Pages: 1 2 3 4 5 6 7 8 [9] 10 11 12 13 14 15 16 17 18 19 20 .. 25 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 6 post(s) |
topix92
|
Posted - 2011.06.15 01:09:00 -
[241]
Originally by: Abor Mala I'm wondering about the technical details of the DOS attack. If it was a simple PING flood it could be easily disabled by setting an ACL in the firewall to deny all ICMP packets from any source.
If it was a TCP SYN flood to the EVE login port it would take some tricky filtering to differentiate between a login request from a real Eve client, and the flood of TCP SYNs from the attacking nodes. I assume there is some sort of rate limit set in the firewall to discard TCP SYNs from the same source IP, but the source IPs could be spoofed to make them different.
I guess it was a simpel Ping attack, CCP maybe should have thought about that:P but still LulzSec went easy on CCP.
Well done CCP. Everyone which is angry right now, DONT BE ANGRY AT CCP. CCP did what they thought was the best thing to do to not risk your personal information.
|
Kane Kodiac
|
Posted - 2011.06.15 01:09:00 -
[242]
Originally by: Macabre Devil
Yeesh...wonder how I can make back the ISK I lost from this fiasco...
Maybe they will credit current accounts with skill points like in the past?
...fingers crossed...
|
Lancot
|
Posted - 2011.06.15 01:09:00 -
[243]
I want to address a few things here.
1. CCP did good. Maybe it wasn't the best solution to the problem, but given the reputation of LulzSec (they do seem to have a few who actually know what they are doing), it was the safest solution. A server that is not running is 100% guaranteed not hackable. Also, this decision had another, more subtle, effect. According to LulzSec tweets, they were annoyed/disappointed by the fact that CCP simply wasn't playing along and shut everything down. So in the end, DDOSing Eve wasn't that much of lulz as they expected it to be. It's like someone scrambling your precious ship and you simply self-destroying the ship. It takes out the fun and you give the attacker the proverbial finger.
2. The community was something to be proud of in the last hours. I wasn't on the forums but anywhere else on the internet, I could only read about slight annoyance from the community. No full-blown rage attacks, no immature statements about how stupid everything is (although the statement itself was everywhere, but just in a mature way), etc. You guys rock (until you blow me to smithereens, then you're just cool).
3. How about we order those guys at CCP some pizza, since they do have to work at night right now for our universe to be running?
|
S'qarpium D'igil
|
Posted - 2011.06.15 01:09:00 -
[244]
Thank you, CCP. Keep up the good work! <3
PS. I get mad at you about some things, but you're doing well today. :)
|
Barbarella Smith
|
Posted - 2011.06.15 01:10:00 -
[245]
good job ccp
|
Cortith Barnacarus
Gallente University of Caille
|
Posted - 2011.06.15 01:12:00 -
[246]
Jesus.. First Sony, now Bethesda, Nintendo, Codemasters, Epic Games, and even CCP?... Frak, what's the deal with these people? |
Wyke Mossari
Gallente
|
Posted - 2011.06.15 01:13:00 -
[247]
Originally by: Sister Virgin
--dated BS snipped--
Sister Virgin Aged, Retired, REAL Hacker and Phreaker
You don't know what you are talking about.
A Ping flood is a very old attack vector and doesn't work against any OS less than 10 years old.
Today the vast majority of DDOS attacks are carried out with SYN floods, some use a low data rate tear-drop attack.
DDOS the front door is often a distraction to hide a covert intrusion via another route.
Current Technical Architect.
|
Martineski
|
Posted - 2011.06.15 01:13:00 -
[248]
great response and timing CCP. glad you stopped the attack before damage could have been caused. and for those out there saying just block pings, thats not all there is to it. Pings are just one type of DDoS attack, you can also do packet flooding and other things to bring the servers to a halt. I am studying in the field of Network Security and its more complicated than just a few Countermeasures.
