Topic: Microsoft responds to Xbox Live denial-of-service attack (Read 150 times)

Xbox-Scene · « **on:** February 22, 2009, 07:42:00 PM »

Microsoft responds to Xbox Live denial-of-service attack
Posted by XanTium | February 22 21:42 EST | News Category: Xbox360

(IMG:http://www.burstnet.com/cgi-bin/ads/ad9520b.cgi/ns/v=2.1S/sz=300x250A/

From arstechnica.com:

Quote

In a statement given to Ars Technica on Friday, a Microsoft representative responded by saying, "In our continued effort to help provide a safer and more secure experience for our community of more than 17 million members, we are investigating reports involving the use of malicious software tools that an attacker could use to try and disrupt an Xbox LIVE player's Internet connection.

"This problem is not related to the Xbox LIVE service, but to the player's internet connection," the representative added. "The attacker could also attempt disrupt other internet activities such as streaming video or web browsing using the same tools."

Fair enough. Since Xbox Live games connect to the Internet like everything else, using an IP address, it's possible for hackers to discover your address using underground packet-sniffing software, then flood the Xbox port with incoming data to boot you off. Other offenders are reportedly asking for an IP address by sneaky means before opening the denial-of-service floodgates.

Full Story: arstechnica.com

tomgreen99200 · « **Reply #1 on:** February 23, 2009, 12:19:00 AM »

Maybe we should all get a free game. lol j/k

Steve-0 · « **Reply #2 on:** February 23, 2009, 03:29:00 AM »

its a joke considering it's a service we have to pay for, the whole live infrastructure is being torn apart by idiots.

Bad_Ad · « **Reply #3 on:** February 03, 2020, 10:32:00 AM »

QUOTE(Steve-0 @ Feb 23 2009, 01:05 PM)

its a joke considering it's a service we have to pay for, the whole live infrastructure is being torn apart by idiots.

Sounds like someone doesnt understand how the internet works.

Nothing is being done to live or its servers, they are attacking YOUR connection.

This attack is as old as the internet.

tomgreen99200 · « **Reply #4 on:** February 03, 2020, 01:01:00 PM »

QUOTE(Steve-0 @ Feb 23 2009, 12:05 PM)

its a joke considering it's a service we have to pay for, the whole live infrastructure is being torn apart by idiots.

This shit doesnt sound very good but im sure Xbox Live will be fine. Only a very small percentage of people will even think about doing this let alone try it.

Reaper527 · « **Reply #5 on:** February 03, 2020, 01:22:00 PM »

QUOTE(Bad_Ad @ Feb 23 2009, 12:32 PM)

Sounds like someone doesnt understand how the internet works.

Nothing is being done to live or its servers, they are attacking YOUR connection.

This attack is as old as the internet.

thats because WE host the games. if live had dedicated servers, our ip address would never be known to the other person. people wouldn't be able to ddos us directly, and hopefully the microsoft servers would have some kind of smart packet filtering protection to minimize the damage that could be done.

this would also make it impossible to ddos an individual, meaning that for someone to attack the server, they will be cutting off their own access should their attack bring down the server.

my two cents

Steve-0 · « **Reply #6 on:** February 03, 2020, 01:50:00 PM »

QUOTE(Bad_Ad @ Feb 23 2009, 05:32 PM)

Sounds like someone doesnt understand how the internet works.

Nothing is being done to live or its servers, they are attacking YOUR connection.

This attack is as old as the internet.

LMAO, i know nothing is being done to live, im replying to your assumption so that proves i kinda understand how the in-ter-net works.

they could turn live off tomorrow for all i care, what i ment was it will get to a point where most of the live subscribers wont want to pay to play as M$ put it because of all the cheating, ddos attacking (which means Direct Denial Of Services incase i sound dumb), glitching, and general unmoderated situations, and im sure you will agree that the LIVE SOCIETY is being torn apart by all this crap. what are we actually paying for?

