Press X to DDoS (part 2)
DDoS Attacks on Gaming Platforms and their Users
This is second in a two-part series on DDoS attacks on the gaming industry (part one of the series can be found here). This blog post will discuss how gaming platforms and gamers can protect themselves from DDoS attacks.
Protecting the Gaming Platform
DDoS is more than a nuisance for the provider of the gaming platform. The entire business hangs in the balance. DDoS can make the platform unavailable to all users. Revenue, user experience and brand reputation are all at stake.
The good news is that there are protections available for the gaming or gambling platform provider. Like any other service, there is a cost/benefit analysis at play.
Low Cost Cloud. There are several lost cost solutions in the marketplace that provide CDN style content distribution and do provide some safeguards against a limited range of DDoS attacks. Unfortunately these services often fall short in some key areas:
- CAPTCHA or other user challenges may slow down the user experience
- Java and other protocols may not work seamlessly
- Simple absorption is OK unless the attack gets really large
- Not all attacks can be auto-mitigated
- You may be subject to RTBH or Null Route in a large attack
On Demand Cloud. Some providers (such as Neustar) offer fully managed cloud based DDoS mitigation that you can use during attack conditions. In the case of Neustar’s offering, there is an actual Security Operations Center (SOC) that countermeasures the attack with DDoS specific tools and trained experts. These services have great results, but there are some considerations:
- The attack must be recognized and responded to (Neustar offers remote monitoring)
- All traffic must be redirected to the provider’s network (via BGP /24 or DNS Redirect)
- DNS based redirection does not stop IP directed attacks (there are some work-arounds)
- Short, bursty attacks can prove to be difficult to manage
- Application performance can be impacted by latency and two way proxy (Neustar provides testing and tuning)
Always Routed Cloud. Several of the large cloud based DDoS mitigation providers (including Neustar) offer an ‘always-routed’ cloud solution. All platform traffic is constantly routed via the DDoS mitigation network where it can be analyzed and scrubbed. This routing occurs regardless of attack conditions. Considerations regarding the approach:
- Additional latency associated with constant redirection
- Maintenance windows can affect client traffic
- Any network disruption will affect client traffic
Appliance only. There are several equipment vendors (e.g., Arbor Networks) that make purpose-built DDoS appliances. In the case of the Arbor Pravail, the appliance is quite effective at detecting and stopping DoS and DDoS attacks in real time. Unfortunately, the appliance is only effective to the capacity of the circuits feeding into the appliance from the Internet. Any large flood of packets can overwhelm circuit capacity and render the appliance ineffective. Considerations:
- Costly compared to Cloud Only
- Ineffective against large floods
- Requires 24x7 monitoring and management
- Misuse can block legitimate traffic
Hybrid (Appliance + Cloud). The best (and also most expensive) approach is to combine the appliance and the cloud models. Neustar offers a fully managed Hybrid Always-On product, featuring the Arbor Pravail. The key feature of this approach is that the appliance will stop any small scale DoS or DDoS attack in real time, without requiring cloud based redirection for every single attack. In the case of Neustar’s offer, the solution is fully managed by the 24x7 experts at the Neustar SOC. Volumetric floods are handled via cloud-based redirection. Some considerations:
- Most expensive option
- Hardware or software failure (does the appliance fail to bypass mode)
- Managing the appliance requires 24x7 expertise
- Large floods will require cloud failover
In summary, gaming platforms are one of the most targeted segments of the Internet. DDoS has become a real problem as the skill required to pull off a DDoS attack is minimal. Free and inexpensive DDoS toolkits are forcing the gaming platform provider to have protection from DDoS, or face constant downtime. The above methods provide a range of services to protect platforms from attack. The experts at Neustar are ready to discuss options with gaming and gambling platform providers around the world.
Protecting the Gamer
For the actual gamer who is suddenly being DDoS’d by another gamer, there are steps you can take to protect yourself from such attacks:
- Beware of Skype. An open Skype connection can reveal your IP address and provide an easy target for a DDoS attack. Other types of communications software or games may also reveal your IP address, so review what you have open.
- Use a gaming proxy service to hide your IP address and location. These services are used for a variety of reasons, including: bypassing local Internet regulations (not recommended by Neustar), decreasing network latency and they also hide your true location and IP address. Keeping your IP address hidden is the best protection from being DDoS’d directly. (Neustar does not promote bypassing local regulations)
- If you’re currently under attack, reboot your router. Most DDoS attacks are directed at the IP address of your home router. Turn it off, wait a few minutes and then turn it back on. You will most likely be given a different IP address. This should get you back online. Now that you have a new IP address, keep it hidden (see items 1 and 2).