open All Channels
seplocked EVE General Discussion
blankseplocked We are back in business,TQ is back up *Update*
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: first : previous : ... 4 5 6 7 [8] 9 10 11 12 ... : last (25)

Author Topic

topix92
Posted - 2011.06.15 00:52:00 - [211]
 

Originally by: Almaricht
Originally by: Sister Virgin
A DOS or Denial of Service attack (most commonly done with a ping flood) is most often
completely different than a hacking attempt to breach a database.

Why CCP suddenly took credit for making sure credit card data was safe makes no sense, as
someone attempting to obtain files would not call attention to themselves with something as
stupid and simple as a DOS attack.

Two COMPLETELY different things.

It sounds like CCP has ****ed someone off big time whom is retaliating by flooding the servers.
And CCP to pull some smoke and mirrors has used that to their advantage to try to make themselves
look like heros.

Some people are not THAT stupid.... Sigh....


Oh and some advice to CCP. Seek some advice and do some research about how eBay and Amazon prevent this.
I suspect you can just make your servers ignore pings. That simple. (I hope)

To players; Until CCP does that, I predict they could be down for days until law enforcement can intervene.

Sucks, I wanted to play today.

Cheers

Sister Virgin
Aged, Retired, REAL Hacker and Phreaker



It sounds to me like you might be someone worth looking into...
Yes, DOS attacks are feeble and lame, and probably no real reason to go pulling everything off line; but CCP did the right thing here, and if you don't agree with that, again I question your motivations with regard to the security of the EVE Universe. Until the source of the attacks and their full nature can be assertained, the right thing to do is terminate service; and I would have done exactly the same. CCP does have a legal responsibility to protect the security of their client's data, and some people take said responsibility quite seriously.
Instead of coming here to demonstrate what is I'm sure your overwhelming technical knowledge (someone needed an ego boost), and to put CCP down; maybe you should use all your skill with the box to find these LulzSec arses and expose them to the world? I, for one, would be very grateful.

--Alma YARRRR!!



Great answer and also **** LulzSec. It was fun and ok when they hacked the US government and Sony, but not EVE!!

ICU Artrald
Posted - 2011.06.15 00:52:00 - [212]
 

Its making me laugh listen to people whinge and moan about CCP taking down their services. You do realise the people who DDos attacked Eve are the same people that compromised sony's security (Lulzsec). CCP took down the servers to protect your data. Its a lot better than what sony did for their customers.

Jormungandr Bastanold
Posted - 2011.06.15 00:53:00 - [213]
 

Looks up to me. Fingers crossed...

KingMazz ONE
Posted - 2011.06.15 00:53:00 - [214]
 

Laughing CCP CAN SUCK MY BALLS. **** YOU, CAREBEAR MOTHER****ERS.Laughing

Abor Mala
Posted - 2011.06.15 00:54:00 - [215]
 

I'm wondering about the technical details of the DOS attack. If it was a simple PING flood it could be easily disabled by setting an ACL in the firewall to deny all ICMP packets from any source.

If it was a TCP SYN flood to the EVE login port it would take some tricky filtering to differentiate between a login request from a real Eve client, and the flood of TCP SYNs from the attacking nodes. I assume there is some sort of rate limit set in the firewall to discard TCP SYNs from the same source IP, but the source IPs could be spoofed to make them different.


Kalnov
Gallente
Broski Enterprises
Posted - 2011.06.15 00:54:00 - [216]
 

Originally by: CCP Guard
Dear friends.

Our services were subjected to a distributed denial of service attack (DDoS) at 17:00 UTC. We took everything down for the sake of caution while we conducted a full investigation.

Your data was not compromised and we are back in action.

Please go here for more details.

We thank you for your patience and hope you enjoy drifting back into space.

Update:
Tranquility is back offline. Please see this news post for more information and we will keep you updated as soon as possible.

Update @ 01:15 UTC:
Tranquility is now online. An update has been published to this news post.

Update @ 03:21 UTC:
We are aware of the difficulties some of you have connecting to the EVE Online server and we're looking into it.

Update @ 04:04 UTC:
The connection issue should now be sorted, but please post in this thread if anyone has any problems to connect to the EVE Online server.

Update @ 05:15 UTC:
Tranquility was taken down for an emergency reboot. This was caused by an issue not related to the earlier attacks.

Update @ 05:30 UTC:
Tranquility is back online. Please post in this thread if anyone has any problems to connect to the EVE Online server.



According to lulzsec: "Nope, we nulled their entire network and they can't recover, so they're pretending to "keep it down to protect users"."


Salene Gralois
K-2
Posted - 2011.06.15 00:55:00 - [217]
 

Originally by: Caid Skyfire
Don't count yourselves lucky, just yet. Until CCP knows what exactly has been done, they're going to say as nice of words as they can. "We shut down to prevent damage, to protect you, to protect the servers". This is all they can say at this point.