Nillaz · « **Reply #7 on:** February 03, 2020, 05:16:00 PM »

QUOTE(Steve-0 @ Feb 23 2009, 03:50 PM)

LMAO, i know nothing is being done to live, im replying to your assumption so that proves i kinda understand how the in-ter-net works.

they could turn live off tomorrow for all i care, what i ment was it will get to a point where most of the live subscribers wont want to pay to play as M$ put it because of all the cheating, ddos attacking (which means Direct Denial Of Services incase i sound dumb), glitching, and general unmoderated situations, and im sure you will agree that the LIVE SOCIETY is being torn apart by all this crap. what are we actually paying for?

Actually, not to be a dick, but DDoS is a Distributed Denial of Service attack... just sayin'. (IMG:style_emoticons/default/biggrin.gif)

signal-to-noise-ratio · « **Reply #8 on:** February 24, 2009, 08:05:00 AM »

QUOTE(Reaper527 @ Feb 23 2009, 03:22 PM)

thats because WE host the games. if live had dedicated servers, our ip address would never be known to the other person. people wouldn't be able to ddos us directly, and hopefully the microsoft servers would have some kind of smart packet filtering protection to minimize the damage that could be done.

this would also make it impossible to ddos an individual, meaning that for someone to attack the server, they will be cutting off their own access should their attack bring down the server.

my two cents

Agree.

Blizzard has servers. Tons and they are localized to cut down on lag. Almost every mmorpg has servers. Even the mmorpgs you don't have to pay for either ie guild wars or lineage have servers. Its really ridiculous that ms doesn't have these. I would pay $75 a year for servers to say goodbye to standbying briding etc.

QUOTE(Steve-0 @ Feb 23 2009, 03:50 PM)

LMAO, i know nothing is being done to live, im replying to your assumption so that proves i kinda understand how the in-ter-net works.

they could turn live off tomorrow for all i care, what i ment was it will get to a point where most of the live subscribers wont want to pay to play as M$ put it because of all the cheating, ddos attacking (which means Direct Denial Of Services incase i sound dumb), glitching, and general unmoderated situations, and im sure you will agree that the LIVE SOCIETY is being torn apart by all this crap. what are we actually paying for?

As long as people still go on marketplace and download arcade games and use netflix. They probably won't be inclined to fix multiplayer issues. Which is sad since the two are unrelated yet connected thru profits.

Nillaz · « **Reply #9 on:** February 24, 2009, 02:44:00 PM »

QUOTE(signal-to-noise-ratio @ Feb 24 2009, 11:49 AM)

Agree.

Blizzard has servers. Tons and they are localized to cut down on lag. Almost every mmorpg has servers. Even the mmorpgs you don't have to pay for either ie guild wars or lineage have servers. Its really ridiculous that ms doesn't have these. I would pay $75 a year for servers to say goodbye to standbying briding etc.
As long as people still go on marketplace and download arcade games and use netflix. They probably won't be inclined to fix multiplayer issues. Which is sad since the two are unrelated yet connected thru profits.

I completely agree that dedicated servers would be in our best interest, but they would certainly not be in Microsoft's. The price of live would be increased dramatically due to cost of bandwidth, hardware, and maintaining those servers, plus a host of other extraneous charges (real estate, etc.). $75 seems low, I couldn't imagine that it would cost less than $100, and most likely closer to $150. The other option to keep those costs down is to plaster advertisements everywhere....and I do mean everywhere. People complain now that the advertising is intrusive, could you imagine if that was increased 10 fold?

It's probably a moot point anyway. Granted, as this issue gets more attention and as kids get more network savvy (the vast majority of them can't even configure their NAT settings properly) it's going to be exacerbated over time, but for now it's something that maybe affects a very small percentage of all paying xbox live users. Considering the years and money they've spent developing the current infrastructure it's not likely Microsoft is going to scrap all of that and start over for what is really a low key problem. In addition to building said server farms the network code that runs all of our xbox's would have to be reworked and virtually every game that utilizes online play would have to be patched. It's a monumental task and an engineering nightmare.

chronno · « **Reply #10 on:** February 25, 2009, 09:18:00 AM »

QUOTE(Nillaz @ Feb 25 2009, 12:28 AM)

I completely agree that dedicated servers would be in our best interest, but they would certainly not be in Microsoft's. The price of live would be increased dramatically due to cost of bandwidth, hardware, and maintaining those servers, plus a host of other extraneous charges (real estate, etc.). $75 seems low, I couldn't imagine that it would cost less than $100, and most likely closer to $150. The other option to keep those costs down is to plaster advertisements everywhere....and I do mean everywhere. People complain now that the advertising is intrusive, could you imagine if that was increased 10 fold?

um... Blizzard has central servers and they don't have a $150 subscription fee or advertisements everywhere. Microsoft already has quite a few servers dedicated to supporting XBL. Remember when they had to add servers after Halo 3, and again before GTA4? The games may not be hosted on their servers but they still have to have servers to connect people to each other. Adding a few more servers would be pennies a day in the long run for Microsoft. Not a problem.

Ether way, central servers will not resolve this issue. Because the hackers phishing for the IP address of users, a DDoS attack against that IP will just kick them off anyways. Really good hackers can still get the public IP from a central server as well. As far as I know there is no cheap way to prevent DoS attacks. Some routers can block it but they are a few hundred to several thousand dollars, and that isn't even 100%.

Nillaz · « **Reply #11 on:** February 25, 2009, 12:11:00 PM »

QUOTE(chronno @ Feb 25 2009, 01:02 PM)

um... Blizzard has central servers and they don't have a $150 subscription fee or advertisements everywhere. Microsoft already has quite a few servers dedicated to supporting XBL. Remember when they had to add servers after Halo 3, and again before GTA4? The games may not be hosted on their servers but they still have to have servers to connect people to each other. Adding a few more servers would be pennies a day in the long run for Microsoft. Not a problem.

Ether way, central servers will not resolve this issue. Because the hackers phishing for the IP address of users, a DDoS attack against that IP will just kick them off anyways. Really good hackers can still get the public IP from a central server as well. As far as I know there is no cheap way to prevent DoS attacks. Some routers can block it but they are a few hundred to several thousand dollars, and that isn't even 100%.

To use Signal-to-Noise's example of mmorpg's, the obvious comparison would be to use Blizzard's WoW. I personally don't play and obviously I could be wrong, but my understanding is that a subscription for WoW is ~$15 per month. $15 X 12 months = $180 per year.

A few more servers? Not a problem? Quite a ways back I remember Microsoft allowed a rare walkthrough of their Xbox Live Headquarters. The equipment required to connect all of us over Xbox Live as it stands now was astounding. And at it's core all Xbox Live does now is connect all of us via friends lists that can be refreshed periodically as opposed to continuously. Now you're talking about creating something several orders of magnitude larger. They have to pay for the increased bandwidth of all the information flowing through their pipes, because now ALL of the data that we were sharing amongst ourselves while we played is now going straight to Xbox Live. You have to pay for the specialized hardware and proprietary software used to make this network run. You have to pay smart people to keep this network running 24/7/365 without fail. You have to pay for the land and buildings that house this incredible network. You have to pay for the ELECTRICITY that keeps all of this equipment running.....you have to pay for security and redundancy....the list goes on and on. Personally I think 'pennies a day' hardly begins to scratch the surface. There's quite a bit more to this than I think you realize.

Of course a centralized server system is not impervious to hackers. Nothing is completely impervious to hackers. But now the direction of attack is directed at the servers themselves, which are guarded by specialized equipment and people trained and educated to deal with such attacks. Xbox Live must be doing something right....let's not forget that their network has yet to be compromised in 7 years of service. Little Johnny sitting at home playing Halo 3 probably would have no idea what to do when faced with a DDoS attack directed at his personal IP address. As I said however, it's a moot point. Microsoft is not going to change their infrastructure this late in the game. The current system is economical and scalable and generating profits for them. Let's not forget that this is the name of the game. Microsoft is not truly interested in gaming networks and their users. This stuff is simply a means to an end. They're interested in PROFITS. This is not a slam on Microsoft by any means. Microsoft is a business, and like any business their ultimate goal and reason for existence is to generate revenue/profits. It's basic economics.

chronno · « **Reply #12 on:** February 25, 2009, 02:39:00 PM »

QUOTE(Nillaz @ Feb 25 2009, 09:55 PM)

There's quite a bit more to this than I think you realize.

I think it's less than you think it is. PSN douse it too and they don't charge.

The amount of data that is needed for an online FPS isn't much at all. Just some initial setup for the looks of the players and possible map synchronization and then streaming data about the position of that player and what it is doing. The servers don't have to render the graphics, they just have to transfer math. This is why they can get away with making a user's 360 a server even with the crappy ass connections in the US and other countries.

Ether way, I think we both agree that switching to a central server setup won't fix this issue.

Nillaz · « **Reply #13 on:** February 25, 2009, 04:30:00 PM »

QUOTE(chronno @ Feb 25 2009, 06:23 PM)

I think it's less than you think it is. PSN douse it too and they don't charge.

The amount of data that is needed for an online FPS isn't much at all. Just some initial setup for the looks of the players and possible map synchronization and then streaming data about the position of that player and what it is doing. The servers don't have to render the graphics, they just have to transfer math. This is why they can get away with making a user's 360 a server even with the crappy ass connections in the US and other countries.

Ether way, I think we both agree that switching to a central server setup won't fix this issue.

It's nice to be able to agree and disagree with someone in a public forum where we can act in a civilized manner. For that I say cheers! (IMG:style_emoticons/default/beerchug.gif)

I'm well aware that all we're sharing amongst ourselves is the math and the console/engine is processing and rendering that info as it needs to. But it's still exponentially more info than what Xbox Live is currently streaming to us. This is in part why your friends list is limited to 100 people. Microsoft desperately needs to keep their bandwidth usage as low as possible. Regardless, my point wasn't simply about the bandwidth needed, it's all of the costs associated with setting up and running a centralized network combined that make this a hard proposition to execute.

I would contend that if it was easy or cost effective to do Microsoft would have done this from the start as it would give them an even higher degree of control over what happens on their network, and I think we all agree that Microsoft likes to have control. Yes, Sony is doing this for free but I highly doubt it's because they don't want to charge. Personally I think they do it for free because they need the competitive leverage against Xbox Live. I don't think anyone can argue that PSN is anywhere near as reliable or robust as Xbox Live regarding both uptime and features/content. Don't get me wrong I have a PS3 and enjoy the free network, but if PSN charged $50 a year in it's current state far fewer people would be interested in it considering the alternatives. Regardless, I'm pretty sure Sony's Games Division has been hemorrhaging money to keep the service up and running since it's inception, and that will eventually have to change one way or another.

OTOH I agree that a centralized network won't completely fix the issue, but I think it would remove the burden of dealing with DDoS issues from Joe Six Pack and move it to Microsoft who has the ability and resources to deal with it effectively. If nothing else, I'd be ecstatic just to have a reliable low latency connection all of the time. There's nothing more frustrating to me than having to deal with a host who's brother is bit-torrenting porn like crazy in the other room while we're playing a match of COD. (IMG:style_emoticons/default/smile.gif) I pay a small fortune each month for my internet connection and occasionally I have to wonder what I'm paying for! (IMG:style_emoticons/default/grr.gif)

This post has been edited by Nillaz: Feb 26 2009, 12:32 AM

Author Topic: Microsoft responds to Xbox Live denial-of-service attack (Read 150 times)