DDOS prevention. Something to look at maybe?

First Riot Post
Comment below rating threshold, click here to show it.

Space Racist

Senior Member

02-19-2014

Quote:
Originally Posted by Smoking Mantis View Post
Can you just ignore commands from the NTP, or are they actually used for something in the LoL code?
This is actually one of the ways to mitigate the issue - but the problem is there's a tonne of network hardware along the chain between Riot and the players where they won't have NTP disabled or fixed to prevent the exploit. So aside from the hardware that relies on it, the big problem is getting all devices in the chain to be configured properly to prevent the issue. Some hardware also doesn't have a fix if I remember correct.


Comment below rating threshold, click here to show it.

WuTuStronk

Senior Member

02-19-2014

Quote:
Originally Posted by Sir Lemewinks View Post
Is there any effort to find the people behind the DDOS attacks? And is it illegal/will they get jail time if they are caught out?
This is what i want to know aswell


Comment below rating threshold, click here to show it.

Phil McGroin

Senior Member

02-19-2014

What is the reason that this current attack is seeming to last longer than the previous? Over the last 3-4 days, myself and my friends were only affected for about 10-15 minutes.

Basically, when the problems stopped the last few times, was that due to something you guys, or one of your providers did to fix it? Or s it that the attackers just stopped sooner than they are currently?


Comment below rating threshold, click here to show it.

Maskan Rill

Recruiter

02-19-2014

Quote:
Originally Posted by FatedTitan View Post
I know y'all can't really do much except keep fighting and trying to stop this from happening, but have y'all considered giving out an IP boost for players? Even a 5 game win IP boost would give a lot of people some confidence back. I see a lot of people wonder "What happened to the days of IP boosts and double IP weekends go in response to these problems?" Double IP boosts can cause problems, because if there is server stability issues, everyone rushing on won't help. But a 5 game IP boost would be nice, and wouldn't have everyone rushing on to use it.
I read this in Apple Jack's voice subconsciously...


Comment below rating threshold, click here to show it.

Extrinsick

Senior Member

02-19-2014

Quote:
Originally Posted by Grombolar View Post
Why are the servers even still up at all? I've tried all three of my accounts and ALL of them were stuck in champ select. After trying to dodge I get the Reconnect button when I log back in but it does nothing. How long will they be stuck for? Why even allow people to log in?
Seems like a problem that isn't a problem. What are you complaining about exactly?


Comment below rating threshold, click here to show it.

Qydraxus

Junior Member

02-19-2014

Quote:
Originally Posted by Deceptive Smile View Post
Hasn't riot made enough money to host their own datacenter instead of outsourcing through Cloudflare which got DDOS'ed themselves? can you not just hardwire all your own hardware and when DDos's come in simply.. 'close the ports' I mean.. if you're getting the ass end of the deal because the problems are above your heads and there's nothing you can do about it.. Why not take a more active role in the upkeep of everything and then you'll have physical access to any future attacks or productivity interruptions.
That's a great idea...in theory. Have you any idea how expensive all of that equipment, labor, and maintenance would be? There's a reason dedicated providers exist to provide these things, you know. It is fricking expensive, and most businesses--even big businesses--don't have the means to invest in such infrastructure, so they buy the right to use someone else's network resources.


Comment below rating threshold, click here to show it.

Malicious Fury

This user has referred a friend to League of Legends, click for more information

Senior Member

02-19-2014

Welp I guess the Riot God's are telling us all to head to bed. NN everyone! ^_^


Comment below rating threshold, click here to show it.

VanillaOreo

Junior Member

02-19-2014

Quote:
Originally Posted by Riot Triggs View Post
Loss prevented is manually turned on by the department I work in (the NOC). It's usually done after we verify it's a large scale issue because it has a significant impact on that server. It shuts down ranked for everyone online. It tags any games currently in progress, and even if we shut it off before that game ends, it still applies. There is always a small % of players who's game ends in the few minutes it takes us to verify the severity of the incident.
Hear me out on this one...
Have you ever considered changing it from loss prevention, to win granted(Giving everyone a win)? I know i sound like a hippie here, but give me a chance. If you were playing an important game or just any game 99LP or 0LP and you were about to win, but half your team dc's and suddenly they just take the game for free. Now you come to a screen and see loss forgiven, but is that really loss forgiven. I mean technically you lost, you lost your win. That is like getting a win and then getting your hard worked lp ninja'd. You could see how this could be pretty frustrating. This isn't just for the gamer however. I believe you might take a lot less pressure from the public with a system with more leniency like this. You obviously could use a little slack. Anyways just food for thought, or maybe this idea had already been tossed around? Get back to me if you can.


Comment below rating threshold, click here to show it.

Triggs

NOC Technician

02-19-2014
12 of 17 Riot Posts

Quote:
Originally Posted by Linna Excel View Post
So how are you guys notified something like this is happening? It's got to be getting late over there so I imagine it to be a phone call at home in the middle of the night or something like that.

I've had a family member who's had to do on-call tech support in the past and even the light stuff tends to be a PITA.
We have people monitoring 24/7.


Comment below rating threshold, click here to show it.

RiotGradius

Associate Information Security Engineer

02-19-2014
13 of 17 Riot Posts

Quote:
Originally Posted by WuTangFinancial View Post
I know it's been brought up that Riot uses Cloudflare for DDoS protection. But isn't Cloudflare only designed to resist web DDoS attacks on non-UDP ports?

https://support.cloudflare.com/hc/en...are-work-with-

I bring this up because I'm assuming that you're using game servers that are discrete from production web servers hosting the LoL website, and that game servers are communicating with clients over a series of UDP protocols that similarly not defended by Cloudflare.

Does Riot use Prolexic or some of the other non-web DDoS software suites to protect the actual game servers from DDoS? Or are the game servers somehow connected to the web servers such that taking down the web servers with a DDoS attack will actually impact gameplay for players? If so - why are they configured like that?

Also if this is a NTP type attack: any way you could close the port for NTP (123) for a little bit? I get that you still need some way to federate time, but can't you just do some kind of port forwarding via an out of band port for federating NTP while the campaign is underway and your ISP figures out what's up and how to stop this (as you said by just setting up a bunch of ACLs and stopping requests coming in)?
The biggest problem with blocking NTP at the provider level is that we're still working up the chain. The amount of traffic coming through is so huge, that it's taking down multiple provider links. This is why part of our attack strategy is building up relationships with multiple providers and others in the industry. This isn't something we're going to solve overnight, and definitely not something we'll solve by ourselves. Working with many parties can cause inherent lag in the process, but we're kicking ass and taking names in terms of making friends all over the industry.