29/10/2019

DDOS, DOS and Our Next Steps

DDoS/DoS Follow Up

Updated: 29th October 2019

We wanted to update you on the DDoS/DoS article that was shared a few weeks ago, Click Here to read up on this again.

Results

The deployment and delivery of our previously communicated plan has resulted in a 93% drop in the frequency of DDoS/DoS attacks.

While this is a huge improvement, we are committed to continuing our work on strengthening the network infrastructure to prevent further attacks. We are also improving our automated monitoring that detects people initiating attacks to populate DDoS Ban Waves.

Current Status

Below you will find updates on the status of action items outlined previously.

Ban Waves

With the DDoS/DoS ban wave process for both PC and Console now in place, we plan to continue these in the future as needed.

Status: COMPLETE

Reducing Matches per Server

Status: COMPLETE

Remove Escalating Abandon Sanction

Status: COMPLETE

We are in the process of determining the best time to reintroduce this feature, as the DDoS attacks have lessened considerably.

Network Traffic Monitoring/Management

Status: COMPLETE

Legal Action

Cease and desists to websites and people hosting these services.

Status: ONGOING

Legal action against prominent DDoS/DoS attackers, and cheat makers.

Status: CLAIMS FILED

Working with Microsoft Partners

Development is ongoing with our partners on the Microsoft Azure team, and we are working closely with them to develop both short and long term solutions.

Impact: This will have a substantial impact on DDoS, DoS, Soft Booting, and server stressing.

**Status: IN TESTING
**


DDoS, DoS, and our Next Steps

Posted on 18th September

We have monitored an increase in the amount of DDoS and DoS attacks against our servers following the release of Operation Ember Rise. Below you will find our next steps for how we plan to address the situation and move forward.

Next Steps

Ban Waves

We have identified the worst offenders perpetuating these DDoS/DoS attacks, and will be initiating a ban wave. This will apply to both PC and Console players.

Impact: Players that have been found to be initiating DDoS/DoS attacks will be banned.

Target: Next Week, will continue as needed

Reducing Matches per Server

We currently host 3 matches per server. When a server crashes, or when a DDoS/DoS attack occurs, this results in 3 matches being impacted and taken offline. We are splitting this to have each server host a single match to reduce the impact

Impact: 66% reduction in the impact of DDoS/DoS attacks.

Target: End of this week

Remove Escalating Abandon Sanction

We have noted the unintended consequences of the escalating abandon sanction on players impacted by DDoS/DoS attacks. We are disabling this feature to reduce the longer term impact that is felt by legitimate players.

Impact: Reduce impact felt by legitimate players after a match has been ended via DDoS/DoS/Soft Booting.

Target: End of this week

Network Traffic Monitoring/Management

We are making adjustments to how we manage and monitor network data, and how we accept packets sent to our servers. We cannot provide details on this topic, as it will expose information that can be used to circumvent the work we are doing. This will have a substantial impact on DDoS, DoS, Soft Booting, and server stressing.

Impact: This will have a substantial impact on DDoS, DoS, Soft Booting, and server stressing.

Target: Early October

Legal Options

We have discussed the current situation with our legal team, and assessed our options. We will be issuing cease and desists to websites and people hosting these services.

Legal action against prominent DDoS/DoS attackers is in progress.

Impact: Reduce the availability of DDoS/DoS service providers

Target: Ongoing

Working with Microsoft Partners

Development is ongoing with our partners on the Microsoft Azure team, and we are working closely with them to develop both short and long term solutions.

Impact: This will have a substantial impact on DDoS, DoS, Soft Booting, and server stressing.

Target: Ongoing

List of Terms

These terms will be used regularly throughout this article:

DDoS – An attack on the server, or network, from multiple PCs/devices that overloads the network. This results in all players being disconnected and the match ending.

DoS – An attack on the server, or network, from a single PC/device that overloads the connection. This sometimes results in all players being disconnected.

“Soft Booting” – A DDoS/DoS attack that degrades the network/server to the point that some players are dropped from the match.

“Stressing” – A DDoS/DoS attack that degrades the network/server to a lesser degree than “Soft Booting”. This results in all players maintaining their connection, but having a constant ping >1,000ms, making the game unresponsive.

Visit Other Social Channels

facebook icontwitter iconyoutube icontwitch icon