Blizzard's Battle.net is Currently Suffering a DDoS Attack

Sporadic service issues are still occuring.

7

For the last 14 hours, Blizzard's Battle.net service has been sporadically affected by DDoS attacks. If you're experiencing any latency or connection issues with a Blizzard title, it's more than likely due to DDoS.

Blizzard hasn't commented specifically on which games and platforms have been affected, although they have confirmed that World of Warcraft is one of them. Players who are trying to enjoy the Overwatch Winter Event may find themselves a bit frustrated if this keeps up.

If you're having issues connecting to multiplayer with any of Blizzard's products, just hold tight, the problem more than likely isn't on your end. Continue to check Blizzard's Customer Service Twitter account for more info if issues with your games continue to occur.

Contributing Editor
From The Chatty
  • reply
    December 15, 2016 11:47 AM

    -Shack Staff posted a new article, Blizzard's Battle.net is Currently Suffering a DDoS Attack

    • reply
      December 15, 2016 11:58 AM

      Seems to be a weekly thing now.

    • reply
      December 15, 2016 12:13 PM

      I was just in Heroes and didn't have any issues.

    • reply
      December 15, 2016 12:18 PM

      Another cheater must have gotten banned.

    • reply
      December 15, 2016 2:20 PM

      [deleted]

    • reply
      December 15, 2016 2:26 PM

      What is the goal of the attackers? Idgi

      • reply
        December 15, 2016 2:32 PM

        Lagstabbing.

      • reply
        December 15, 2016 3:18 PM

        Sometimes it's just to be a dick and sometimes they're demonstrating their services for people willing to pay them for it.

      • reply
        December 15, 2016 4:31 PM

        HACK THE PLANET

    • reply
      December 15, 2016 3:28 PM

      Whats gross is it can cost as little as 20 or 30 bucks to ddos attack a server, but to protect against the attack can easily run thousands of dollars a month

      • reply
        December 15, 2016 4:09 PM

        it's cheaper than that to attack these days; and I literally have three quotes for DDoS scrubbing on my desktop right now...

        $8,000/mo @ 10Gbps clean via ISP A
        $10,000/mo @ 7Gbps clean via ISP B
        $32K/yr for a certain number of protection hours via ISP C

        In all these cases we still have to buy additional transit and a circuit (roughly $5K-$7K depending) just to use the scrubbing service.

        But that's still cheaper than building your own scrubbing because I have those quotes too... the cheapest solution that could handle 100Gbps+ was in the $500K area; and we'd need at least 4 installs to keep up with our traffic load. Fuckin' crazy. Makes my backbone routers' cost look like a bargain! :D

        • reply
          December 15, 2016 4:11 PM

          [deleted]

          • reply
            December 15, 2016 6:34 PM

            Not really. I just typed up a huge reply so most of the stuff is in there. It's just a HUGE, complex problem. And thanks to shitty IoT software the goal posts keep getting moved.

            Monitoring of the bigger IoT botnets will become more and more crucial though. So I hope we don't cut NSF's budget so much that all the university researchers that dig into this shit all find new jobs and can't help with the bigger problems.

        • reply
          December 15, 2016 4:39 PM

          What does DDOS scrubbing entail? Regardless of the details, though, that's crazy.

          • reply
            December 15, 2016 6:32 PM

            Depends on the architecture.. but:
            1) You have to be able to absorb the flood.. so these days you need to have about 600Gbps - 1Tbps of EXTRA throughput to handle the attack so it can be scrubbed

            2) Need some kind of data reporting tool to "find" the attack and characterized it. Most networks do this with flow export (sFlow, IPFIX, netflox, etc) because it scales well and there's a decent set of commercial and open source software to do it. Other networks do this with physical taps (cheaper) or span/mirror ports (fewer boxes to buy).

            3) Once the bad traffic is identified in a course manner (dest_IP, src_port, dst_port, etc) you typically signal a "sink" or "shunt" route for the attack destination. Normally via BGP as a unicast route but FlowSpec is allowing for additional match conditions on "sunk" / "shunted" traffic. So typically you can only send ALL traffic for the attack target via a unicast /32 route (or /128 for v6). FlowSpec allows you to shunt only UDP:53 (DNS) or whatever to the scrubbing station(s).

            4) THEN you need something to take the clean+dirty traffic and actually do the job of filtering out the junk. This is obviously the hard part and each vendor has it's own secret sauce for this part. Arbor Networks, RAD, etc.. they all do things a little differently but in the end they put a SHITLOAD of CPU into a box along with some FPGAs. The CPUs look at every packet and build rules to filter the bad stuff. The rules get installed into the FPGAs. And some part of the FPGA / ASIC reports stats back for management purposes.

            5) Then you need something to continue monitoring the whole mess and remote the shunt route when the attack subsides.

            And you gotta do that in multiple locations typically. It leads to really complex systems that can get out of sync if they're not well designed and deployed. It's the reason a lot of this gear costs in the hundreds of thousands of dollars for a single box that can only handle 100Gbps of dirty traffic.

            And there's little indication that these systems can handle the new IoT botnets. Especially as those botnets mature. Typically attackers have to use reflection and amplification to reach >10Gbps in their attacks. That limits them to UDP-based services like NTP, DNS, SSDP, chargen, etc. Those attacks are easy to identify and filter if you can absorb the avalanche of traffic. The new IoT botnets are different because they can spawn 1Tbps+ of actual TCP:80 (or 443, or whatever) sessions that all look fairly legit. So middle boxes like Arbor and RAD have a really hard time determining good sessions from bad. As the botnet gets better at randomizing it's request string or user agent (etc) these things will be even harder to deal with.

            I mean there's tons of super smart people trying to solve the problem but I'm not sure how the IoT stuff will get dealt with. Our best bet is probably some kind of cooperative cloud between multiple ISPs and hardware/software vendors. But that starts to look a whole lot like a spying apparatus pretty quick so I'm not sure the general public would be OK with it.

            Dunno.. should be fun to figure out!

    • reply
      December 15, 2016 5:43 PM

      [deleted]

Hello, Meet Lola