Ukraine petruska
use it,pro players pls
2014-10-12 16:31
#11
 | 
Denmark jjh
gj, finally a guide which hopefully any player could use and there will be no attacks anymore.
2014-10-12 16:32
i saw reddit thread where was kinda same + some program .... so xD
2014-10-12 17:39
Poor exem :'((((((((((
2014-10-12 16:33
gj lurppis
2014-10-12 16:34
lurppis n1
2014-10-12 16:35
yez
2014-10-12 16:35
tru
2014-10-12 22:02
Ctrl+F -> "Fifflaren" -> 0 results Who are you and what have you done with the true lurppis?!?
2014-10-12 16:36
thats probably because ddos doesnt affect fifflarens gameplay, he cant play worse
2014-10-12 16:42
and still won a major and came 2nd in the other 2 , his life is going pretty bad in terms of cs go.
2014-10-12 17:20
How long are we gonna say "nip has the best players because they won a major"? CS:GO changes quickly, far more quickly than traditional sports. Only 2 months after a team has won a major, another team may have already kicked them off the best team-throne.
2014-10-12 18:11
chill out fanboy, NiP is still a great tea... oh nvm
2014-10-12 18:14
Direkt
2014-10-12 22:59
he won a major because f0rest and gtr carried him
2014-10-13 07:05
It was more GTR and Friberg
2014-10-13 14:46
indeed, but sounds the same, fiffy carried and then they won a major...
2014-10-13 17:26
#51
 | 
Pakistan W.
Hahaha
2014-10-12 16:59
#68
mason | 
World PRQN
AHAHAHHAHAAHHAHAHAHAHAH
2014-10-12 17:18
So I wasn't the only person looking for the Fifflaren bashing in this article? :D
2014-10-12 17:34
#184
 | 
United Kingdom tomtmh
I did the same
2014-10-12 21:46
rofl
2014-10-12 16:39
good article m'boy
2014-10-12 16:40
#24
 | 
Portugal dracø
good read, lurppis if not for the hate you seem to have against some people you'd be the best!
2014-10-12 16:41
n1 lurppis
2014-10-12 16:41
shotdown CSGOLounge = makes world a better
2014-10-12 16:44
Most people watch the streams because they invest skins in the games. Csgo would be nowhere without csgolounge.
2014-10-12 16:45
Thats a complete stupid assumption ;)
2014-10-12 18:50
'B&H vs Netherlands 21962 people placed 66461 items.' Oh yeah, all these 21,000 or so people would still be equally interested in watching a shit BO1 online match. Yes.
2014-10-12 20:09
Where did i stated that gambling doesnt bring viewers? Surprising to see a brit who doesnt know how to read english. "Csgo would be nowhere without csgolounge."
2014-10-12 21:06
'Where did I stated'. Maybe you could write things better for people to understand what you're disagreeing with. You don't state that you disagree with CS:GO would being nowhere with csgolounge either.
2014-10-13 17:40
Its completely true edit: he obv was talking about the viewcount
2014-10-12 22:31
#210
 | 
Poland Mannix
some time ago Cadian was shout casting some China matches and he has 18k viewers watching him, u think people watched him to watch some random Chinese teams play because they enjoy cs:go or did they bet on that match and watch only to see if they gonna win?
2014-10-13 11:05
#43
 | 
Poland trishowsky
it's more about egamingbets.com where people can bet real money and it's often like $10k
2014-10-12 16:55
Even if the max bet amount for a game is $100? Tard.
2014-10-12 17:19
isn't it 200? ^^
2014-10-12 17:24
lol who cares i meant sites where you can bet real money overall
2014-10-12 18:02
I am curious - why everybody blaim CSGOLounge (where you bet skins, then must trade it to keys, then to real money) and not sites where you can bet with real cash and get paid with real cash without that trade-jobs wasting time and value?
2014-10-12 16:59
It's because often, people don't actually lose money with csgolounge. For example, people get item drops, and bet with those, or sell the item drops and buy items to bet with, and then keep betting with returns. They don't actually invest money then and can't really lose money either.
