DDOS, DOS, AND OUR NEXT STEPS We have monitored an increase in the amount of DDoS and DoS attacks against our servers following the release of Operation Ember Rise. Below you will find our next steps for how we plan to address the situation and move forward.
NEXT STEPS
BAN WAVESWe have identified the worst offenders perpetuating these DDoS/DoS attacks, and will be initiating a ban wave. This will apply to both PC and Console players.
Impact: Players that have been found to be initiating DDoS/DoS attacks will be banned.
Target: Next Week, will continue as needed
REDUCING MATCHES PER SERVERWe currently host 3 matches per server. When a server crashes, or when a DDoS/DoS attack occurs, this results in 3 matches being impacted and taken offline. We are splitting this to have each server host a single match to reduce the impact
Impact: 66% reduction in the impact of DDoS/DoS attacks.
Target: End of this week
REMOVE ESCALATING ABANDON SANCTIONWe have noted the unintended consequences of the escalating abandon sanction on players impacted by DDoS/DoS attacks. We are disabling this feature to reduce the longer term impact that is felt by legitimate players.
Impact: Reduce impact felt by legitimate players after a match has been ended via DDoS/DoS/Soft Booting.
Target: End of this week
NETWORK TRAFFIC MONITORING/MANAGEMENTWe are making adjustments to how we manage and monitor network data, and how we accept packets sent to our servers. We cannot provide details on this topic, as it will expose information that can be used to circumvent the work we are doing. This will have a substantial impact on DDoS, DoS, Soft Booting, and server stressing.
Impact: This will have a substantial impact on DDoS, DoS, Soft Booting, and server stressing.
Target: Early October
LEGAL OPTIONSWe have discussed the current situation with our legal team, and assessed our options. We will be issuing cease and desists to websites and people hosting these services.
Legal action against prominent DDoS/DoS attackers is in progress.
Impact: Reduce the availability of DDoS/DoS service providers
Target: Ongoing
WORKING WITH MICROSOFT PARTNERSDevelopment is ongoing with our partners on the Microsoft Azure team, and we are working closely with them to develop both short and long term solutions.
Impact: This will have a substantial impact on DDoS, DoS, Soft Booting, and server stressing.
Target: Ongoing
LIST OF TERMS These terms will be used regularly throughout this article:
DDoS – An attack on the server, or network, from multiple PCs/devices that overloads the network. This results in all players being disconnected and the match ending.
DoS – An attack on the server, or network, from a single PC/device that overloads the connection. This sometimes results in all players being disconnected.
“Soft Booting” – A DDoS/DoS attack that degrades the network/server to the point that some players are dropped from the match.
“Stressing” – A DDoS/DoS attack that degrades the network/server to a lesser degree than “Soft Booting”. This results in all players maintaining their connection, but having a constant ping >1,000ms, making the game unresponsive.