DDoS attacks in gaming are not uncommon. In fact, a special sort of attack has recently surfaced in console gaming, where gamers use software tools to flood an opponent’s connection to the gaming server and net an easy victory.
Let’s imagine if you were the victim of a DDoS attack while playing a game like PUBG or Fortnite. The attacker only needs your IP address. With that information, they can direct an attack against your connection. They flood the gaming server that’s tracking both your actions with garbage requests from a botnet. The server either kicks you off the server or your character freezes in place, easy prey for any of the other players on the server.
This kind of attack is most popular in one-on-one games where a player automatically forfeits upon disconnection. But it’s also used by Dota and Overwatch players, who can secure and easier victory against a weakened team. The exact nature of the attack depends on the game you’re playing, but the intent is always the same: flood your connection with fraudulent packets to prevent you from playing normally.
It may seem superficial to some, but it really isn’t. Back in 2015, the $18 million Dota 2 tournament was put on hold due to – you guessed it – a DDoS attack. It eventually went back online, but you can imagine the hullaballoo that caused. T
Attacks have also taken down servers for Xbox Live and PlayStation Network. Prominent attacks disabled the service on Christmas day, leading to many frustrated diatribes online and the arrest of a pair of young attackers in England. Just how serious was this attack? As serious as a $30,000-a-day Amazon cloud hosting service charge!
How DDoS Attacks Work
There are multiple methods for spawning these requests. They can abuse the structural openness of many internet communication protocols with a Smurf attack or SYN flood, abusing the trust baked into TCP/IP and ICMP. Free software like Low Orbit Ion Cannon give even untrained “script kiddies” access to the tools that make a DDOS attack work. Other denial-of-service exploits and attacks, some more complex than others, provide unique methods of routing traffic to the victim server.
A more experienced attacker might use a botnet, exploiting an existing network of hacked computers that can be bent to the attacker’s will. The computer’s that make up the botnet do so silently, allowing the network to persist for months if not years. The size of a botnet can only be accurately estimated once it’s discovered, but researchers have discovered botnets with as few as ten thousand member devices to as many as 10 million devices.
Thanks to a previous malware installation, these devices can be clandestinely marshalled to the attacker’s purpose remotely. This botnet could receive orders to visit a particular URL repeatedly, overwhelming the server. It could flood the server with DNS subdomain requests. With a network of thousands of computers, the action is of little relevancy: it’s the sudden flood of simultaneous requests that makes a resource inaccessible to legitimate users.
A DDoS attack is appealing because it requires no investment or risk. A properly-conducted DDoS attack can’t be traced back to an origin point, allowing attackers to deny access to web resources with little risk of discovery or punishment.
Detecting and Preventing DDoS Attacks
The best protection against DDoS attacks is distribution. By spreading your network resources over a variety of geographically-distinct servers, there is no one source to be taken out by a DDoS attack.
To prevent DDoS attacks, you can work with online server management companies. These same companies than can manage server load around the world. Companies provide global DDOS protection against DDoS attacks by mirroring content across their network of servers, ensuring that any visitor can access the service even if one of the servers is temporarily unavailable.
In addition, these companies provide comprehensive DDoS detection and mitigation tools. An automated system can detect and stop an attack in less than a second. Expert analysis can provide clues to the source and purpose of the attack.