New Type of DDoS Attack Targets Online Games
For online computer games, distributed denial-of-service (DDoS) attacks are nothing new. But a new type of DDoS attack, used last week to take down the online game "League of Legends" and several other video-game servers, is proving both highly effective and difficult to defend against.
What's more, it's costing professional gamers, who make money from advertisements during livestreams of their performances, thousands of dollars out of their livelihoods.
DDoS attacks consist of overloading a targeted server with a huge volume of seemingly legitimate, but difficult to fulfill, requests, which overwhelms the server so that it can't efficiently respond to real requests. Many websites can defend themselves against older means of generating DDoS attacks, which usually involve manipulating the Internet's Transmission Control Protocol (TCP) to create fake IP (Internet Protocol) addresses and junk data packets to flood targeted servers.
However, a new trick that abuses the Network Time Protocol (NTP), which keeps computers' clocks synced up to Coordinated Universal Time, is proving more difficult to thwart.
The NTP method first began to appear late last year. To bring down a server such as one running "League of Legends," the attackers trick NTP servers into thinking they've been queried by the "League of Legends" server.
The NTP servers, thinking they're responding to a legitimate query, message the "League of Legends" server, overloading it with as many as 100 gigabits per second (Gbps). That's large even for a DDoS attack.
In this way, one small request to an NTP server can generate an enormous response capable of taking down even high-capacity websites.
NTP-style DDoS attacks were used last week (Jan. 2-3) to take down the servers for the online gaming platforms Steam, Origin and Battle.net as well as "League of Legends."
Aside from angering a whole lot of players, these attacks also cost professional gamers a lot of money by making them unable to do their jobs.
"These people generate revenue using game servers, so when they're attacked, it creates dramatic financial loss for them," Matt Mahvi, CEO of DDoS protection company Staminus, told Ars Technica.
Staminus told Ars Technica that many of its customers have been targeted by NTP-style DDoS attacks in the past few weeks, including several popular "Minecraft" servers.
NTP attacks are made possible via a vulnerability in the NTP servers, which the National Vulnerability Database first flagged on Jan. 2.
There isn't much that individual gamers can do to protect themselves against DDoS attacks. However, server operators can upgrade their NTP software to version 4.2.7p26 or later, in which the vulnerability exploited in these DDoS attacks has been patched.