DDoS/DoS Follow Up
Updated: 29th October 2019
We wanted to update you on the DDoS/DoS article that was shared a few weeks ago, Click Here to read up on this again.
Results
The deployment and delivery of our previously communicated plan has resulted in a 93% drop in the frequency of DDoS/DoS attacks.
While this is a huge improvement, we are committed to continuing our work on strengthening the network infrastructure to prevent further attacks. We are also improving our automated monitoring that detects people initiating attacks to populate DDoS Ban Waves.
Current Status
Below you will find updates on the status of action items outlined previously.
Ban Waves
With the DDoS/DoS ban wave process for both PC and Console now in place, we plan to continue these in the future as needed.
Status: COMPLETE
Reducing Matches per Server
Status: COMPLETE
Remove Escalating Abandon Sanction
Status: COMPLETE
We are in the process of determining the best time to reintroduce this feature, as the DDoS attacks have lessened considerably.
Network Traffic Monitoring/Management
Status: COMPLETE
Legal Action
Cease and desists to websites and people hosting these services.
Status: ONGOING
Legal action against prominent DDoS/DoS attackers, and cheat makers.
Status: CLAIMS FILED
Working with Microsoft Partners
Development is ongoing with our partners on the Microsoft Azure team, and we are working closely with them to develop both short and long term solutions.
Impact: This will have a substantial impact on DDoS, DoS, Soft Booting, and server stressing.
**Status: IN TESTING
**
DDoS, DoS, and our Next Steps
We have monitored an increase in the amount of DDoS and DoS attacks against our servers following the release of Operation Ember Rise. Below you will find our next steps for how we plan to address the situation and move forward.
Next Steps
Ban Waves
We have identified the worst offenders perpetuating these DDoS/DoS attacks, and will be initiating a ban wave. This will apply to both PC and Console players.
Impact: Players that have been found to be initiating DDoS/DoS attacks will be banned.
Target: Next Week, will continue as needed
Reducing Matches per Server
We currently host 3 matches per server. When a server crashes, or when a DDoS/DoS attack occurs, this results in 3 matches being impacted and taken offline. We are splitting this to have each server host a single match to reduce the impact
Impact: 66% reduction in the impact of DDoS/DoS attacks.
Target: End of this week
Remove Escalating Abandon Sanction
We have noted the unintended consequences of the escalating abandon sanction on players impacted by DDoS/DoS attacks. We are disabling this feature to reduce the longer term impact that is felt by legitimate players.
Impact: Reduce impact felt by legitimate players after a match has been ended via DDoS/DoS/Soft Booting.
Target: End of this week
Network Traffic Monitoring/Management
We are making adjustments to how we manage and monitor network data, and how we accept packets sent to our servers. We cannot provide details on this topic, as it will expose information that can be used to circumvent the work we are doing. This will have a substantial impact on DDoS, DoS, Soft Booting, and server stressing.
Impact: This will have a substantial impact on DDoS, DoS, Soft Booting, and server stressing.
Target: Early October
Legal Options
We have discussed the current situation with our legal team, and assessed our options. We will be issuing cease and desists to websites and people hosting these services.
Legal action against prominent DDoS/DoS attackers is in progress.
Impact: Reduce the availability of DDoS/DoS service providers
Target: Ongoing
Working with Microsoft Partners
Development is ongoing with our partners on the Microsoft Azure team, and we are working closely with them to develop both short and long term solutions.
Impact: This will have a substantial impact on DDoS, DoS, Soft Booting, and server stressing.
Target: Ongoing
List of Terms
These terms will be used regularly throughout this article:
DDoS – An attack on the server, or network, from multiple PCs/devices that overloads the network. This results in all players being disconnected and the match ending.
DoS – An attack on the server, or network, from a single PC/device that overloads the connection. This sometimes results in all players being disconnected.
“Soft Booting” – A DDoS/DoS attack that degrades the network/server to the point that some players are dropped from the match.
“Stressing” – A DDoS/DoS attack that degrades the network/server to a lesser degree than “Soft Booting”. This results in all players maintaining their connection, but having a constant ping >1,000ms, making the game unresponsive.