Thanks again CCP
|
Jormungandr Bastanold
|
Posted - 2011.06.15 01:15:00 -
[249]
These people, in my own opinion, have a God syndrome. They do those things because they can. They might actually fool themselves into beliving they're "testing the security" or something like twisted that.
|
Bunnyy Lebowski
|
Posted - 2011.06.15 01:15:00 -
[250]
All of the people demanding to know what CCP plans to do to guard against this in the future or details outside of what CCP is offering up should realize:
- You are asking questions that answers do not exist for yet.
- Statements made this soon after an event are public facing statements to avoid wild speculative rumors
- You are asking questions that answers do not exist for yet.
- Time CCP has to spend dealing with the assault from players is time that isn't being spent doing anything useful.
- You are asking questions that answers do not exist for yet.
- You are asking questions that answers do not exist for yet.
- You should be so fortunate that they have given us even this much information considering how soon it is after.
- If you are now asking yourself "why?" to the item above it, the answer is "Because, (Insert item below)"
- You are asking questions that answers do not exist for yet.
Relax, anything there is to tell that will be told will be told soon enough. If half the people going "WTFBBQ I DEMAND ANSWERS RAWR IMABEAR!" focused that energy collectively towards the actual source of this problem, you would at worst be doing something more useful than shouting at CCP to "fix their sh*t".
You may now proceed to flame me as if any of those items were even remotely untrue. Bunnyy |
|
count sporkula
|
Posted - 2011.06.15 01:16:00 -
[251]
There is a very simple answer for this. sometimes the start of dos - ddos - rddos attack is used to mask other intrusions until they finish and can cover their tracks. it is very wise to remove this possibility before they finish. if they where mucking around in there you want all the tracks you can get...
it was perfectly reasonable for them to do this. they get a thumbs up from me.
Originally by: JEK3
Originally by: Sister Virgin A DOS or Denial of Service attack (most commonly done with a ping flood) is most often completely different than a hacking attempt to breach a database.
Why CCP suddenly took credit for making sure credit card data was safe makes no sense, as someone attempting to obtain files would not call attention to themselves with something as stupid and simple as a DOS attack.
Two COMPLETELY different things.
It sounds like CCP has ****ed someone off big time whom is retaliating by flooding the servers. And CCP to pull some smoke and mirrors has used that to their advantage to try to make themselves look like heros.
Some people are not THAT stupid.... Sigh....
Oh and some advice to CCP. Seek some advice and do some research about how eBay and Amazon prevent this. I suspect you can just make your servers ignore pings. That simple. (I hope)
To players; Until CCP does that, I predict they could be down for days until law enforcement can intervene.
Sucks, I wanted to play today.
Cheers
Sister Virgin Aged, Retired, REAL Hacker and Phreaker
I was about to write that when I saw your post Sister Virgin. I cannot put that better ;-)
CCP, I think you should really answer to that post, as it contains a few interesting points!
|
Tali Ambraelle
|
Posted - 2011.06.15 01:17:00 -
[252]
Edited by: Tali Ambraelle on 15/06/2011 01:17:00 Atlas has confirmed to paying RMT cash to LulzSec for the DDoS attack.
http://www.eveonline.com/ingameboard.asp?a=topic&threadID=1528162&page=2
|
Soden Rah
Gallente EVE University Ivy League
|
Posted - 2011.06.15 01:17:00 -
[253]
Originally by: Wyke Mossari
Originally by: Sister Virgin
--dated BS snipped--
Sister Virgin Aged, Retired, REAL Hacker and Phreaker
You don't know what you are talking about.
A Ping flood is a very old attack vector and doesn't work against any OS less than 10 years old.
Today the vast majority of DDOS attacks are carried out with SYN floods, some use a low data rate tear-drop attack.
DDOS the front door is often a distraction to hide a covert intrusion via another route.
Current Technical Architect.
also talking about Amazon and ebay defending themselves... they post profits in the hundreds of millions... they can afford distributed servers and computer security CCP could only dream of. __________________________________________________
Originally by: CCP Tuxford bugger, I need to have a closer look at this menu function
|
penmonkey
|
Posted - 2011.06.15 01:17:00 -
[254]
Originally by: Wyke Mossari
Originally by: Sister Virgin
--dated BS snipped--
Sister Virgin Aged, Retired, REAL Hacker and Phreaker
You don't know what you are talking about.
we all know he doesnt know anything but a believe you can be arrested for hacking so report report report lol just kidding i know your no hacker you would have to be half way smart
A Ping flood is a very old attack vector and doesn't work against any OS less than 10 years old.
Today the vast majority of DDOS attacks are carried out with SYN floods, some use a low data rate tear-drop attack.
DDOS the front door is often a distraction to hide a covert intrusion via another route.
Current Technical Architect.
|
Sergeant Spot
Galactic Geographic BookMark Surveying Inc.
|
Posted - 2011.06.15 01:18:00 -
[255]
Well done CCP. A proper response to a serious situation.
Also glad to see that most players recognize reality on this. (as for the 'compensation' whiners, let em rot....)
Play nice while you butcher each other.
|
Uncle AWOL
|
Posted - 2011.06.15 01:20:00 -
[256]
Originally by: Jormungandr Bastanold These people, in my own opinion, have a God syndrome. They do those things because they can. They might actually fool themselves into beliving they're "testing the security" or something like twisted that.
this happens every now and then. its sad really that people stupe so low as to believe themselves as superior to the rest of us. or theyve all been watching too many movies. :) BTW i wouldnt be surprised if they tried to hack Microsoft any time soon. so i would get rid of any card information on any and all sites. if possible
|
Annika Ocada
|
Posted - 2011.06.15 01:21:00 -
[257]
They need to be back-traced and the cyber police notified immediately .. consequences will never be the same.
|
TwoJohn
|
Posted - 2011.06.15 01:22:00 -
[258]
Edited by: TwoJohn on 15/06/2011 01:23:28
Originally by: Katrina Raskin A few points:
The group claiming responsibility has stated it was not for any reason beside the "lulz". They also took down a number of other sites today. It's unlikely to be retaliation or a vendetta.
A DoS attack is often used to create cover for other more intrusive attacks. (Simplified e.g. : Try to pick out the intrusive connection in the field of non-intrusive and combat it, while trying to combat the DoS simultaneously).
With certain systems a DoS can cause flaws in a server response which can allow for exploits to be used (simplified e.g. An overloaded server may not respond correctly to requests, allow for injection, etc)
DoS being limited to pings... Um, no. Just, too much wrong with that to even begin to explain it. And most servers are set to ignore anyway. Amazon and eBay are not comparable to CCP, not in scale, scope or resources. That's just... *shakes head* Oi.
CCP's response was correct in this situation. There's just no possible way anyone with current knowledge of networking can say otherwise.
thank you for stating that. i agree, it is just too much to explain the details... i just wanted to add: you cannot fight ddos by blocking the traffic it causes - because the traffic then already happened! the only way to counter ddos is by filtering/redirecting the traffic on the providers side and/or by shutting down the botnet nodes that cause the traffic! and if the ddos is done right (hate to say that) you cannot do ANYTHING against it but to wait until it stops.
CCP has done the right thing. as raskin said, ddos often is done to cloak the real attack. you cannot know when it is just for the "lulz". i hope these stupid kids come to their senses when they realize they just get no support for their bored bull****ting. not even on 4chan. these guys are like the griefers in eve online. they do it for the tears and the whining.
...so stop whining please ;)
cu twojohn
p.s. i am a too slow poster...
|
Mike Takumi
Caldari hirr Morsus Mihi
|
Posted - 2011.06.15 01:22:00 -
[259]
Just curious, all these Atlas. people claiming responsibility will be banned, yes? They've claimed themselves guilty, so I guess they would like judgement of the banhammer.
|
Jormungandr Bastanold
|
Posted - 2011.06.15 01:24:00 -
[260]
You could be in the corp and inactive for 6 month. I would not ban a whole corp.
|
|
topix92
|
Posted - 2011.06.15 01:24:00 -
[261]
Originally by: Lancot I want to address a few things here.
1. CCP did good. Maybe it wasn't the best solution to the problem, but given the reputation of LulzSec (they do seem to have a few who actually know what they are doing), it was the safest solution. A server that is not running is 100% guaranteed not hackable. Also, this decision had another, more subtle, effect. According to LulzSec tweets, they were annoyed/disappointed by the fact that CCP simply wasn't playing along and shut everything down. So in the end, DDOSing Eve wasn't that much of lulz as they expected it to be. It's like someone scrambling your precious ship and you simply self-destroying the ship. It takes out the fun and you give the attacker the proverbial finger.
2. The community was something to be proud of in the last hours. I wasn't on the forums but anywhere else on the internet, I could only read about slight annoyance from the community. No full-blown rage attacks, no immature statements about how stupid everything is (although the statement itself was everywhere, but just in a mature way), etc. You guys rock (until you blow me to smithereens, then you're just cool).
3. How about we order those guys at CCP some pizza, since they do have to work at night right now for our universe to be running?
So right, i didn't find much complains from EVEplayers, the League of Legends players WAS hilarious to read when they raged at this. CCP did the right thing on many grounds for one to prevent personal information to be leaked, two so LulzSec got bored of DDosing them after a while.
|
Demitrios
Di-Tron Heavy Industries Atlas.
|
Posted - 2011.06.15 01:24:00 -
[262]
You can ban us, BUT YOU CAN NEVER TAKE OUR BOTNET OF DOOM!
FYI, we will be renting out the botnet of doom for 1b per 5mins.
Send your orders to Shmak Datash.
Thanks,
Demi
|
Soden Rah
Gallente EVE University Ivy League
|
Posted - 2011.06.15 01:25:00 -
[263]
Originally by: Uncle AWOL
Originally by: Jormungandr Bastanold These people, in my own opinion, have a God syndrome. They do those things because they can. They might actually fool themselves into beliving they're "testing the security" or something like twisted that.
this happens every now and then. its sad really that people stupe so low as to believe themselves as superior to the rest of us. or theyve all been watching too many movies. :) BTW i wouldnt be surprised if they tried to hack Microsoft any time soon. so i would get rid of any card information on any and all sites. if possible
hmmm, would it be worthwhile having special Internet credit cards specially for use on the internets, that expire every few hrs/days, meaning if you shop around all over the place your details expire pretty quickly. (this would be like a security token that spits out new credit card details every few hrs)
Any thoughts? __________________________________________________
Originally by: CCP Tuxford bugger, I need to have a closer look at this menu function
|
JEK3
|
Posted - 2011.06.15 01:26:00 -
[264]
Originally by: count sporkula There is a very simple answer for this. sometimes the start of dos - ddos - rddos attack is used to mask other intrusions until they finish and can cover their tracks. it is very wise to remove this possibility before they finish. if they where mucking around in there you want all the tracks you can get...
it was perfectly reasonable for them to do this. they get a thumbs up from me.
Thank you for your answer count sporkula. That cleared up some things for me. I still think CCP could have added what you said to their statement to make everything clear to the less "PC technical" users. Of one thing I'm still unsure. To me, it looks like the time it took to CCP to tell us our data were secure and not stolen was very short. Can you really come out with that kind of conclusion so quick?
Cheers JEK3
Originally by: JEK3
Originally by: Sister Virgin A DOS or Denial of Service attack (most commonly done with a ping flood) is most often completely different than a hacking attempt to breach a database.
Why CCP suddenly took credit for making sure credit card data was safe makes no sense, as someone attempting to obtain files would not call attention to themselves with something as stupid and simple as a DOS attack.
Two COMPLETELY different things.
It sounds like CCP has ****ed someone off big time whom is retaliating by flooding the servers. And CCP to pull some smoke and mirrors has used that to their advantage to try to make themselves look like heros.
Some people are not THAT stupid.... Sigh....
Oh and some advice to CCP. Seek some advice and do some research about how eBay and Amazon prevent this. I suspect you can just make your servers ignore pings. That simple. (I hope)
To players; Until CCP does that, I predict they could be down for days until law enforcement can intervene.
Sucks, I wanted to play today.
Cheers
Sister Virgin Aged, Retired, REAL Hacker and Phreaker
I was about to write that when I saw your post Sister Virgin. I cannot put that better ;-)
CCP, I think you should really answer to that post, as it contains a few interesting points!
|
Mike Takumi
Caldari hirr Morsus Mihi
|
Posted - 2011.06.15 01:27:00 -
[265]
Originally by: Jormungandr Bastanold You could be in the corp and inactive for 6 month. I would not ban a whole corp.
