Both PSN and Xbox Live are down

Page 5 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
TheSlamma

TheSlamma

Diamond Member
Sep 6, 2005
7,625
5
81
tential said:
People keep saying "wah it was a bunch of losers that can't even hack so they resort to ddos". The manner of attack method is irrelevant to me.
It's a vulnerability and usually you attack vulnerabilities. That's the intelligent thing to do anyway.

If people claim this attack is as easy as it is, then why are you so happy to continue using a service that you've essentially claimed is so easy even a monkey can write a script and take it down.

That's what's mind boggling to me.
Click to expand...
Who says anyone is 'happy' to use it? what other choice do people with this hobby have? PC games are all distributed by either Steam, uPlay or Origin (yes GoG is dope but it's pretty much all old games) and XBone and PS4 must connect to their network for many of their games.

DDoS attacks are actually a pretty simple concept, you just don't want to accept that. Servers have 2 responses to a request, fulfill or deny. Both take processing power on the servers side as it has the verify the data. You setup a a bunch of computers (physical or virtualized) and you just flood servers with bad information that it says 'deny' to.. well you say deny to 50,000 requests at once and see what that does to you, even an auctioneer couldn't keep up with 5000 people bidding all at once on the same item especially if everyone is bidding below the current asking price, it's a bogus bid that wastes time right?

A computer cannot not deny bad requests now can it? When you swipe your credit card it either gets approved or it's declined right? What other answer should it give? well the info isn't right but I'm just gonna make an exception?

Do some actual research into DDoS attacks instead of just staying blissfully ignorant and then being baffled as to why people who have a working knowledge of programming and networking are not impressed by this tactic.
 
TheSlamma

TheSlamma

Diamond Member
Sep 6, 2005
7,625
5
81
KK

KK

Lifer
Jan 2, 2001
15,903
4
81
TheSlamma said:
Who says anyone is 'happy' to use it? what other choice do people with this hobby have? PC games are all distributed by either Steam, uPlay or Origin (yes GoG is dope but it's pretty much all old games) and XBone and PS4 must connect to their network for many of their games.

DDoS attacks are actually a pretty simple concept, you just don't want to accept that. Servers have 2 responses to a request, fulfill or deny. Both take processing power on the servers side as it has the verify the data. You setup a a bunch of computers (physical or virtualized) and you just flood servers with bad information that it says 'deny' to.. well you say deny to 50,000 requests at once and see what that does to you, even an auctioneer couldn't keep up with 5000 people bidding all at once on the same item especially if everyone is bidding below the current asking price, it's a bogus bid that wastes time right?

A computer cannot not deny bad requests now can it? When you swipe your credit card it either gets approved or it's declined right? What other answer should it give? well the info isn't right but I'm just gonna make an exception?

Do some actual research into DDoS attacks instead of just staying blissfully ignorant and then being baffled as to why people who have a working knowledge of programming and networking are not impressed by this tactic.
Click to expand...

I'm much more unimpressed by sony and microsofts abilities to ward off an attack. I mean if this is a very simple way of taking down a business, then why the hell hasn't anyone come up with a way around it. Too bad no one doesn't ddos's the governments websites, of all the worthless shit out there, that's what I would target if I was a five year old.
 
chimaxi83

chimaxi83

Diamond Member
May 18, 2003
5,457
63
101
Lil Frier said:
WtF, are they all severe former-smokers or something? It's like you got confused trying to decide between calling them neckbeards and mouthbreathers. I just found the chosen insult to be rather strange, yet entertaining.
Click to expand...
Gah! I can't even talk crap properly. :(
 
A

artemicion

Golden Member
Jun 9, 2004
1,006
1
76
MS's and Sony's ability to prevent the attack is debatable. They could mitigate damage by buying more bandwidth and spreading out their servers across more data centers. Additionally, I think in the future we may see companies like MS and Sony enter into contracts with ISPs and upstream providers to implement rerouting protocols and other DDoS protection methods at the provider's side to prevent such attacks in the future.

Theoretically, you could mitigate a DDoS if you have infinite resources. Hard to say here whether MS's and Sony's DDoS mitigation strategy was reasonable without details on MS's and Sony's network infrastructure and how the attack was carried out.

In any case, the general rule of thumb is to place moral blame on the attacker, not the victim. You don't blame someone who got robbed because he could have purchased a fancier security system. You don't blame someone who got beat up because he could have taken self defense classes or pumped iron at the gym before hand.

