Attacks/Breaches
9/17/2013
11:54 PM
Lori MacVittie
Lori MacVittie
Commentary
50%
50%

Grand Theft Oh No: When Online Gamers Attack

A new report says the tactics players use to slow down the competition may be trained on your site. Here's how to protect yourself.

The volume of distributed denial-of-service attacks is holding steady, with vendors and researchers pointing to statistic after chilling statistic about how many, how often and how successfully such exploits occur. Most blame the ability of attackers to leverage vast networks of compromised PCs, often procured at volume-discount prices on the resource black market. But are zombie armies getting the blame for attacks originating from dark, seedy online gaming networks?

Maybe, says a recent white paper with the deceptively tame title "An Analysis of DrDoS and DDoS Attacks Involving the Multiplayer Video Gaming Community." In it, DDoS mitigation service provider Prolexic tells a tale of revenge, exploitation and extreme competition among gamers.

The report explains how vulnerable game servers become launch points for DDoS attacks against both third-party and in-game targets. It's become so common that the gaming community has its own term for the practice: "packeting." These attacks are most often reflection-based, using compromised servers to take down a target by spoofing requests to public services that return responses, flooding the target's network connection or overwhelming available resources. Gamers initiate attacks for a variety of reasons, including inducing enough lag to achieve a strategic advantage over rivals.

[ DDoS attacks can cost serious money and are nearly impossible to repel with standard defenses. Should you buy protection? ]

What's disconcerting, however, is the potential use of these often-vulnerable servers to carry out DDoS attacks against enterprise networks. Downtime and disruption caused by DDoS attacks is expensive, costing victims an average of $172,238, according to the Ponemon Institute, and you don't even get to blow up any virtual cities for your trouble.

Both IT organizations and game platform providers can take action to minimize the impact of such attacks, as well as prevent their servers from being used as an attack platform. Above all, remain vigilant and have monitoring and alerting systems and processes in place to rapidly detect and respond to an attack in progress. Specifically:

-- Close open resolvers: A significant number of DDoS attacks are carried out against DNS due to the public nature of the servers they provide. It's a rare organization that needs to act as an open resolver -- in most cases, these systems are misconfigured. Turning off open recursion is a good first step toward mitigating the effects of a DNS DDoS attack.

-- Mind your bandwidth: Reflective attacks work because the response, which is sent to the victim, is many orders of magnitude larger than the request itself. The sheer volume and size of responses can consume every bit of available bandwidth and cause network outages and service disruptions. Ensuring that you have spare network capacity -- both available bandwidth and packets-per-second processing power -- will buy you time to take action in the face of an attack. 


-- Consider rate limiting on perimeter network elements: Response-rate limiting as well as inbound packet filtering, particularly when network-layer anomalies indicative of an attack can be identified, will help reduce the impact of a DDoS attack on other services.

Gaming platform providers can -- and should -- do more to monitor and guard against abuse of their resources. Packet-filtering, rate limiting and, of course, addressing server vulnerabilities will go a long way toward eliminating the ability of gamers to exploit systems for their own gain.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
9/19/2013 | 12:28:24 AM
re: Grand Theft Oh No: When Online Gamers Attack
What evidence does the report provide that gaming community behavior spills over to affect businesses outside that sector?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

CVE-2014-2716
Published: 2014-12-19
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.