2014-10-12 18:14
+1
2014-10-13 11:49
fifflaren isnt being harassed in this article, must be fake lurppis?
2014-10-12 16:44
najs
2014-10-12 16:44
#32
 | 
Germany lpSykl
maybe kicking Fiffalren will help solving this problem...
2014-10-12 16:45
Kicking fiff will solve everything
2014-10-12 20:13
#37
 | 
France Ga5huX
When I saw some competitions like Dota ESL One where servers (managed by engineers and stuff) getting easily DDOS, I can't hardly imagine how some casual settings or softwares could protect players from DDOS :/
2014-10-12 16:51
managed by engineers and stuff Obviously they were not engineers or experts on the field at all.
2014-10-12 20:59
#187
 | 
France Ga5huX
That's the saddest part of the situation :/
2014-10-12 22:10
nice article lurpp <3
2014-10-12 16:53
DDoS = cslounge - thats all..... No cslounge, no ddos.
2014-10-12 16:53
such stupid much wow
2014-10-12 16:55
#45
 | 
Poland trishowsky
much stupid such wow
2014-10-12 16:55
#44
 | 
Poland trishowsky
no..
2014-10-12 16:55
you do know there are other sites to bet on games, with hard cash.. right?
2014-10-12 16:58
did you even read the article? xD you made my day
2014-10-12 17:00
Sadly most people watch games because they have skins on the line. Just enjoying the game played by the best players in the world doesnt seem to be good enough for 50% of the viewers....sad but true
2014-10-12 17:01
50% enjoy the best players in the world? That's way too much :D Like 10% max
2014-10-12 17:07
haha okay, maybe
2014-10-12 19:53
When was cs 1.6 time, some people ddos top players for fun........
2014-10-12 17:07
Back in 1.6 times I once ddosed a dude who was taken to the team for a tournament instead of me in the very last moment. He couldn't even move so they took me back and I was happy :D
2014-10-12 18:10
what a scum
2014-10-12 21:09
congratulation
2014-10-13 04:17
#96
 | 
Germany lpSykl
true
2014-10-12 17:52
it migh be partially because of the betting, but i think most DDoSers just get pleasure from knowing they annoy thousands of people with these attacks, and they would do it even if there was no betting
2014-10-12 18:45
lurppis nice
2014-10-12 16:57
gg lurppis I was surprised you didn't say Fifflaren was blame of all the Ddos attacks and that he should step down from NiP.
2014-10-12 16:58
kids and there skins.. This world is so embarrassing to live in at time.
2014-10-12 16:58
n1
2014-10-12 17:01
been following cs since on and off since 05/06ish and ddos did happen back then, but not as much as now. Watching the online league streams recently has been painful. It needs to stop, its ruining cs:go
2014-10-12 17:07
How can we prevent DDoS attacks? csgolounge MONEY DOES THE THING!!!
2014-10-12 17:09
Admins of events also need to be more vigilant on breaks between maps and halves. As a spectator it's just not cool.
2014-10-12 17:09
#62
valde | 
Finland Juvi
Good read as always
2014-10-12 17:10
&#1502;123
2014-10-12 17:13
Nothing about Fifflaren in this article? No? Good.
2014-10-12 17:14
You heard it pro's, be 'smarter online'.
2014-10-12 17:14
n1 Lurppis!
2014-10-12 17:17
ty lurppis but thereis 1 mistake in this article, thereis no fiffy flaming
2014-10-12 17:18
#77
 | 
Iceland fatboislim
Yea lurppis should've mentioned fiffys way to anti DDOS. It's really effective, he just simply sucks so much it would be pointless to ddos him.
2014-10-12 17:25
A better stand-in would take his place, so it might benefit if you want NiP to win.
2014-10-12 21:01
OH Fiffy is so smart... he sucks intentionally so he doesn't get ddosed and replaced. Next lurppis article: Understanding Fifflaren
2014-10-13 11:48
saw the topic and knew it was from Lurppis
2014-10-12 17:20
nice article as always!
2014-10-12 17:21
n1 lurpish
2014-10-12 17:23
thanks that u teaches the players PROCSGOPLAYER doesn't means GOODPCUSER
2014-10-12 17:24
pretty sure there is nothing in this article that pro players don't know of already..
2014-10-12 17:28
We are, afterall, talking about Lurppis here. What did you honestly expect?
2014-10-12 17:36
Pretty sure Shox said he would never be a victim of DDoS attacks. Most pro's know how to play, but nothing else. Pretty sure there are many things in this article that pro players don't know.
2014-10-12 21:02
everything in this article is the basic thing that comes up when you google how to prevent ddos and its been the same fixes for years so yes all pros would be aware already. if anything this article just lets all the little kids on hltv that they can spend $30 and be a part of it
2014-10-12 21:05
Pretty sure Shox said he would never be a victim of DDoS attacks. Also pretty sure that A LOT of them are ignorant as fuck. Although I don't watch a lot of games, I can't remember NiP players ever being DDoS'ed. On the other hand, games from another Swedish team like Property are paused every other second.
2014-10-12 21:10
did u read the article? there is many variables affecting it such as ISP. there wont be a pro player out there who hasnt been told about how to prevent themselves from being ddosd and the stuff in article is VERY basic and nothing new. do u think the organisations wouldnt step in if their player kept getting ddosd if they had a secure way to prevent it?
2014-10-12 21:20
If NiP can protect themselfs, why don't they help others? Yes of course I read the article, doesn't take away the fact that 'pro' players are lazy and ignorant. If they actually gave a shit this wouldn't happen. Of course there are MANY things that you need to do in order to protect yourself. MANY things to do your fucking job. It's part of their job and they're doing their job horribly. If they actually gave a shit it wouldn't happen in this rate. Yes, maybe every once in a while, but not every single fucking game.
2014-10-12 21:24
has nothing to do with being lazy/ignorant. do you not think they get pissed off with being disconnected all the time when they often have families around them who are affected by it too? "The only way to stop distributed denial of service attacks, once they've begun, is to change your IP address -- which can be surprisingly difficult in 2014, when many internet service providers use permanent IPs." VPN's often affect latency as lurppis already explained so are out of the equation for some. and if you have an ISP that will provide you with 0 help with the attacks then you're fucked like some players are.
2014-10-12 21:31
They shouldn't have been fucked in the first place being a pro player as I tried to explain. It's their job to play video games mostly via the internet. It might not be easy to do, but in order to do your job it's by all means necessary to avoid/solve it. It keeps happening every game, so I doubt they're trying their hardest. Switch ISP, move if that is not possible or get a different job.
2014-10-12 21:38
great article man
2014-10-12 17:31
Thank you lurppis... The organizers seem to take the approach of burying their heads in the sand. Casters seem to refer to these issues as "technical problems", and sometimes not even commenting on it. In the end, I think they are doing a disservice to everyone by not addressing the problems head on. I'd like to add a few points to your article: * Get a decent router which allows you to change the MAC address of the WAN port. The MAC address is the equivalent of the IP address on the link layer. Many service providers reserves IP addresses to be assigned to a specific MAC address. If you change your MAC address, most providers will give you a fresh IP. So get a router capable of doing this. Make this your routine before professional matches: - Shut down all * IM's (they often leak IP's upon file transfer requests and other data-intensive protocol features) * web pages (yes -- mods and admins probably have access to your IP address if they know what account you are using). * everything else that is not entirely critical to the game - Change your MAC address to get a fresh IP. - Don't break "radio silence" until the game is over. * If your service provider uses genuinely static IPs -- look for another provider. * If your service provider is unwilling to assign a new IP address for your connection following DDoS -- don't phrase it as a "game-related issue", claim that it is harassment. File a report with the police if necessary. This should provide leverage with your provider.
2014-10-12 17:36
Just move to Russia and get a dynamic IP for free.
2014-10-12 17:41
It's really easy to prevent leakage. Avoid contact with random internet people and don't open suspicious links. Still dunno why many of pro gamers have a problem with this
2014-10-12 17:44
At last. Well done Lurppis.
2014-10-12 17:50
Thx for this great information! :)
2014-10-12 17:50
Steam Beta also has some changes to fix an IP leak. I think it's worth mentioning that in several countries performing or assisting in a DoS attack is a criminal offence. Just in case anyone thinks it's a bit of fun to get on the bandwagon.
2014-10-12 17:51
good job!
2014-10-12 17:54
However, article writers who continuously attack a certain nip player need to face the reality. Whining about it won't help; only accepting it and being smarter in life will. Angry tweets will not stop fifflaren's reign.
2014-10-12 17:54
when are world ranking coming out?
2014-10-12 17:55
Such a random article when pretty much everyone knows about these things. I thought I was about to see something new, disappointed.
2014-10-12 17:57
Wouldn't it be a part of the solution to cancel the bet immediately and every time there's a ddos? That way the ddosers couldn't get advantage of their actions and the betting ddoses would see drop in frequency. I think the ones who bet on the ddos'd team wouldn't argue with their saved skins and it's not too cool to win by ddos either. Correct me if I'm wrong with this logic.
2014-10-12 18:04
That's no solution. If you always cancel the bets immediately it just means its always safe for the ddos-er to bet. Your selected team is losing? Ddos to cancel the bet.
2014-10-13 08:25
Nice article Lurpis, hopefully some pro players will take a look.
2014-10-12 18:05
#111
 | 
Latvia Ke]R[4u
i think if nip changes fiflaren ddos will stop
2014-10-12 18:07
pretty sure this is basic knowledge among all pros since most pros these days also stream and have to deal with this shit on a daily basis.
2014-10-12 18:09
-DDoS +Fiffy
2014-10-12 18:08
Dafaq lurppis,the DDooS is not because of Fifflaren? :/
2014-10-12 18:09
I actually enjoyed reading this. GJ, lurppis!
2014-10-12 18:22
no way players will protect themselves, they don't give enough of a fuck. players are only interested in talking shit to other players about protecting themselves during the DDOS itself.
2014-10-12 18:35
Well the only thing i enjoy with my life is ddosing and i will keep on doing it tonight i think i will ddos ZaaZ
2014-10-12 18:36
Wikipedia's explanation??? Are you kidding me? If ur going to bother writing a proper article about this, do give us a proper scholar reference! Not wikipedia :|
2014-10-12 19:04
Angry tweets will not stop Fifflaren.
2014-10-12 19:07
No on in this community understands how DDoSers get the IPs of players and no one knows how to effectively change IP (i can change IP of people in sweden, france, netherlands, germany, usa, etc etc) lurrpis just brought up some basic points but its more complicated DDoSers don't do it just for bets, they do it primarily for impact and notoriety
2014-10-12 19:10
I don't really like lurppis but this article is really well written. I feel that one of the factors why ppl choose to DDoS pro matches is because of bets too.
2014-10-12 19:12
The only thing that will stop ddos is when all OS deployments is secure enough. If it would be hard to get a bot net up and running it would not be wasted on some csgo players.
2014-10-12 19:12
it's a shame for e-sports that 12 years old kids can cause such problems in big events. it's 2014, not 2000...
2014-10-12 19:19
"if players start using VPNs when doing their browsing..." What about the Tor browser ? If I'm not wrong it also hide your IP from websites.
2014-10-12 19:22
TOR behaves like a VPN. The main difference is that instead of using a single intermediary server, you use several (to increase the anonymity).
2014-10-12 20:58
good article :)
2014-10-12 19:27
Doesn't matter,i will ddos anyways from my zimbabwe ddos channel HUEHUEHUE!
2014-10-12 19:39
i was writing my scientic doctor paper on DDOS attacks in my UNI
2014-10-12 20:11
Maybe you should teach these 'pro's' a lesson.
2014-10-12 21:08
Nice article!
2014-10-12 20:31
When I saw the title, I was ready to laugh, expecting some bulshit and shortcuts. And indeed I found a few. You don't really talk about Booters (website providing DDoS attack, also known as Stressers), but those who want to find them can easily do it with Google. So don't make it like a Voldemort thing. Furtermore, a lot of offers from Booters are cheaper than $30. Can even be less than $5. CS:GO isn't the only game that suffers from DDoS, 5s on Google and you can found others examples. So please, make a proper research. Valve's update regarding DDoS was mostly to prevent CS servers to be used to perfom amplification attacks (DDoS attacks). They also added some additionnal options to help to hide the server's IP, but that didn't really solve the problem. If you are on the server, you can find the IP, for instance. Also, people don't even need a 'program' to find someone's else IP from Steam or Skype. Many resolvers have been put on the web, even in Booters. Some of them are even free (no idea if they work less or not). And don't just throw away the VPN solution. Used well, and using a decent one, it works just fine. So please, lurppis, inform yourself before trying to inform other people.
2014-10-12 21:00
#223
 | 
United States lurppis
you must have missed this paragraph: "This is by no means an attempt at an in-depth look on DDoS attacks, but one hardly seems necessary -- it's more important we educate everyone on the basics first." judging by the comments there was new information for quite a few people. if you're very well versed in ddos attacks, maybe this write-up wasn't for you.
2014-10-13 12:35
I agree with Sylver_. Nothing in this article can't be found on wikipedia or related sites. It's just another article with contents from a ton of sites. Even if it was an in-depth look on DDoS, I doubt the educational purpose. Now thousands of HLTV users read an article. So what?
2014-10-13 13:11
I appreciate that you read the comments (including mine). I read this paragraph. Not doing an in-depth paragraph prevents you from going into deep details (technical details, how DDoS are working, what solutions exactly work etc.). It should leave the sensation that more can be learnt be reading other articles, but not hide/alter the truth. But here, it is giving a kind of 'final conclusion', the reader thinks that this is the reality. But by not going in-depth, you gave a superficial vision, a biaised vision by our research and findings. As a journalist, you have the duty to inform with the truth and to give some leads to the reader to let him read/learn more by his own. But it takes more time. Just think about it. If you want to write articles of quality, think about which conclusions a reader can make and how to let him learn more. Writing an article is like preparing a milk shake, you give the client the leftovers from the shaker. When writing an article, you leave your references you used to build your article so he can learn more and continue investigating if he wants to.
2014-10-13 13:13
#228
 | 
United States lurppis
i don't care what "journalists" are supposed to do or what their duties are. i'm a guy who has some knowledge about cs, and i write articles based on that knowledge. i do not wish to, nor have i ever wanted to, be labeled as a "journalist". it's obvious there are is much more information regarding ddos attacks out there on the internet, and any user with a brain should be able to google for those. i wanted to make a few points and give some basic pointers (that were given to me by people more knowledgeable than me), and that i got done. this article managed to create discussion, and if you've also read the comment section thoroughly, you'll also have found the really good guides from people such as destiny, etc. hopefully those spread more. edit: in an ideal world i would want to do this full-time as a career and i would get paid enough to do so, which would allow me to spend hours upon hours researching articles. in reality, however, that's not the case.
2014-10-13 13:31
I feel like you are mostly satisfying a need to regularly publish articles and leaving to the users the role of creating discussions and giving some valuable information. If your goal is to create some discussion, don't spend time reformulating what you quickly found on the web. Drop a few links and conclude by "Discuss !". Look at this article made in reaction of yours: hltv.org/blog/8768-ddosing-matches-is-be.. . This is actually helping, informing. And such article won't become a major article in contrary of yours. But I admit, all the credit goes to you because you triggered it by releasing an unfinished article.
2014-10-13 14:11
#231
 | 
United States lurppis
*noise*
2014-10-13 14:45
#175
 | 
Europe uppermost
good read
2014-10-12 21:07
heres is this what you mf'ers need: blog.destiny.gg/protection-from-ddos-att.. im sick of this bullshit whining about ddos. you pros are smart in game and dumb in real life or what? read that sh*t, do that and stfu already
2014-10-12 21:28
but this is exactly what lurppis told us not to do, open weird links :/
2014-10-12 23:45
lol
2014-10-12 21:57
Implement IPv6 and the problem with client IP addresses is gone. Even if the ISP only assign you with a single /64 net you have plenty of addresses to switch to. (Almost 2^64, some are reserved) Recommended for an ISP is to give a end customer a mask of /48 or /56 so they can have subnets in their house. Still the traffic will take some time to recover due to ISP router keeping the ddosed IPv6 entry for a while before it marks it as dead and remove it. Then the ddos problem suddenly will become an ISP problem and they will not tolerate that. (They don’t want loads of traffic that ends up being thrown by the router due to no end host IP to send it too)
2014-10-12 22:50
How to avoid DDoS in 1 step? Dont be a pro.
2014-10-12 23:25
stop.using.skype
2014-10-12 23:27
Very nice article, like always. :)
2014-10-13 00:43
Again, nice informative article. I will give you topic for your next article - About cheating in CS:GO.
2014-10-13 07:44
Good stuff. learned a bit. Thanks.
2014-10-13 08:34
Great relevant article, and its about time that the community starts to do something about those DDoS'.
2014-10-13 09:18
good read.
2014-10-13 10:24
Nice article, hopefully pros will read.
2014-10-13 10:47
Great, learned something new. Thanks
2014-10-13 11:32
Great, learned something new. Thanks
2014-10-13 11:31
How to avoid DDoS ? Just switch your internet off lol :D:D:D:D
2014-10-13 11:33
It is funny you blame the people who bet in cslounge/other bet websites are after the ddos attacks. Have you guys actually never thought how much money the streams make while the game is in pause? They use that time to run commercials (most of them). So they surely don't care about it. It's free money.
2014-10-13 11:54
#221
 | 
United States lurppis
a ton of people tune out of streams due to pauses, thus leading to less income for streamers. that group of people includes me.
2014-10-13 12:32
I dont think so, but I would like to see the numbers of viewers before and after a game its paused due DDoS. Due to not knowing when it will be un-paused, at least most of people would give it a decent 5 minutes wait until leaving the stream. Enough time to load a few ads.
2014-10-13 18:41
How to avoid DDOS. 1. Don't use Skype 2. Private teamspeak server 3. Professional Steam account with only teammates GG.
2014-10-13 12:17
#222
 | 
United States lurppis
not using skype is not a realistic option for a lot of people, and it'd make gaming miserable for most people to not have any of their friends added on steam -- it's the easiest way to contact them for games.
2014-10-13 12:34
What? We're talking professionals here. There are many different VOIP softwares available, all much better than Skype. Before Skype gaining popularity and the community became casual using shitty Skype we all used Teamspeak, Ventrilo or Mumble. All free and better than Skype. You can pay £10 for a 10 man server for a year, private only accessible to those given the IP. Also I meant for pro players to use 2 accounts one of MM and another for professional games. Limit the account to their teammates and have only CS on it.
2014-10-13 13:03
#227
 | 
United States lurppis
i don't know anyone who uses skype for its voip when playing. it's a common tool for keeping in touch with people who don't necessarily play cs:go; most communicate with their management through skype as well. as for having two different accounts - it makes no difference if the user's ip is leaked from one of them. servers are basically never compromised these days.
2014-10-13 13:24
Pro players also have outside friends who they want to communicate with thus using skype the easiest tool for this.
2014-10-13 14:01
cool story bro
2014-10-13 21:03
nice story bro..
2014-10-14 15:47
Why doesn't it happen for other games? What's so different about CS:GO? A SC2 player can get DDOSed the same way if you have his IP, and it will also make it totally unplayable for him?
2014-10-16 23:54
DDos attacks are not the most complicated things in the world... So instead of crying about that you get a DDos attack, why not start thinking "What can I do to prevent that from happening in the future?". But You don't see any of that.. For example you could get routers like Mikrotik. Cheap professional routers, not easy to setup, but you can block ddos attacks once you configured the firewall that way. And DDosers will cry their little eyes out to why it isn't working.