I didn't say a whole corp, just the people who are dumb enough to be seriously trying to claim responsibility for the attack.
|
Alvani
|
Posted - 2011.06.15 01:27:00 -
[266]
You know... I was going to make a post regarding this is more detail, however I will share some info....
Some group called lulzsec is claiming responsibility. They offer their hacking services to people who pay them, and their website contains admin accounts to various game companies (they are proud of their hacking).
This claim was made on their twitter (https://twitter.com/#!/LulzSec) Their website is: http://lulzsecurity.com If you click on "releases" you can find all the account information and passwords for various companies and their admin staff.
CCP... USE their claim and sue the pants off them for this.
By the way, the corp who owns the following website paid LulzSec to do the attack... At least this is what they claim. http://killboard.atlas-dot.net
Their post regarding it taunts a GM to ban them for this.
|
Soden Rah
Gallente EVE University Ivy League
|
Posted - 2011.06.15 01:29:00 -
[267]
Originally by: Mike Takumi
Originally by: Jormungandr Bastanold You could be in the corp and inactive for 6 month. I would not ban a whole corp.
I didn't say a whole corp, just the people who are dumb enough to be seriously trying to claim responsibility for the attack.
to do it legally... which part of the EULER covers flapping mouth off on forum claiming to have caused DDoS attack? __________________________________________________
Originally by: CCP Tuxford bugger, I need to have a closer look at this menu function
|
Jormungandr Bastanold
|
Posted - 2011.06.15 01:29:00 -
[268]
Originally by: Soden Rah
Originally by: Mike Takumi
Originally by: Jormungandr Bastanold You could be in the corp and inactive for 6 month. I would not ban a whole corp.
I didn't say a whole corp, just the people who are dumb enough to be seriously trying to claim responsibility for the attack.
to do it legally... which part of the EULER covers flapping mouth off on forum claiming to have caused DDoS attack?
Illegal activities. Ban pending investigation.
|
topix92
|
Posted - 2011.06.15 01:30:00 -
[269]
Originally by: Mike Takumi
Originally by: Jormungandr Bastanold You could be in the corp and inactive for 6 month. I would not ban a whole corp.
I didn't say a whole corp, just the people who are dumb enough to be seriously trying to claim responsibility for the attack.
Well the possibility is that your computer can be one of the computers used to make the DEATHBALL OF DDoS. You just dont know it. :D
|
BeanBagKing
Terra Incognita Intrepid Crossing
|
Posted - 2011.06.15 01:31:00 -
[270]
Edited by: BeanBagKing on 15/06/2011 01:32:06 I have a suggestion (not that it'll ever happen). We have a lot of people whining for compensation. I don't think we deserve any because a) none of this is CCP's fault b) I'm not the type of person who thinks I'm entitled to anything, especially in a game. and c) periodic unscheduled downtime should be expected by everyone anyway, CCP doesn't award compensation for any of those.
However, here's what I say we do. Since it wasn't CCP's fault (point a), then if/when LolSec is ever caught, I'm sure a lot of charges will be thrown at them, and I wouldn't be surprised if CCP's lawyers are doing some of the throwing. They should file a civil suit against them on the consumers (our) behalf at a rate of ($15 /30 days / 24 hours = ) .02 cents per hour for 5 hours of downtime times 500,000 (estimate) accounts which may or may not have been trying to log on, which would be somewhere around $52,000 (if I've done my math right, probably not). Then apply that in game time to all active accounts. Not so much because it's a great amount of time we missed or its a great amount of money for CCP but a front page post that they did it "for the lolz" would be an epic pun and it'd be one more thing to throw at them.
For those of you who are now going to poke holes in my math/law knowledge, I'm sure there's plenty and this will never happen, still, have at it if it makes you happy
|
|
|
|
|
Pages: 1 2 3 4 5 6 7 8 [9] 10 11 12 13 14 15 16 17 18 19 20 .. 25 :: one page |
First page | Previous page | Next page | Last page |