DDOS prevention. Something to look at maybe?

First Riot Post
Comment below rating threshold, click here to show it.

King Got Ya Punk

Senior Member

02-18-2014

http://www.techrepublic.com/blog/it-...mitigate-them/

Now i dont know if riot has done ANY of these things, because it seems all too oftem and easy for them to get smashed by some random troll who probably doesnt have the billions it would cost to do something extravagant to a fully locked down dns protocol. anyway have a look


Comment below rating threshold, click here to show it.

LargeSnorlax

Senior Member

02-18-2014

So you uh, know riot uses Cloudflare already to prevent DDOS attacks right?

The same company that themselves got DDOSed?

You can't really "prevent" it as easily as linking an article


Comment below rating threshold, click here to show it.

King Got Ya Punk

Senior Member

02-18-2014

im not the one thats going to prevent anything, nice trolling though. I just posted it because i dont think a lot of people know whats really going on


Comment below rating threshold, click here to show it.

RiotGradius

Associate Information Security Engineer

02-18-2014
1 of 17 Riot Posts

Hello, just wanted to see if I could drum up some conversations about the nature of DDOS attacks and what kind of scale we're seeing. The attacks that have recently taken place on many different Internet services are quite large because of a very specific flaw in the NTP protocol. These attacks are called reflection attacks. (http://en.wikipedia.org/wiki/Denial-...Spoofed_attack).

What's difficult to deal with when it comes to DDOS attacks is that the larger the attacks become, the easier it is for the attacker to completely consume all bandwidth available for a specific provider. What this means is that any Internet service that this provider has under them is also unable to communicate back to the Internet. As the attacks become larger, we block them farther and farther up the provider levels, until we're working with Tier 1 ISPs to implement access control lists that prevent these attacks. Here's some more information from Cloudflare about the recent NTP Reflection DDOSes (http://blog.cloudflare.com/understan...d-ddos-attacks)

Us networking guys at Riot are not only working internally to find a solution to this problem, but we're also working with the Information Security industry as a whole to improve the situation. We're working to find a tech solution to block the attacks as they're ongoing, and fixing the underlying problem of open/unpatched NTP servers on the Internet.

Please feel free to toss any questions my way that you might have, I would love to have a chat with everyone about this and answer as much as I can.


Comment below rating threshold, click here to show it.

six PERFECTIONS

Member

02-18-2014

Thanks RiotGradius for addressing the problem and telling us your procedure toward a solution It's what the community needs in times like these


Comment below rating threshold, click here to show it.

FxE MarkNooN

Senior Member

02-18-2014

Quote:
Originally Posted by RiotGradius View Post
Hello, just wanted to see if I could drum up some conversations about the nature of DDOS attacks and what kind of scale we're seeing. The attacks that have recently taken place on many different Internet services are quite large because of a very specific flaw in the NTP protocol. These attacks are called reflection attacks. (http://en.wikipedia.org/wiki/Denial-...Spoofed_attack).

What's difficult to deal with when it comes to DDOS attacks is that the larger the attacks become, the easier it is for the attacker to completely consume all bandwidth available for a specific provider. What this means is that any Internet service that this provider has under them is also unable to communicate back to the Internet. As the attacks become larger, we block them farther and farther up the provider levels, until we're working with Tier 1 ISPs to implement access control lists that prevent these attacks. Here's some more information from Cloudflare about the recent NTP Reflection DDOSes (http://blog.cloudflare.com/understan...d-ddos-attacks)

Us networking guys at Riot are not only working internally to find a solution to this problem, but we're also working with the Information Security industry as a whole to improve the situation. We're working to find a tech solution to block the attacks as they're ongoing, and fixing the underlying problem of open/unpatched NTP servers on the Internet.

Please feel free to toss any questions my way that you might have, I would love to have a chat with everyone about this and answer as much as I can.
Who is your favorite champion?


Comment below rating threshold, click here to show it.

clickhead

Senior Member

02-18-2014

Quote:
Originally Posted by RiotGradius View Post
Hello, just wanted to see if I could drum up some conversations about the nature of DDOS attacks and what kind of scale we're seeing. The attacks that have recently taken place on many different Internet services are quite large because of a very specific flaw in the NTP protocol. These attacks are called reflection attacks. (http://en.wikipedia.org/wiki/Denial-...Spoofed_attack).

What's difficult to deal with when it comes to DDOS attacks is that the larger the attacks become, the easier it is for the attacker to completely consume all bandwidth available for a specific provider. What this means is that any Internet service that this provider has under them is also unable to communicate back to the Internet. As the attacks become larger, we block them farther and farther up the provider levels, until we're working with Tier 1 ISPs to implement access control lists that prevent these attacks. Here's some more information from Cloudflare about the recent NTP Reflection DDOSes (http://blog.cloudflare.com/understan...d-ddos-attacks)

Us networking guys at Riot are not only working internally to find a solution to this problem, but we're also working with the Information Security industry as a whole to improve the situation. We're working to find a tech solution to block the attacks as they're ongoing, and fixing the underlying problem of open/unpatched NTP servers on the Internet.

Please feel free to toss any questions my way that you might have, I would love to have a chat with everyone about this and answer as much as I can.
I did not understand a single word of what you just said, so I will assume you know your job!


Comment below rating threshold, click here to show it.

pro4never

This user has referred a friend to League of Legends, click for more information

Senior Member

02-18-2014

Nice to see a network tech commenting on the issue.

Gives me something to link to when explaining the issues to help avoid it being lost in the thrum of forum traffic xD


Comment below rating threshold, click here to show it.

Linna Excel

Senior Member

02-18-2014

Is it possible when you are starting to see an unnatural spike in pings that servers just ignores anything it doesn't already have a connection with?


Comment below rating threshold, click here to show it.

RiotGradius

Associate Information Security Engineer

02-18-2014
2 of 17 Riot Posts

Yup, I've wanted to find the right post to start a conversation in... but so many of them are "RIOT FIX YOUR SERVERS" .. and I really wanted to have a dialog, rather than a storm of that sort of message.

I don't mind chatting with you all (I'd actually prefer it over staying quiet), and I'd really like to address any questions that I can. I'll be honest, it's a ****ty situation to be in, and myself along with a lot of other Rioters, as well as other industry professionals are trying to solve this problem as a whole rather than slowly crawling our ACLS up our provider lists. It really does make me sad that any of your games get ruined because of a DDOS, which is even more motivation to kick our butts into high gear and get this problem solved.