Attacks/Breaches
9/17/2013
11:54 PM
Lori MacVittie
Lori MacVittie
Commentary
50%
50%

Grand Theft Oh No: When Online Gamers Attack

A new report says the tactics players use to slow down the competition may be trained on your site. Here's how to protect yourself.

The volume of distributed denial-of-service attacks is holding steady, with vendors and researchers pointing to statistic after chilling statistic about how many, how often and how successfully such exploits occur. Most blame the ability of attackers to leverage vast networks of compromised PCs, often procured at volume-discount prices on the resource black market. But are zombie armies getting the blame for attacks originating from dark, seedy online gaming networks?

Maybe, says a recent white paper with the deceptively tame title "An Analysis of DrDoS and DDoS Attacks Involving the Multiplayer Video Gaming Community." In it, DDoS mitigation service provider Prolexic tells a tale of revenge, exploitation and extreme competition among gamers.

The report explains how vulnerable game servers become launch points for DDoS attacks against both third-party and in-game targets. It's become so common that the gaming community has its own term for the practice: "packeting." These attacks are most often reflection-based, using compromised servers to take down a target by spoofing requests to public services that return responses, flooding the target's network connection or overwhelming available resources. Gamers initiate attacks for a variety of reasons, including inducing enough lag to achieve a strategic advantage over rivals.

[ DDoS attacks can cost serious money and are nearly impossible to repel with standard defenses. Should you buy protection? ]

What's disconcerting, however, is the potential use of these often-vulnerable servers to carry out DDoS attacks against enterprise networks. Downtime and disruption caused by DDoS attacks is expensive, costing victims an average of $172,238, according to the Ponemon Institute, and you don't even get to blow up any virtual cities for your trouble.

Both IT organizations and game platform providers can take action to minimize the impact of such attacks, as well as prevent their servers from being used as an attack platform. Above all, remain vigilant and have monitoring and alerting systems and processes in place to rapidly detect and respond to an attack in progress. Specifically:

-- Close open resolvers: A significant number of DDoS attacks are carried out against DNS due to the public nature of the servers they provide. It's a rare organization that needs to act as an open resolver -- in most cases, these systems are misconfigured. Turning off open recursion is a good first step toward mitigating the effects of a DNS DDoS attack.

-- Mind your bandwidth: Reflective attacks work because the response, which is sent to the victim, is many orders of magnitude larger than the request itself. The sheer volume and size of responses can consume every bit of available bandwidth and cause network outages and service disruptions. Ensuring that you have spare network capacity -- both available bandwidth and packets-per-second processing power -- will buy you time to take action in the face of an attack. 


-- Consider rate limiting on perimeter network elements: Response-rate limiting as well as inbound packet filtering, particularly when network-layer anomalies indicative of an attack can be identified, will help reduce the impact of a DDoS attack on other services.

Gaming platform providers can -- and should -- do more to monitor and guard against abuse of their resources. Packet-filtering, rate limiting and, of course, addressing server vulnerabilities will go a long way toward eliminating the ability of gamers to exploit systems for their own gain.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
9/19/2013 | 12:28:24 AM
re: Grand Theft Oh No: When Online Gamers Attack
What evidence does the report provide that gaming community behavior spills over to affect businesses outside that sector?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-5084
Published: 2015-08-02
The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically approximate attackers to obtain sensitive information via unspecified vectors.

CVE-2015-5352
Published: 2015-08-02
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time ...

CVE-2015-5537
Published: 2015-08-02
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.

CVE-2015-5600
Published: 2015-08-02
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumptio...

CVE-2015-1009
Published: 2015-07-31
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!