In this context, you'd only blame MS and Sony if their security protocols were not up to industry standards, but it doesn't sound like anybody really knows if they are or not. Even then, the hackers are still morally blameworthy for carrying out the attack, there'd just be additional blame on MS and Sony for not taking sufficient steps to prevent the attack.
 
Last edited:
T

tential

Diamond Member
May 13, 2008
7,348
642
121
TheSlamma said:
Who says anyone is 'happy' to use it? what other choice do people with this hobby have? PC games are all distributed by either Steam, uPlay or Origin (yes GoG is dope but it's pretty much all old games) and XBone and PS4 must connect to their network for many of their games.

DDoS attacks are actually a pretty simple concept, you just don't want to accept that. Servers have 2 responses to a request, fulfill or deny. Both take processing power on the servers side as it has the verify the data. You setup a a bunch of computers (physical or virtualized) and you just flood servers with bad information that it says 'deny' to.. well you say deny to 50,000 requests at once and see what that does to you, even an auctioneer couldn't keep up with 5000 people bidding all at once on the same item especially if everyone is bidding below the current asking price, it's a bogus bid that wastes time right?

A computer cannot not deny bad requests now can it? When you swipe your credit card it either gets approved or it's declined right? What other answer should it give? well the info isn't right but I'm just gonna make an exception?

Do some actual research into DDoS attacks instead of just staying blissfully ignorant and then being baffled as to why people who have a working knowledge of programming and networking are not impressed by this tactic.
Click to expand...

I know how a DDoS attack works thanks.
So if a DDoS attack is 100% successful and there is no way to protect/mitigate it's effects, why was PSN down for far longer than XboxLive and Xbox Live was available for most customers (not available overseas in some places but the downtime was still far less than PSN)?

artemicion said:
MS's and Sony's ability to prevent the attack is debatable. They could mitigate damage by buying more bandwidth and spreading out their servers across more data centers. Additionally, I think in the future we may see companies like MS and Sony enter into contracts with ISPs and upstream providers to implement rerouting protocols and other DDoS protection methods at the provider's side to prevent such attacks in the future.

Theoretically, you could mitigate a DDoS if you have infinite resources. Hard to say here whether MS's and Sony's DDoS mitigation strategy was reasonable without details on MS's and Sony's network infrastructure and how the attack was carried out.

In any case, the general rule of thumb is to place moral blame on the attacker, not the victim. You don't blame someone who got robbed because he could have purchased a fancier security system. You don't blame someone who got beat up because he could have taken self defense classes or pumped iron at the gym before hand.

In this context, you'd only blame MS and Sony if their security protocols were not up to industry standards, but it doesn't sound like anybody really knows if they are or not. Even then, the hackers are still morally blameworthy for carrying out the attack, there'd just be additional blame on MS and Sony for not taking sufficient steps to prevent the attack.
Click to expand...

Neither company will respond to the press about this attack.
I know you stated ways to mitigate a DDoS attack, but all of those ways you've stated were proven false by TheSlamma. Just read his post again please, you should know by now that if you DDoS someone there is NOTHING they can do, they just have to shutup, and go offline.
 
Last edited:
railven

railven

Diamond Member
Mar 25, 2010
6,604
561
126
KK said:
I'm much more unimpressed by sony and microsofts abilities to ward off an attack. I mean if this is a very simple way of taking down a business, then why the hell hasn't anyone come up with a way around it. Too bad no one doesn't ddos's the governments websites, of all the worthless shit out there, that's what I would target if I was a five year old.
Click to expand...

Actually, lots of government websites get DDoS'd. FBI got DDoS'd a few times.

tential said:
I know how a DDoS attack works thanks.
So if a DDoS attack is 100% successful and there is no way to protect/mitigate it's effects, why was PSN down for far longer than XboxLive and Xbox Live was available for most customers (not available overseas in some places but the downtime was still far less than PSN)?
Click to expand...

Actually, you can "mitigate" a DDOS, but it's going to cost you. Just make sure you have more servers than they have bots. ;)

Also MSFT recovers faster because, well, XBL isn't the only thing being hosted on their servers (HINT: the other services they provide make MSFT billions, not the pennies XBL generates). Plus, they have a nice cabal of servers to help mitigate. Sony is basically working out of Hirai's basement at this point.
 
T

tential

Diamond Member
May 13, 2008
7,348
642
121
railven said:
Actually, you can "mitigate" a DDOS, but it's going to cost you. Just make sure you have more servers than they have bots. ;)

Also MSFT recovers faster because, well, XBL isn't the only thing being hosted on their servers (HINT: the other services they provide make MSFT billions, not the pennies XBL generates). Plus, they have a nice cabal of servers to help mitigate. Sony is basically working out of Hirai's basement at this point.
Click to expand...