2014-10-21 12:08
I dont think that client side DDoS mitigation can help for players. Client connections commonly have up to 100 Mbit bandwidth. If attacker knows IP of victim low cost Volume Based DDoS can easly send victim offline whatever router he use by simple overflow internet bandwidth. How to fix this problem? I see two ways: 1) Paranoid hiding of IP (close or dont use some Software). 2) Use abuse protected VPNs (hosted in large DataCenters) with high DDoS profiles filtering or/and wide connection bandwidth 1 Gbps or more, but it costs a lot of money. In web-hosting this problem almost solved by services like CloudFlare, which have ultra wide connections and block or filtering attackers traffic on CF side and sends only legitimate traffic to real web-server. I hope services like CloudFlare will be created for gaming.
2014-10-21 20:08
As a solution to the problem: 1) Use VPN all time when you not playing official games, your real external IP was hidden by VPN most of the time and IP protected from capturing when you dont play official. 2) When you need to play official game go offline from some third party software to prevent detecting IP adress. 3) Disconnect from VPN right before game. 4) Play and win. 5) Connect to VPN and go to 1 paragraph. And another: 1) Buy some low cost hardware server in DC 2) Configure your server as VPN 3) Talk with DC admins to protect your server ip on edge DC router (NTP, DNS, SYN Flood etc.) 4) ... 5) PROFIT! I think it would be enough to prevent some kids attacks. Or quote from security.stackexchange.com/: "Have a dedicated router or firewall to do the filtering. The reason your CPU is being stressed is that the software firewall on your system is attempting to handle way more packets that your system can tolerate. Having a hardware router or firewall drop packets before they hit your computer should do the trick. Of course, there IS a limit even to dedicated routers or firewalls. So it really comes down to how much resources the attacker is willing to use to DDoS you. Besides that, there is really nothing else you can do to stop an attacker, besides coordinating with your ISP to block the incoming packets or reporting the matter to law enforcement." Source: security.stackexchange.com/questions/210..
2014-10-21 20:29
So your solution is to try your best on hiding your true IP address by hiding behind a Proxy i.e. VPN services. But that can become a hassle, gamers in particular demand a good connection. VPN services however are usually paid services and the couple of free ones are limited to a certain bandwidth. The only true methods of preventing and minimizing the risk of a DDos attack for "Private users i.e. Gamers" is to get a Dynamic IP address. Now I know that will not completely eliminate the risk but it will reduce it quite significantly. Another way to it is to minimize the impact of a DDos attack. For example limiting the connections a client can make on a Router. Reading the connections and if its over our set limit then it will automatically add them to a blacklist, dropping that connection and any other attempt of connecting, without any significant performance impact on the router. And thats just one one of a quite a few methods e.g. Packet dropping and syn filtering. Its simply too easy to figure out an IP address for a specific user. Because everyone is connected. With skype, Steam, Teamspeak as well, or ventrilo. It would be good to have: 1. A powerful router. 2. A fast Dynamic Internet connection. 3. disabling All chat services except TS (Problem being that cs:go is basically demanding steam to be active) 4. Renewing the dynamic IP address After you have disabled these services and Before an important match. Of course these steps might not be for everyone, because most people here are not even popular enough to attract attention for a DDos attack. Anyway people who have a server (web or game server) know that issue all to well. But top players who do attract a lot of attention might want to consider some of these steps. Because it is worth the hassle for these individuals.
2014-10-21 21:27
Dynamic IP also can be attacked by attacking to ISP subnet, probability of this is small but real. But dyn IP ofc not a bad solution together with hiding IP. My solutions based on understanding that client side defencing against DDoS very limited by ISP connection bandwidth and SOHO routers doesnt protect you from midle or high level atacks (and some small kids atacks).
2014-10-21 21:37
why pros cant get safe settings for ddos?
2014-10-22 19:10
Can I use the contents of this blog post to make a presentation for my college?
2014-11-20 13:10
Login or register to add your comment to the discussion.