Not to be a doomsayer, only that it's kind of silly to be all "yay, the danger is over, CCP saved us" when in fact there's no way of knowing, yet.

-Caid.


You are correct. However, that doesn't detract from the fact that appropriate measures were taken.

I'll be scrutinizing my bankal [sic?] transactions in the coming months.

Jormungandr Bastanold
Posted - 2011.06.15 00:55:00 - [218]
 

I could think of something better yet.

Catch a zombie disect it. Patch it back together. Zombie gets up and runs home... Along with every zombie it meets...

Robbie Rage Charante
Posted - 2011.06.15 00:55:00 - [219]
 

CoolBack online and have everything in place and training still going! Great job CCP!

Solarria Mar
Posted - 2011.06.15 00:56:00 - [220]
 

Thank you for your fast thinking and good sound judgement. If nobody told you your doing an outstanding job, and again thank you.

2ofthe9
Gallente
Chantry Of The Knights Templar
Posted - 2011.06.15 00:57:00 - [221]
 

"Prior Planning Prevents Poor Performance" Always a good plan to follow. Grats to CCP and their service provider !

penmonkey
Posted - 2011.06.15 00:58:00 - [222]
 

CCP people might be bashing you because there precious fake money(isk) profits are being slightly damaged but i am pretty impressed that you reacted quickly and did what you needed to do to protect user data the shutdown was justified and when you find the hackers you have my permission to realease them into space without a suit :)

Katrina Raskin
Posted - 2011.06.15 00:58:00 - [223]
 

A few points:

The group claiming responsibility has stated it was not for any reason beside the "lulz". They also took down a number of other sites today. It's unlikely to be retaliation or a vendetta.

A DoS attack is often used to create cover for other more intrusive attacks. (Simplified e.g. : Try to pick out the intrusive connection in the field of non-intrusive and combat it, while trying to combat the DoS simultaneously).

With certain systems a DoS can cause flaws in a server response which can allow for exploits to be used (simplified e.g. An overloaded server may not respond correctly to requests, allow for injection, etc)

DoS being limited to pings... Um, no. Just, too much wrong with that to even begin to explain it. And most servers are set to ignore anyway. Amazon and eBay are not comparable to CCP, not in scale, scope or resources. That's just... *shakes head* Oi.

CCP's response was correct in this situation. There's just no possible way anyone with current knowledge of networking can say otherwise.

Maabuss
Caldari
Exiles of Chaos
Posted - 2011.06.15 00:59:00 - [224]
 

CCP needs to just Delete ALL Atlas accounts, sub-accounts, etc, and ban the IP's. Make an example of them. This kind of behavior should NOT be tolerated.

Llarz
Posted - 2011.06.15 00:59:00 - [225]
 

Originally by: Soden Rah
Originally by: Llarz
What is 'Traffic Flooding'


The servers, and the data pipes connecting them to the outside world can only take a certain number of requests per second.

In a DDoS attack a bot net of tens of thousands to millions of infected computers around the world are instructed to start spamming out huge numbers of requests to the target server. The target server and incoming data routers can't take the strain and collapse.
Often while this is going on the hackers will try to use the DDoS attack to cover a break in to steal data.


Thank you for the information. I just wasnt sure what it was.

Uncle AWOL
Posted - 2011.06.15 00:59:00 - [226]
 

Originally by: Kalnov
Originally by: CCP Guard
Dear friends.

Our services were subjected to a distributed denial of service attack (DDoS) at 17:00 UTC. We took everything down for the sake of caution while we conducted a full investigation.

Your data was not compromised and we are back in action.

Please go here for more details.

We thank you for your patience and hope you enjoy drifting back into space.

Update:
Tranquility is back offline. Please see this news post for more information and we will keep you updated as soon as possible.

Update @ 01:15 UTC:
Tranquility is now online. An update has been published to this news post.

Update @ 03:21 UTC:
We are aware of the difficulties some of you have connecting to the EVE Online server and we're looking into it.

Update @ 04:04 UTC:
The connection issue should now be sorted, but please post in this thread if anyone has any problems to connect to the EVE Online server.

Update @ 05:15 UTC:
Tranquility was taken down for an emergency reboot. This was caused by an issue not related to the earlier attacks.

Update @ 05:30 UTC:
Tranquility is back online. Please post in this thread if anyone has any problems to connect to the EVE Online server.



According to lulzsec: "Nope, we nulled their entire network and they can't recover, so they're pretending to "keep it down to protect users"."


well let's see whos easier to believe. big business who wants to bleed us dry without it seeming obvious or a bunch of know it all techies who have nothing better to do than screw up other peoples lives. honestly i hate both for different reasons

Diomedes Calypso
Aetolian Armada
Posted - 2011.06.15 01:00:00 - [227]
 

Originally by: Sister Virgin


Why CCP suddenly took credit for making sure credit card data was safe makes no sense, as
someone attempting to obtain files would not call attention to themselves with something as
stupid and simple as a DOS attack.



interestingly humorous... I hope that was the logic of someone up the line of command who was clueless about such things and who was a typical petty tyrant manager who couldn't find the gray matter to open his mind to suggestions and underlings not wanting to do lasting relationship with said manager (who might be the key holder to their job security).

I love that kinda drama for drama sake.. I don't see it as any big failing .. typical corporate stuff and to be expected.

Originally by: Sister Virgin


It sounds like CCP has ****ed someone off big time whom is retaliating by flooding the servers.
And CCP to pull some smoke and mirrors has used that to their advantage to try to make themselves
look like heros.




It's the Anomolie and subsequent Jump Bridge nerf. ANGRY CARE-BEARS !

Originally by: Sister Virgin
To players; Until CCP does that, I predict they could be down for days until law enforcement can intervene.



I don't get that.. (sure you're not making your own mistake like the first item above?)

If its a virus sort of infection thats in turn causing computers all over to flood the sites even sending the culprits to the firing line isn't going to stop the process... they've released the virus...they can't call it back with a whistle can they? Certainly if it were just a few ip addresses where the dos was orginating from, the big pipes would have shut their access down immediateley after contact.

BeanBagKing
Terra Incognita
Intrepid Crossing
Posted - 2011.06.15 01:01:00 - [228]
 

Seems you did a good job CCP *hat tip*

Rhivre
Caldari
TarNec
Posted - 2011.06.15 01:01:00 - [229]
 

Edited by: Rhivre on 15/06/2011 01:03:10
Dont confuse the PSN outage with the one on Sonypictures.com

From the sonypictures one:

" We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".

What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."

Not quite the same as the playstation network hack




Sunji Togenada
Posted - 2011.06.15 01:01:00 - [230]
 

Originally by: Sister Virgin

I suspect you can just make your servers ignore pings. That simple. (I hope)

Originally by: Sister Virgin

Aged, Retired, REAL Hacker and Phreaker


lol

It's too bad you're retired, "real hacker"

I bet you could show the professional security team at CCP a thing or two with your 1980's understanding of information security

why don't you go whistle into a payphone and give them a call
they might need an outside contractor to show them how to easily stop a DDOS just by telling the routers to ignore some packets (see the extra D there I'll give you a hint it's important go look it up)

While you're at it you can insult them some more too so its like a win/win for you

Uncle AWOL
Posted - 2011.06.15 01:02:00 - [231]
 

Originally by: penmonkey
CCP people might be bashing you because there precious fake money(isk) profits are being slightly damaged but i am pretty impressed that you reacted quickly and did what you needed to do to protect user data the shutdown was justified and when you find the hackers you have my permission to realease them into space without a suit :)
I wouldnt be that easy on them. I would call their parents. :)

Pomocna Dlon
Posted - 2011.06.15 01:03:00 - [232]
 

Originally by: Sister Virgin
(...)

Why CCP suddenly took credit for making sure credit card data was safe makes no sense, as
someone attempting to obtain files would not call attention to themselves with something as
stupid and simple as a DOS attack.

Two COMPLETELY different things.

(...)



I believe this may have something to do with recent attacks on Sony's infrastructure and loss of PSN users' credit card data. CCP just wanted to calm everyone down, I guess.

topix92
Posted - 2011.06.15 01:03:00 - [233]
 

Originally by: NoobPwn
Edited by: NoobPwn on 15/06/2011 00:48:50
It is not necessary to take down everything when being DDOSed, there may be some argue here, but anyway, are you gonna do it every time somebody DDOS the server? And where is the reimburishment plan of this incident?



You have to take in the fact that maybe they hacked some stuff before or was doing it during the DDoS (which is very stupid), you can't take anything for granted in a situation like this. Look at Sony now, they were hacked, hacked, hacked, hacked, hacked, hacked, hacked, hacked, and HACKED by LulzSec because they didn't make the right decision in time. It is better to shut the hole system down and figure out what happened then keep running and risk being hacked.

Well done CCP. Everyone which is angry right now, DONT BE ANGRY AT CCP. CCP did what they thought was the best thing to do to not risk your personal information.

la221Rage
Gallente
Gallente Militia Enforcement
Posted - 2011.06.15 01:06:00 - [234]
 

hey forget about the Ddos attack conspericy where is my shuttle i left it in the staion now all i have is a little note in my hanger saying ricky was here.
whos Ricky?

Diomedes Calypso
Aetolian Armada
Posted - 2011.06.15 01:06:00 - [235]
 

Originally by: Salene Gralois
Originally by: Sister Virgin
A DOS or Denial of Service attack (most commonly done with a ping flood) is most often
completely different than a hacking attempt to breach a database.

Why CCP suddenly took credit for making sure credit card data was safe makes no sense, as
someone attempting to obtain files would not call attention to themselves with something as
stupid and simple as a DOS attack.

...


ping flood, syn flood, bot flood whatever. There are several types of dDos's and as phreaker you know
there are several strategies available to reach your goal.

One of them is called "distraction".

They're not heroes. They took the appropriate measures.

"Seek some advice and do some research about how eBay and Amazon prevent this."
Please learn more about persistent environments, client-server connections in a both stateless and statefull persistent environments.
Not even Amazon or Ebay are invulnerable. If you somehow think they are, you are not a REAL hacker.

Cheers,

Salene Gralois
Aged, Active, REAL "got hackers convicted" and phreaker.





Interesting... I learned something else! I enjoy this more than updating trade prices or gate camping or grinding tank xp!

topix92
Posted - 2011.06.15 01:07:00 - [236]
 

Originally by: ICU Artrald
Its making me laugh listen to people whinge and moan about CCP taking down their services. You do realise the people who DDos attacked Eve are the same people that compromised sony's security (Lulzsec). CCP took down the servers to protect your data. Its a lot better than what sony did for their customers.


Well LulzSec were the masters for this DDoS attack. The only thing they did was to tell all the bots to attack a specific address and then BOOOM!!! down went EVE Online loginserver, Minecraft loginserver and League of Legends loginserver


Well done CCP. Everyone which is angry right now, DONT BE ANGRY AT CCP. CCP did what they thought was the best thing to do to not risk your personal information.

Abacus Primo
Posted - 2011.06.15 01:07:00 - [237]
 

Edited by: Abacus Primo on 15/06/2011 01:08:36
Without any drama it too just struck me as odd that they took credit for protecting data so quickly. I agree with the poster that it's not that big of a deal and is clearly a corporate response.

And yes could be due to the SONY thing but haven't really been keeping up lately (maybe playing EVE too much).

Interesting convo though no doubt.


Jormungandr Bastanold
Posted - 2011.06.15 01:07:00 - [238]
 

About the whole credit card thing.

CC companies have protocols for that kind of thing right? Something like account sharing? Checking the locations used and the distance and time between them?

Soden Rah
Gallente
EVE University
Ivy League
Posted - 2011.06.15 01:08:00 - [239]
 

Originally by: Sunji Togenada
Originally by: Sister Virgin

I suspect you can just make your servers ignore pings. That simple. (I hope)

Originally by: Sister Virgin

Aged, Retired, REAL Hacker and Phreaker


lol

It's too bad you're retired, "real hacker"

I bet you could show the professional security team at CCP a thing or two with your 1980's understanding of information security

why don't you go whistle into a payphone and give them a call
they might need an outside contractor to show them how to easily stop a DDOS just by telling the routers to ignore some packets (see the extra D there I'll give you a hint it's important go look it up)

While you're at it you can insult them some more too so its like a win/win for you


Also frankly when you're on the business end of an attack, and you don't yet know exactly what it is, killing your connection in case its a PDoS attack seems prudent.
I don't know what the bill for replacing TQ would be, but the insurance company would not be happy.

Kalnov
Gallente
Broski Enterprises
Posted - 2011.06.15 01:09:00 - [240]
 

Originally by: Uncle AWOL
Originally by: Kalnov
Originally by: CCP Guard
Dear friends.

Our services were subjected to a distributed denial of service attack (DDoS) at 17:00 UTC. We took everything down for the sake of caution while we conducted a full investigation.

Your data was not compromised and we are back in action.

Please go here for more details.

We thank you for your patience and hope you enjoy drifting back into space.

Update:
Tranquility is back offline. Please see this news post for more information and we will keep you updated as soon as possible.

Update @ 01:15 UTC:
Tranquility is now online. An update has been published to this news post.

Update @ 03:21 UTC:
We are aware of the difficulties some of you have connecting to the EVE Online server and we're looking into it.

Update @ 04:04 UTC:
The connection issue should now be sorted, but please post in this thread if anyone has any problems to connect to the EVE Online server.

Update @ 05:15 UTC:
Tranquility was taken down for an emergency reboot. This was caused by an issue not related to the earlier attacks.

Update @ 05:30 UTC:
Tranquility is back online. Please post in this thread if anyone has any problems to connect to the EVE Online server.



According to lulzsec: "Nope, we nulled their entire network and they can't recover, so they're pretending to "keep it down to protect users"."


well let's see whos easier to believe. big business who wants to bleed us dry without it seeming obvious or a bunch of know it all techies who have nothing better to do than screw up other peoples lives. honestly i hate both for different reasons


Both are suspect. Only they really know.


Pages: first : previous : ... 4 5 6 7 [8] 9 10 11 12 ... : last (25)

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only