Holiday Hackers.........Love'em or Hate'em

  • Thread starter Automotive
  • 244 comments
  • 16,669 views
Famine
Yes - turn the device off.

A denial of service is simply more users trying to use the device at once than the device can handle, be it two people on a calculator or 50 million on SEN. It's not a hack or a crack, or a compromise of data - it's just lots of people trying to use the thing to do what it normally does. If you design the device to be used over a network, the only way you can prevent it is to allow it to handle the entire network at once - and if that network is the internet, good luck.

Sure, if you had all the money on Earth you could build a server farm capable of handling all 10 billion devices on the internet at once (though you'll need to upgrade frequently - it'll be an order of magnitude more than that by 2020), but for a gaming network that costs most of its 100 million potential users nothing at all, that's expecting far too much.
Click to expand...
Still there must be a way to make sure the device doesn't accept an overload of BS users without shutting down? Maybe we just don't know it yet and it has to be figured out still, but if it's causing that's much trouble i would start searching for a workaround.
 
mister dog
Still there must be a way to make sure the device doesn't accept an overload of BS users without shutting down?
Click to expand...
Famine
A denial of service attack can be mitigated somewhat with software, but in doing so it will also restrict normal operations.
Click to expand...
As I said. There's no way to tell the difference between someone who wants to use the device and someone who wants to jab at the keys so that they can't.
 
Mr Grumpy
What he said :)

Its a bit like trying to get through the blackwall tunnel in monday morning rush hour :)

For those that know it.
Click to expand...

Ha... I live right beside it... I don't drive but have been passenger on many occasions in rush hour going through there. :mad:

Anyway I've had no problems with PSN/PS3 at all over the last few days, except for an hour or so this morning when it refused to sign me in.
 
Famine
As I said. There's no way to tell the difference between someone who wants to use the device and someone who wants to jab at the keys so that they can't.
Click to expand...
Could be figured out still? In any case i'm only half a nerd so i wouldn't be able to imagine it. Maybe Sony should hire that geek from the lizard squad.
 
mister dog
Could be figured out still?
Click to expand...
Not until we've got AI that knows when someone is lying and can learn the difference between someone downloading the latest GT6 update because they want the latest GT6 update and someone downloading it because they want to tie the server up with a request for a very large file...
mister dog
In any case i'm only half a nerd so i wouldn't be able to imagine it. Maybe Sony should hire that geek from the lizard squad.
Click to expand...
All that they did was flood a device with more requests than it can handle. Their sole talent is jabbing at the keys of a calculator while someone else is trying to use it...
 
mister dog
Could be figured out still? In any case i'm only half a nerd so i wouldn't be able to imagine it. Maybe Sony should hire that geek from the lizard squad.
Click to expand...

I can't think of a good analogy, but I'll try.

Imagine you have a prank caller ringing you constantly. You can block their number, change your own number or even get an additional phone line so that you have one free while the other is always ringing. There's nothing to stop the prank caller getting a few people to ring you from multiple other phones at the same time and you're still not going to know who is on the other end without answering the phone, it could be your mother or boss ringing you from their new mobile phone too for all you know.

And no, LizardSquad guys wouldn't know jack on how to stop a DDoS attack.
 
Lewis_Hamilton_
I can't think of a good analogy, but I'll try.

Imagine you have a prank caller ringing you constantly. You can block their number, change your own number or even get an additional phone line so that you have one free while the other is always ringing. There's nothing to stop the prank caller getting a few people to ring you from multiple other phones at the same time and you're still not going to know who is on the other end without answering the phone, it could be your mother or boss ringing you from their new mobile phone too for all you know.

And no, LizardSquad guys wouldn't know jack on how to stop a DDoS attack.
Click to expand...
Maybe there is a way to identifying when there is an unusual amount of prank callers trying to ring you at the same time? Although it's utterly difficult to find a way to prevent it, surely it cannot be the impossible.
 
mister dog
Maybe there is a way to identifying when there is an unusual amount of prank callers trying to ring you at the same time? Although it's utterly difficult to find a way to prevent it, surely it cannot be the impossible.
Click to expand...

You can easily tell there's a lot of calls incoming, but unless you answer the phone, you still won't know what the caller's intentions are.
 
Here's hoping the PS3 side of PSN will still work when I get a chance to download the latest and greatest VGT's and Seasonals on Monday...
 
Marqus
http://www.businessinsider.com/liza...n-network-and-xbox-live-2014-12#ixzz3N7aoJ4A8

Love 'em?
Click to expand...

And from the article:

On Thursday, Lizard Squad said they initially wanted to take down PlayStation Network and Xbox Live “for the laughs,” but eventually the collective found a cause to rally behind: forcing these companies to upgrade the security on their networks.

It's unclear how Dotcom's offer solves any of those issues, but perhaps the Lizard Squad members felt they got their point across, and settled to exit with their prizes: lifetime memberships to Dotcom's new privacy service.
Click to expand...

'For the laughs' quickly became a 'moral' cause.
Gamers attacking gaming for Gold.

Now they have more gold to go for Gold.

As for the 'security' part . . . that's like a guy trying to break into my home to tell me my house security isn't good.
 
PSN is good for the UK on all consoles today. Got digned out once but that was my internet, not PSN
 
Famine
Not until we've got AI that knows when someone is lying and can learn the difference between someone downloading the latest GT6 update because they want the latest GT6 update and someone downloading it because they want to tie the server up with a request for a very large file...All that they did was flood a device with more requests than it can handle. Their sole talent is jabbing at the keys of a calculator while someone else is trying to use it...
Click to expand...
Isn't that what that funky letter/number sign in thing is for that you have to go through sometimes to identify whether it's a human or a bot trying to gain access to something? Not sure what it's called but I assume it's there because a bot can't figure it out. Would that work?
 
Johnnypenso
Isn't that what that funky letter/number sign in thing is for that you have to go through sometimes to identify whether it's a human or a bot trying to gain access to something? Not sure what it's called but I assume it's there because a bot can't figure it out. Would that work?
Click to expand...
I think you mean captcha?

They "can" work for a small website ( when implemented correctly ) but in a large scale they fail in a few places:

1. The DOS attack could just overload the captcha so no one could fill out the request, so nobody could download the file. This would be very simple.

2. They actually can be "solved" by a computer if the DOS attack planner has access to enough processing power.

3. They are a pain in the neck for the end user and accessibility when dealing with the visually impaired.
 
People launching DDoS attacks to motivate devs to "improve their security". Yeah, right.
I remember when trolling was done to drink the delicious tears of people who took themselves too seriously and not... This. I'd even argue that this is not doing things "4 teh lulz", but because you're an arsehole.

It is becoming clear, at this point, that online-based services need to implement anti-BOTting solutions in their login process. Captcha would be a good start; so would be authentication tokens and redundant servers (try DDoSing EVE Online and see what happens). Of course Microsoft has an interest in implementing anti-DDoS technologies in a service for which they're asking money, but... Sony? Hell, PSN is free, why should they care?

As for GT... Many of us are pissed because we're at a risk of losing our 200% bonus while there are high-paying seasonals out. Know what the solution would be? Issue the payout bonus as a token, valid for 24 hours that's downloaded when you become eligible. That way, even if you get disconnected you still get your bonuses.

Also, @carracerptp : Captcha may fail in many places, but it's still better than nothing.
 
ClydeYellow
People launching DDoS attacks to motivate devs to "improve their security". Yeah, right.
I remember when trolling was done to drink the delicious tears of people who took themselves too seriously and not... This. I'd even argue that this is not doing things "4 teh lulz", but because you're an arsehole.

It is becoming clear, at this point, that online-based services need to implement anti-BOTting solutions in their login process. Captcha would be a good start; so would be authentication tokens and redundant servers (try DDoSing EVE Online and see what happens). Of course Microsoft has an interest in implementing anti-DDoS technologies in a service for which they're asking money, but... Sony? Hell, PSN is free, why should they care?

As for GT... Many of us are pissed because we're at a risk of losing our 200% bonus while there are high-paying seasonals out. Know what the solution would be? Issue the payout bonus as a token, valid for 24 hours that's downloaded when you become eligible. That way, even if you get disconnected you still get your bonuses.

Also, @carracerptp : Captcha may fail in many places, but it's still better than nothing.
Click to expand...

They only work on small to medium sized sites, anything bigger and it would be easier to to take down the captcha. This is assuming the Captcha was set up correctly, I have seen many not "get" how to use them on a site.

As for the rest:

"Authentication tokens" how would that stop anything? They are/where hitting the login system?

"Redundant servers" Any international website with the user base the size of PSN will already have this. Also "EVE Online" has been hit with a DoS attack.

Really, when dealing with a DDoS everything is a mess, sure you could build a really smart algorithm that could manage it but that algorithm will take computation power to run. Eventually a botnet ( or other methods ) will use up all the server power. So it will still end in a DoS.

The only way to handle a DDoS is lots of servers, sometimes a 3rd party server farm will be used to try and beat an attack but again, eventually even they can be over run. This all cost money.

So unless a company is willing to spend Google levels of money and build a network a DDoS will always be possible. The problem is a DDoS is SO easy to setup to take down a small site. Toss a little money ( like under 50 dollars ) in and you can take out a medium sized site if it isn't protected.

I've had to fix sites after DDoS attacks ( server crashed ) so I speak from a bit of experience.
 
Last edited:
I guess you're right... And I guess you've got a lot more knowledge and experience than I do.

That being said... It is my understanding that client-side authentication doesn't stop DDoS attacks, but it severely limits what options would-be DDoSers can use. EVE Online's been DDoSed, sure, but then, we're talking about a game where groups of players hired goons to cut the power to a rival Fleetcom's house. So I'm assuming it wasn't a "I HAZ BOTNETS LOL" DDoS attack like the one that has afflicted/is afflicting PSN (or so they say).
 
With the huge increase in appliances, toys, toothbrushes, etc that have an IP address they all make crazy easy targets for botnets as most of these devices have little to no security. Many have backdoor entrances for "firmware" updates.

The sad part is, thanks to web browsers, one can perform a DDoS without even the need for a traditional botnet. Gone are the days of actually needing to "install" malware on an unsuspecting user and then sidestep the antivirus. All you need is for them to visit a web page.

This makes stuff very hard to stop because it's so easy to just scale-up a botnet if the servers don't fail.
 
ERAUfan97
Haha or maybe it just depends on location
Click to expand...

I finally solved this one - you, and I, were both right. This is how it worked:

If you logged in through the XMB then you would get the error code.
If you were not logged in and went in through the game (GT6 - not sure about others) then one gets the sweetly presented and very market-conscious "Sony is doing maintenance." notice.; that meant Sony was working, not that your connection had a heart attack.
TG it wasn't in Comic sans

All is well. We were not hallucinating. 👍
 
Can't say... I don't know what their motives were. So far it seems like they were just looking for attention but that could be wrong. Perhaps someone could enlighten me?
 
PS3 is still having difficulties ive not been able to stay logged in for more than 30 seconds yet PS4 is fine.
 
Haven't heard anything about free games anymore. Maybe it was just that one site and hope to bring holiday joy to them.
 
AlexMk7
Can't say... I don't know what their motives were. So far it seems like they were just looking for attention but that could be wrong. Perhaps someone could enlighten me?
Click to expand...

I don't know if you read the ''interview'' but the more you read them the more they sound like a big baloon full of nothing but air.
After a while they justified this with the usual ''yeah the big companies money bla bla bad security, we could easily stop an attack like this, they suck'' etc etc. Dosn't look like they really have something to say.
 
Just ran my quickest time on the LM55 seasonal beating all friends only to get, server down message and couldn't save:banghead:
 
TJ13
Haven't heard anything about free games anymore. Maybe it was just that one site and hope to bring holiday joy to them.
Click to expand...

I think it was a false claim tbh, although I was the one who posted the link here about it, sorry fellas :)
Anyway happy xmas all & have a great new year :)
 
Last edited:

Similar threads

Famine
Up To 50% Off Gran Turismo 7 in PlayStation Store Holiday Sale
Replies
13
Views
2K
Grimm6Jack
Grimm6Jack
tunaphis
Sony's at it again.
Replies
24
Views
1K
Tornado
Tornado
TomBrady
Are there hackers in GT6 online?
Replies
19
Views
2K
GT6OuTLaW
GT6OuTLaW
Famine
Gran Turismo 7's Holiday Season Campaign Sees the Temporary Return of Login Bonuses
3 4 5
Replies
137
Views
21K
Famine
Famine
JohnnyMac
Anybody else having issues on the official GT7 site?
Replies
3
Views
534
OldandSlow
OldandSlow

Latest Posts

Back