Xbox Live Players Targeted In Denial-of-Service Attacks

The BBC reports on a growing trend where some Xbox Live players are launching denial-of-service attacks against those who beat them or otherwise irritate them in games. Quoting: "'The smart thing about these Xbox tools is that they do not attack the Xbox Live network itself,' [Chris Boyd, director of malware research at Facetime Communications said.] He said the tools work by exploiting the way that the Xbox Live network is set up. Game consoles connecting to the Xbox network send data via the net, and for that it needs an IP address. Even better, said Mr Boyd, games played via Xbox Live are not hosted on private servers. The tools mean anyone with a few dollars can boot rivals off Xbox Live. 'Instead,' he said, 'a lot of games on Xbox Live are hosted by players.' ... For $20 (£13) some Xbox Live hackers will remotely access a customer's PC and set up the whole system so it can be run any time they need it. Some offer low rates to add compromised machines to a botnet and increase the amount of data flooding a particular IP address."

The victims are the winners..

[the_raptor]

When I beat someone so badly that they have to resort to those sorts of tactics, I feel like the winner. If that happened to me I would brag for years how I had beaten 1337d00d94 so badly that he had to DDOS me.

Re:

[Anthony_Cargile]

...beaten 1337d00d94 so badly...

Yep, I'd say that sounds about right [anthonycargile.com].

...What? I get bored too!

Re:

[DavoMan]

Your mother is not a video games console. And, stay on topic please.

This article doesn't seem to raise an eyebrow with me. DDOSing has been around for yonks - the application layer/user network doesn't really matter.

Anyone who has been on IRC knows that DDOSing is as old as the hills - and the previous poster's mom :)

Re:

[Kalriath]

I don't get it. What the hell does that have to do with anything?

Re:

[Anonymous Coward]

He's commenting on the fact that so many morons use names that either have:

A reference to being "elite" or "leet", to use the script kiddie parlance.

A reference to some sort of mind altering substance, probably put in place as a pathetic show of how "cool" or "mature" the person thinks they are.

A reference to genitalia or sexual practices, used either for "shock" value or, like the above, as a sad little show of how "cool" or "mature" the person thinks they are.

A reference to a character, title, group or pl

Re:

[nog_lorp]

Dammit AC, did you just use the phrase "unimaginative philistine"?

Re:

[nog_lorp]

That's why they should use the GIMP Lens Flare filter!

Re:

[ciderVisor]

Thanks for that explanation. I'm glad I wasn't the only one to have a 'Whoosh' moment, there.

Re:

[Ihmhi]

I have thus developed the ultimate gamertag thanks to your tips:

1337Qu1G0nC0ck5t0n3r69

Re:

[Davemania]

I rather take the real victory than an imaginary moral victory.

Re:

[dukeofurl01]

That would be great if you could determine who was DDoSing you.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[im_thatoneguy]

Just a thought... but wouldn't it be relatively easy to prosecute the offending twerp? If they aren't using a botnet then finding their own IP address should be pretty trivial.

If my internet went out for 2 days and I could attribute it to a DDOS attack and I could determine the IP address I would happily sue the little asshat's parents into grounding his sorry ass for a few years.

Re:

[Lumpy]

There are so many little ankle biters on XboxLive that if you intimidate them with your gamerscore they boot you from their public games. Or drop their server when they lose, etc...

It does not surprise me that some of these losers are such bad sports they do this crap. It's why I stopped playing any public games and only play private games with friends I know. Smaller pool of opponents but less of the losers.

Re:

[BikeHelmet]

Dude, I totally owned so many people at Warcraft III. After months of win after win after win, I suddenly found my email address signed up to several thousand newsletters.

It taught me two things:
1) I rock.
2) Don't match your username to your email address.

$20? You cang et it for free

[SupremoMan]

Just submit a story full of buzzwords to Slashdot, and instead of linking article link your victims IP address. The editors won't check the link, and your victim will be slashdoted for a while.

Re:

[Rip Dick]

An ingenious evil plan, I admit. But, your one flaw was assuming people will actually RTFA...

Re:

[artor3]

And yet the links always get slashdotted. I suppose it's like New York City, where no drives on account of all the traffic.

Re:

[sortius_nod]

I don't normally laugh at this kind of childish crap... but today I did. Bravo to you sir, bravo indeed.

Re:

[Tatisimo]

But we all open them in a different tab to be read later, along with all other 40 something tabs.

This is interesting...

[Anthony_Cargile]

I was just playing Halo 3 today on Xbox Live(hey, I get bored too), and I'd say 92% of the people I played were what sounded like 10-12 year-olds. One pronounced another person's gamertag, XdamnedsoldierX, "ecks damm-ed soul-digger"[sic], and after reading TFA I could only think: "So, the new conductors of DDoS attacks these days are no longer the smart, possibly disgruntled computer engineering majors of the 80's and 90's, but prepubescent kids who can't even pronounce words like 'damned' (despite using it online since mommy's not home) and 'soldier".

But from what this says, they can still be considered "script kiddies", since they still seem to be relying on the work of others to accomplish these misdeeds. Whatever happened to the good 'ole 80's and 90's when you had to actually know something about the trade in order to accomplish something like this? I'm not justifying it, but come on, whatever happened to working towards something? I don't remember the movie "WarGames"'s plot including the act of downloading some program to do his work.

Re:

[Renraku]

Ever play World of Warcraft on a PvP server? Often times someone will attack you and either kill you and move on, or if you kill them, they'll go and get their lv80 and stand on your corpse for a half-hour.

It would be like someone challenging you to a wrestling match and upon you winning, they'd go get their 30 year old brother to step in for them.

Re:

[Cheapy]

You must be getting all the wrong players. Most of the people I hear talking on Halo 3 online sound much older than 10-12.

Re:

[Reapy]

Nothing new here. Playing on Kali servers I remember when "winnuke" got discovered and passed around. We all had fun for a week or two nailing each other with it. There will always be script kiddies! :)

can come in handy

[enter to exit]

Most gamers wouldn't kick out someone for beating them

It defeats the purpose of the game

However this could come in handy for suspected bots and cheaters

Re:

[Exawatt]

Most gamers wouldn't kick out someone for beating them

You have obviously not played Halo 3.

Re:

[KDR_11k]

Only for people who play the game to challenge themselves, not to boost their e-peen

Re:

[The Moof]

If you're handing a trouncing out to someone, they can decide that you're not allowed to play. And alot of matchmaking/ranking systems have started taking 'incomplete' games into account, some making them worse than losing. So that kid effectively didn't lose, you did when he DDoS'd you right out of the game. It's the win-by-forfeit thing.

More likely, they're just griefers getting their kicks off pissing you off.

If you don't think XBL is full of asshats who would do this, just look up blocking in Lef

Re:

[FreeFull]

The fair thing is only to DoS them back straight away next time you end up playing against them.

Private servers

[VGPowerlord]

"Even better, said Mr Boyd, games played via Xbox Live are not hosted on private servers."

Say what? The way I understood it, Xbox Live Gold is a subscription service because Microsoft owns and operates the game servers.

Re:

[Exawatt]

The servers allowing you to find each player are Microsoft's. The servers you play on are the player's own Xboxes (or is it Xboxs?). Some games may not use this method, but many games (e.g. Halo 3) do. Proof would be when the game host leaves, and everyone has to wait while the game says "selecting new host." Microsoft servers determine the game host as the one with the best connection to the other players, but from that point the game is played directly between the involved players.

It should be noted th

Re:

[Rip Dick]

Xboxes (or is it Xboxs?)

Xboxen?

Re:

[snowraver1]

I have a feeling that MS helps with the voice too. In halo games, for example, I think that the talking player sends data to MS who essentially multicasts it to the other players. Just a hunch.

Re:

[jovis81]

Microsoft again elects to go with the cheap and insecure way of doing things. My belief is that if you pay for a service you should fully understand what you are getting. In this case I believe all you are paying for is matchmaking. This is the reason I switched from Xbox to PS3, I know Xbox Live is a better service but it is not worth the monthly fees without having private servers. Now we know why Microsoft's stock is finally tanking. Simple solution you pay for a service with private hosting don't pay fo

Re:

[jovis81]

Slashdot didn't include the "less than" symbol I had for the "PC Game Cost Game Console Cost" string.

