DoS Attack Forces EVE Online Offline

Resorting to the out-of-band messaging that is Facebook, CCP Games has announced that "At 02:05 GMT June 2nd, CCP became aware of a significant and sustained distributed denial-of-service attack (DDoS) against the Tranquility cluster (which houses EVE Online and DUST 514) and web servers."

Correction

[girlintraining]

It's not Facebook that they're updating from; It's Twitter. Their Facebook account is linked to Twitter.

Anyway, this isn't the first time the servers have been DDoS'd; This happens about every 4 months or so on average. And unfortunately, they've handled it about as well each time as you're seeing now: They tend not to announce the DDoS until hours after the news is all over the forums that people are experiencing mass disconnects and instability. And once the problem has been identified (late), their response is usually to kill all the servers, remove the BGP routing table entry for their network, and wait it out.

They don't have the capability of weathering DDoS attacks; Though they claim otherwise, history tells another story. It has to do with the fact that their game depends on a cluster architecture that is not adaptable to something like Amazon cloud, or any kind of scalability. I don't really want to get into details here because it gets really technical, but basically it comes down to data syncronization within the cluster requiring very low latency between nodes. And that means you can't locate the nodes off-site, and proxying is only of limited utility.

They tried proxying the front-end for accepting connections and authenticating users, because that's what has been targetted in the past and is one of the few components that can be moved. The current DDoS attack though is generating large numbers of connections that look the same as legitimate connections, so the proxies are allowing them. Rather than just throwing as much bandwidth as they can at the network as in the past, they're now crafting their traffic.

I suspect the reason the attack is being launched now is because in a few days they're releasing a new patch of the game which will change the network protocols used by the client... their hack might not work then, so they probably decided to launch it now before it becomes useless. They are hitting people on the weekend because it's when the most users are on... so it's most likely to be noticed.

Re:Eve Offline

[Anonymous Coward]

3) get a life.

Re:So...

[Pino Grigio]

Some people are speculating it's to do with TEST Alliance, as they're under a bit of pressure at the moment. It wouldn't surprise me if Eve played host to the kind of idiots who'd be able to do something like this. Certain aspects of the game are attractive to sociopaths. Then again I'm not a conspiracy theorist, so I'm thinking it's just a re-run of the last one, given that some of Lulzsec guys were jailed a few weeks ago for doing it some time ago [theregister.co.uk].

Re:Correction

[Phrogman]

Increasingly /. is all about pointless uninformative one line comments. In that its very much like reddit. I used to come here for interesting stories and responses, but now I have to wade through 100 pointless quips to get to one informative one.