Shard is (no longer) back up - UPDATED

[Red Squirrel]

Let's say we were to block the bad IPs would it do anything? Or would the fact that the router/firewall has to check the ACL use up enough resources for the DoS to still be affective?

Since if it works, we could do the IP validation system. Block all IPs, and only allow a pool of IPs that we validate through a special process. I'm guessing everyone here has broadband, so in most cases the IP changes rarely, so it's not a big issue to go and revalidate when needed.

I would love to fight back, but yes it would be illegal and backfire on us so it's best to stick to the legal route. I hate how that works though.

 

[Kenshin]

Perhaps I'm unsure of the extent which the assailants have accessed the server that they are attacking, however is this Ddos attack similar to a Unix/linux smurf attack? if this is the case it doesn't seem realistic that simply banning all external users would do the trick since in multi-packet pings don't require a loging but simply a small request by hundreds of machines. And if the form of attack isn't just a simple request for a ping reply, then just setting up an e-mail verification of accounts signing on may be enough even without needing a specific IP to log for the account as long as the server created a log of all current ip's logged to users on (Verified by password) up to and including the start of such an attack. This way you could ban those accounts via the logfile. besides, it's quite realistic to believe if this is an attack, that the person(s) who have started attacking invariably have logged into demise at one point or another to keep updated on the effects of their attacks. Just throwing out ideas and options based on what has been discussed here.

I don't think i fully understood your post as i'm pretty tired, but in order to prevent the DDoSing you'd have to act at a level before the connection request to the server, so that it never makes contact (not even for validation)

 

[Kenshin]

Let's say we were to block the bad IPs would it do anything? Or would the fact that the router/firewall has to check the ACL use up enough resources for the DoS to still be affective?

Since if it works, we could do the IP validation system. Block all IPs, and only allow a pool of IPs that we validate through a special process. I'm guessing everyone here has broadband, so in most cases the IP changes rarely, so it's not a big issue to go and revalidate when needed.

I would love to fight back, but yes it would be illegal and backfire on us so it's best to stick to the legal route. I hate how that works though.

Not really, a lot of people a knew in game have dial up

Also i have ADSL and my ip changes everytime i connect (which is a lot in this time of the year, due to overheating)

 

[Red Squirrel]

I don't think i fully understood your post as i'm pretty tired, but in order to prevent the DDoSing you'd have to act at a level before the connection request to the server, so that it never makes contact (not even for validation)

Yeah I think the only way is a hardware firewall (a powerful one, like a Sonicwall). I wonder if the data center has that option, and if it's affordable. I'd guess not though... only if fiber was not so expensive demise could be run in someone's basement with an unlimited amount of security resources.

Something like this:

[INTERNET] -> [SONICWALL] -> [OPTIONAL OTHER FIREWALL] -> [SERVER]

A higher end Sonicwall could most likely handle these attacks (validation + block) of these packets no problem. I know the higher end models have a xeon processor and quit a lot of ram, it's almost as powerful as the server itself.

 

[Red Squirrel]

Not really, a lot of people a knew in game have dial up

Also i have ADSL and my ip changes everytime i connect (which is a lot in this time of the year, due to overheating)

UO even runs on dialup? Never would have figured.

 

[Kenshin]

Yeah I think the only way is a hardware firewall (a powerful one, like a Sonicwall). I wonder if the data center has that option, and if it's affordable. I'd guess not though... only if fiber was not so expensive demise could be run in someone's basement with an unlimited amount of security resources.

Something like this:

[INTERNET] -> [SONICWALL] -> [OPTIONAL OTHER FIREWALL] -> [SERVER]

A higher end Sonicwall could most likely handle these attacks (validation + block) of these packets no problem. I know the higher end models have a xeon processor and quit a lot of ram, it's almost as powerful as the server itself.

And such an equipment is not what you'd call cheap

 

[Red Squirrel]

Yeah cost is probably the biggest issue. Especially if it's hosted at a data centre since they'll be sure you to charge per month, rather then 1 time hardware cost.

 

[Layne]

I was reading a technique similiar to what Livingman was talking about, a 3 way handshake that verifies the packet is coming from a valid already established IP. It seems to be the most effective method, although I wonder how much it would slow down gameplay. It wouldn't cause server side lag but effect the user more.

Ferris you mentioned that the shard will be like it was when you last logged in, so I take it we do have that save point that was reverted back to after the 1st crash/reboot or whatever it was?

 

[Born_Under_a_Sign]

Yess DDos... But I hink there is nothing to do because firewalls or updates or chancing ip are not able to prevent this type of attacks. Its simple f....n ping flood.only way find him who attempt this silly attack and give him or her a good lesson in legal way.Ohhh Pls some one tell me Demise will be closed.Plsssss some one tell meee

 

[juanmatus]

why demise is gone of gateway????

 

[Bardic-demise]

why demise is gone of gateway????

Shard is (no longer) back up

 

[Gaspar]

Message of support to the admins and people that help make Demise possible

I think we can all agree that this situation sucks. It isn't any of the admins or and (hopefully) of the players. It is solely the fault of one individual or group of individuals who have attacked our community in an immoral and illegal way.
There is not much any of us can do until the person(s) responsible stop or are caught. I know that a lot of people are doing everything they can (and there isn't much anyone can do) to help fix this situation. I would just like to say that I appreciate what the administration staff of Demise and of RunUO have done and continue to do. I would also like to thank all of my fellow players who have made this game successful.

Thank you one and all.

-Jamaal Scott,
a.k.a. Gaspar [K.V.]

 

[Rainier]

If the nfo we've been given is correct, a 6Gbps attack is freaking huge. like really huge. and the last attack i think said up to 10!!! go google articles on large DDoS attacks. 1Gbps is enough to take down practically anything unless you have a few full time employees to pay and about 1 mill to build a giant server farm to absorb the traffic instead of being null-routed or paying a facility with that capibility. Neither of which are gonna happen. According to several sources online, it says a zombie botnet of 10,000 infected computers can sustain a 1Gbps attack. Yes ten thousand! u do the math on a 6-10 Gbps attack

I wouldnt bother giving him/them anymore ego trips by trying to figure it out here in public where you know he/they whoever are for sure reading and laughing their asses off.

 

[Vlad_The_Impaler]

Big Question

I really hate to ask the question, but since there has been no mention as to a possible up-time for demise (As i'm sure the admin are working their tails off to get it back up and running) is there a sister/brother shard that works closely with demise admin (or at least is considered non-hostile to) that I could waste some time on until Demise is back up that you guys could recommend? I would prefer a mirror (If shards CAN be mirrored and this one has been) if not nevermind. It would only be until I hear that Demise is once again stable as I have friends that play here. New player wanting to know lol.

 

[ASayre]

I really hate to ask the question, but since there has been no mention as to a possible up-time for demise (As i'm sure the admin are working their tails off to get it back up and running) is there a sister/brother shard that works closely with demise admin (or at least is considered non-hostile to) that I could waste some time on until Demise is back up that you guys could recommend? I would prefer a mirror (If shards CAN be mirrored and this one has been) if not nevermind. It would only be until I hear that Demise is once again stable as I have friends that play here. New player wanting to know lol.

UOGamers: Rebirth. Our other shard, UOGamers: Hybrid is also under sttack currently.

 

[The Mysterious Stranger]

man... what do those ppl have to gain from attacking us?...

 

[jonthemaster]

They get their jollies from seeing us fret over a game. and untill they realize that this doesnt harm anyone but themselves when/if they get caught they wont quit. oh and keep up the good work guys and thanks for making Demise the best player run shard out here. it is player run isnt it?

 

[KRISTJAN]

man... what do those ppl have to gain from attacking us?...

Depends from their relation to the admins, run UO, the players or UO it self. You can never say how idiotic ppl can be.

I am training pvp on other servers ... if you can't wait till demise is back train new combos like I am doing so that when demise is back up you'll be much stronger against pks or else to kill inocent ppl

'six feet under' gives you GM in all skills ... it is quite good to practice on it but annoying to play on it

 

[Red Squirrel]

What sucks is that until we find this person, we loose. They'll just keep the attack going.

 

[phil823]

mmm...i do hope the demise owners report this!