Re:Private servers - Scalability not cheapness

[WarwickRyan]

Erm, it has nothing to do with "cheapness".

Hosting in this manner has two advantages:

1. It's far more scalable than using Microsoft servers. Microsoft just need to add an new login server to increase capacity. If they were to be 'host' for everything, they'd have to upgrade far sooner. Result would be far more downtime on Live around the holidays.

2. With smart player matching, it can also be much faster. If all players are from the same region, but the servers from Microsoft are in an different region,

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Allador]

The challenge isnt MS (or any company with the volume of XBL) having enough capacity at any one time, its in how fast they can grow their capacity.

Look at last christmas, when they couldnt keep up in capacity growth when CoD4 came out and everyone was home playing on the holidays.

That was just them hosting the login servers.

Imagine how bad it would have been if they not only hosted the login & matchmaking servers, but had to host reflectors/multicasters to host 2-12x the amount of traffic of every xbox

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[The Moof]

The games (usually) use a peer-to-peer system for matches, designating one of the players as the match host. The systems run on Live's network (using Live's Authentication and procotols, etc), which is what you pay the subscription fee to access.

Re:

[ptx0]

And? What happened next?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[snowraver1]

Actually L4D does have dedicated XBOX Live servers. [left4dead411.com]

Took them long enough.

[Detaer]

XBL has now just caught up to PC gaming in 1995.

The new XBox 360 logo

[David Gerard]

You'll know it happens to you when your box's logo turns to one of these [today.com]. Instantly recognisable!

How did they determine it was a DOS?

[infonography]

Not that DOS isn't already an obvious trademark of Microsoft....

If it's flaky and broken do you really need to look outside? I am smelling something fishy here and I think it's Red Herring.

Re:

[LordSnooty]

Genuine statement, joke: one is a genuine statement, the other a joke. Which is which? If you can't tell, you MUST be new here.

Re:

[infonography]

some forms of humor are lost on some people and most of them seem to read slashdot.

FTFA:

[Datamonstar]

Even better, said Mr Boyd, games played via Xbox Live are not hosted on private servers. ... 'Instead,' he said, 'a lot of games on Xbox Live are hosted by players.' ...

Then what the FUCK are those players PAYING for, then? I thought there could not be another reason I consider the Xbox and everything that it brought with it was the toxic bane of gaming as we once knew it. There is no fairness in that at all. Silver service included. you're still giving away part of your oneline identity, as seen here by

Re:

[Shrike82]

I'm risking being modded down here, but to hell with it. Blatant and foundless attacks on Microsoft are getting a bit tiresome really.

A lot of games use this model for organising online matches. Someone above made some great points about why this can be a positive, rather than a negative, way of doing things. Clearly you haven't RTFA as your online identity is no more at risk than if you were using a PC to browse the web. IP address is about the extent of it.

The players are paying for the rights to us

Re:

[dougisfunny]

A lot of games use that model? Such as what?

Warcraft III? Starcraft?

Any MMOs have central game servers. Any recent FPS games have hosted servers.

As stated in another post, Xbox Live is basically catching up to 1995 PC gaming.

Re:

[Datamonstar]

I would agree if not for what the previous poster said about most current tech games hosting games on private servers. That's the #1 best way to prevent cheating, after-all, to host all sensitive content serverside. Also, I would agree if not for the fact that the PS3 has FREE online network. It is free and it still manages to provide all the features of Live. the PS2 had a FREE network in Japan as well, but most companies hosted their own servers for games and simply removed those features from the US port

Re:

[Reapy]

One of the reasons I don't subscribe to xbox live gold is that in the pc gaming world, the precident has already been set. Starting early on with ipx --> tpc emulators like kali, and most notably battle.net arriving on the scene, just about every major game has FREE online play. No reason you should need an xbox live subscription.

Even games like battlefield where you have "official servers" it is still someone paying a fee to EA to be "official" hosting on their own machines. The cost of the player is no

Re:

[palegray.net]

Exposing your credit card information to an online criminal, for any reason at all, seems like a pretty awful idea to me.

Ugh...

[trytoguess]

I bitch that Nintendo's friend code policy is far too draconic, yet I see shit like this and I get powerful pangs of doubt...