That's my point. That there are ways to mitigate against a DDoS attack. That people in this thread need to stop going with this "DDoS is an instant win and nothing can work against it!"
 
S

smackababy

Lifer
Oct 30, 2008
27,024
79
86
railven said:
Actually, lots of government websites get DDoS'd. FBI got DDoS'd a few times.



Actually, you can "mitigate" a DDOS, but it's going to cost you. Just make sure you have more servers than they have bots. ;)

Also MSFT recovers faster because, well, XBL isn't the only thing being hosted on their servers (HINT: the other services they provide make MSFT billions, not the pennies XBL generates). Plus, they have a nice cabal of servers to help mitigate. Sony is basically working out of Hirai's basement at this point.
Click to expand...

And, for what it's worth, we only heard about XBL going down. The rest of their Azure platform didn't have reports of outages. It is highly likely they put far more resources into securing the stability of their enterprise services. XBL being down only pisses of gamers who are worth like $50 a year. Azure going down pisses off businesses who are worth billions a year.
 
Subyman

Subyman

Moderator <br> VC&G Forum
Mar 18, 2005
7,876
32
86
Cloudflare made a business out of mitigating DDoS attacks. All they do is run a large DNS server. The problem is that this is happening over the holiday where the load is already unusually high coupled with people being off work, I'm sure it is hard to get more capacity quickly. Is it worth it either? Once the attack ended they would be left with huge capacity. Although DDoS is a very simple attack, it is very hard to do much against it.

It is kind of like asking how do I keep the rain from hitting my roof?
 
railven

railven

Diamond Member
Mar 25, 2010
6,604
561
126
tential said:
That's my point. That there are ways to mitigate against a DDoS attack. That people in this thread need to stop going with this "DDoS is an instant win and nothing can work against it!"
Click to expand...

Subyman said:
Cloudflare made a business out of mitigating DDoS attacks. All they do is run a large DNS server. The problem is that this is happening over the holiday where the load is already unusually high coupled with people being off work, I'm sure it is hard to get more capacity quickly. Is it worth it either? Once the attack ended they would be left with huge capacity. Although DDoS is a very simple attack, it is very hard to do much against it.

It is kind of like asking how do I keep the rain from hitting my roof?
Click to expand...

What hey's saying. My smirk about "Mitigating" was sort of sarcastic.

Expecting Sony to have the server farm such as MSFT or Amazon is expecting the Florida coast line to have as much sand as Africa.

They just don't compare. And people saying "it's a sure fire win/there is no mitigation" is because frankly, a company like Sony would get slaughtered (as proven). They don't have the need for x+1 servers, or budget.
 
T

tential

Diamond Member
May 13, 2008
7,348
642
121
railven said:
What hey's saying. My smirk about "Mitigating" was sort of sarcastic.

Expecting Sony to have the server farm such as MSFT or Amazon is expecting the Florida coast line to have as much sand as Africa.

They just don't compare. And people saying "it's a sure fire win/there is no mitigation" is because frankly, a company like Sony would get slaughtered (as proven). They don't have the need for x+1 servers, or budget.
Click to expand...

My point still stands then.
You know Sony can't stop a ddos attack and won't invest to do so.
You know ddos attacks are fairly easy to pull off.

Why do you whine/cry when psn goes offline? Either switch to xbox if you want better up times or move to pc where it's impossible to ddos every single service at once.
 
railven

railven

Diamond Member
Mar 25, 2010
6,604
561
126
tential said:
My point still stands then.
You know Sony can't stop a ddos attack and won't invest to do so.
You know ddos attacks are fairly easy to pull off.

Why do you whine/cry when psn goes offline? Either switch to xbox if you want better up times or move to pc where it's impossible to ddos every single service at once.
Click to expand...

Did we read the same thread? It was mostly you complaining that these companies (with heavy focus on Sony) won't "prevent" this.

As was said already, you can't really prevent this unless having X+1 servers where as X is the amount of traffic they create. You're basically asking for companies to through money at an issue that will just re-emerge due stupidity of people anyways.

"well upgrade their servers"
and when they do
"clearly they didn't upgrade enough"

The difference between Sony and MSFT isn't that MSFT is preventing this, they have the means to drop their system onto one of the countless other servers they use that run their enterprise. They aren't actively investing money to prevent DDoSing.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom