Attacks/Breaches
9/17/2013
11:54 PM
Lori MacVittie
Lori MacVittie
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Grand Theft Oh No: When Online Gamers Attack

A new report says the tactics players use to slow down the competition may be trained on your site. Here's how to protect yourself.

The volume of distributed denial-of-service attacks is holding steady, with vendors and researchers pointing to statistic after chilling statistic about how many, how often and how successfully such exploits occur. Most blame the ability of attackers to leverage vast networks of compromised PCs, often procured at volume-discount prices on the resource black market. But are zombie armies getting the blame for attacks originating from dark, seedy online gaming networks?

Maybe, says a recent white paper with the deceptively tame title "An Analysis of DrDoS and DDoS Attacks Involving the Multiplayer Video Gaming Community." In it, DDoS mitigation service provider Prolexic tells a tale of revenge, exploitation and extreme competition among gamers.

The report explains how vulnerable game servers become launch points for DDoS attacks against both third-party and in-game targets. It's become so common that the gaming community has its own term for the practice: "packeting." These attacks are most often reflection-based, using compromised servers to take down a target by spoofing requests to public services that return responses, flooding the target's network connection or overwhelming available resources. Gamers initiate attacks for a variety of reasons, including inducing enough lag to achieve a strategic advantage over rivals.

[ DDoS attacks can cost serious money and are nearly impossible to repel with standard defenses. Should you buy protection? ]

What's disconcerting, however, is the potential use of these often-vulnerable servers to carry out DDoS attacks against enterprise networks. Downtime and disruption caused by DDoS attacks is expensive, costing victims an average of $172,238, according to the Ponemon Institute, and you don't even get to blow up any virtual cities for your trouble.

Both IT organizations and game platform providers can take action to minimize the impact of such attacks, as well as prevent their servers from being used as an attack platform. Above all, remain vigilant and have monitoring and alerting systems and processes in place to rapidly detect and respond to an attack in progress. Specifically:

-- Close open resolvers: A significant number of DDoS attacks are carried out against DNS due to the public nature of the servers they provide. It's a rare organization that needs to act as an open resolver -- in most cases, these systems are misconfigured. Turning off open recursion is a good first step toward mitigating the effects of a DNS DDoS attack.

-- Mind your bandwidth: Reflective attacks work because the response, which is sent to the victim, is many orders of magnitude larger than the request itself. The sheer volume and size of responses can consume every bit of available bandwidth and cause network outages and service disruptions. Ensuring that you have spare network capacity -- both available bandwidth and packets-per-second processing power -- will buy you time to take action in the face of an attack. 


-- Consider rate limiting on perimeter network elements: Response-rate limiting as well as inbound packet filtering, particularly when network-layer anomalies indicative of an attack can be identified, will help reduce the impact of a DDoS attack on other services.

Gaming platform providers can -- and should -- do more to monitor and guard against abuse of their resources. Packet-filtering, rate limiting and, of course, addressing server vulnerabilities will go a long way toward eliminating the ability of gamers to exploit systems for their own gain.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Strategist
9/19/2013 | 12:28:24 AM
re: Grand Theft Oh No: When Online Gamers Attack
What evidence does the report provide that gaming community behavior spills over to affect businesses outside that sector?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

CVE-2014-2392
Published: 2014-04-24
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer log...

Best of the Web