New Type of DDoS Attack Targets Online Games

For online computer games, distributed denial-of-service (DDoS) attacks are nothing new. But a new type of DDoS attack, used last week to take down the online game "League of Legends" and several other video-game servers, is proving both highly effective and difficult to defend against.

What's more, it's costing professional gamers, who make money from advertisements during livestreams of their performances, thousands of dollars out of their livelihoods.

MORE: 13 Awesome PC Games That Have Gone Free

DDoS attacks consist of overloading a targeted server with a huge volume of seemingly legitimate, but difficult to fulfill, requests, which overwhelms the server so that it can't efficiently respond to real requests.  Many websites can defend themselves against older means of generating DDoS attacks, which usually involve manipulating the Internet's Transmission Control Protocol (TCP) to create fake IP (Internet Protocol) addresses and junk data packets to flood targeted servers.

However, a new trick that abuses the Network Time Protocol (NTP), which keeps computers' clocks synced up to Coordinated Universal Time, is proving more difficult to thwart.

The NTP method first began to appear late last year. To bring down a server such as one running "League of Legends," the attackers trick NTP servers into thinking they've been queried by the "League of Legends" server.

The NTP servers, thinking they're responding to a legitimate query, message the "League of Legends" server, overloading it with as many as 100 gigabits per second (Gbps). That's large even for a DDoS attack.

In this way, one small request to an NTP server can generate an enormous response capable of taking down even high-capacity websites.

NTP-style DDoS attacks were used last week (Jan. 2-3) to take down the servers for the online gaming platforms Steam, Origin and Battle.net as well as "League of Legends."

Aside from angering a whole lot of players, these attacks also cost professional gamers a lot of money by making them unable to do their jobs.

"These people generate revenue using game servers, so when they're attacked, it creates dramatic financial loss for them," Matt Mahvi, CEO of DDoS protection company Staminus, told Ars Technica.

Staminus told Ars Technica that many of its customers have been targeted by NTP-style DDoS attacks in the past few weeks, including several popular "Minecraft" servers.

NTP attacks are made possible via a vulnerability in the NTP servers, which the National Vulnerability Database first flagged on Jan. 2.  

There isn't much that individual gamers can do to protect themselves against DDoS attacks. However, server operators can upgrade their NTP software to version 4.2.7p26 or later, in which the vulnerability exploited in these DDoS attacks has been patched.  

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects.