What DDoS Attacks Mean for ISPs, Mobile Games and Gaming Servers

According to the Entertainment Software Association more than 155 million people in the U.S. play video games. So when Shawn Andrich, the founder of GamersWithJobs.com says, “Gaming is everywhere”, that’s not an overstatement.

Most of these games take place online which makes them vulnerable to DDoS attacks. In 2011, Sony’s PlayStation network was the victim of a high-profile DDoS strike and since that time, the attacks have gotten more powerful and more frequent. Xbox Live, Nintendo, League of Legends, Blizzard, and smaller networks have all suffered debilitating DDoS attacks over the years. Last year, Blizzard Entertainment suffered connection issues.

DDoS attacks target all websites and networks. Gaming networks that are more susceptible to latency and outage must contend with DDoS attacks that are growing in frequency and severity.

Recently, Shawn Andrich co-hosted a webinar with Nicole Banks, the senior community manager at Imperva Incapsula, titled “Protect Your Gaming Infrastructure from Hackers and Competitors.” Together, they took a close look at the causes and effects of these attacks and discussed various solutions to this growing problem. At the end of the webinar, security evangelist Nabeel Saeed joined them to answer questions from the audience.

How Much Can a DDoS Attack Cost an ISP?

According to our research, a typical DDoS attack will cost an organization $40,000 per hour. But with an ISP there are additional issues. When an internet service provider goes down, it has a ripple effect for every tenant using the service. The costs can easily jump to 10-20 times higher for everyone involved.

How and Why Would a Competitor DDoS a Game?

There are two common reasons why a player would unleash a DDoS attack on a competitor: to gain a personal advantage and to disrupt the game. Extortion also comes into play in certain situations. Gamers may DDoS a competitor who’s at a critical stage in the game. If the target doesn’t pay a little ransom money the perpetrators could threaten to disrupt their game play.

Can Mobile Games Be Victims of Cyber Attacks?

“Unless you’re talking about a game like solitaire,” says Nabeel Saeed, “all video games are dependent on connectivity.” Whether they’re on your home computer, mobile phone or tablet, all games are connected to a centralized server. And that means mobile games are susceptible to DDoS attacks.

Providing uninterrupted service, no matter what device you’re using is a priority for gaming companies. Threat agents know that and will target the server that’s serving the requests of the games.

What Types of DDoS Attacks Effect Gaming Servers?

There’s nothing unique about attacks on gaming servers. They’re the same type of DDoS attacks that strike banking servers, e-commerce servers and any other server. They fall into three main categories:

  • Volumetric Attacks – These brute force attacks are the most common, including ICMP floods, UDP floods and spoof packet. They clog the pipes by flooding bandwidth and blocking access to online resources.
  • Protocol Attacks – These attacks target online server resources, rather than bandwidth.  They primarily affect communication equipment such as firewalls and load balancers.
  • Application Layer Attacks – These are the most sophisticated types of DDoS attacks because they mimic human user behavior. They’re hard to detect, but they’re capable of overwhelming the application server.

How Can My Gaming Company Protect Itself From Network Layer DDoS Attacks?

Because network layer attacks are the most common type of DDoS attacks, there are numerous ways to mitigate the threat. The basic idea is to have protection at the network level. Most gaming servers run on proprietary protocols that aren’t HTTP-based. That makes it critical to have a DDoS solution that operates on a network layer. Here’s what we recommend you can do to protect your gaming server.

Can a VPN Help Keep My Company Safe? Will a VPN Impact My Users?

Since latency and security issues are top concerns for gaming companies, a virtual private network definitely helps dissuade DDoS threats. These VPNs act as a proxy server for your entire network infrastructure.

An effective solution presents only the VPN side of the address to the outside world. The VPN masks the origin IP address while still allowing authorized users to access areas covered by internal IPs.

The impact on users is minimal. If the VPN is implemented properly, there shouldn’t be any negative impact. Make sure your solution provider has the data capacity to mitigate an extremely large data volume. In addition, it’s important to confirm that you have the proper screening and scrubbing procedures to approve your normal users while blocking the bad traffic.

What’s a GRE Tunnel and Do I Need One For My Gaming Server?

A generic routing encapsulation tunnel ensures that users aren’t affected by DDoS mitigation measures. It simplifies your network traffic by establishing a high-speed point-to-point connection between network nodes that bypasses normal routing speed bumps. This is especially important for the gaming industry.

GRE tunnels can be asymmetric, pushing data through the tunnel in one direction. A symmetric tunnel or two-way tunnel allows both ingress and egress traffic between your servers and your end users and is encapsulated through the tunnel.

How Can My Company Protect Against DNS Attacks?

There was a time when domain name system attacks weren’t very common especially in connection to gaming servers. But now they’re more prevalent.

DNS attacks can take an entire network offline without actually attacking your network. The attack will target a small portion of the system and by doing so it can start a domino effect that may bring the system to a halt.

There are a few things you can do to combat a DNS attack. And they’re all connected to a system’s own VPN. Make sure your solution:

  • Doesn’t slow down your operations
  • Ensures easy and uninterrupted installation
  • Screens traffic
  • Leverages rate-based information to identify the most sophisticated attack methods
  • Considers alternative methods like protecting a single IP

Can You Talk a Little Bit About Application Layer Attacks and How They Can Affect My Server?

Application layer attacks are less common in the gaming space than in the network space, but they still represent a substantial risk. The most important thing you need to do is identify the client.

Ninety-five percent of all application attacks are perpetrated by botnets. So if you can identify and filter out these malicious bots you have a significant head start to mitigating application layer attacks.

You can use client classification to identify and filter malicious botnets. Along with whitelisting, client classification can distinguish between humans and bots. It can also identify incoming good and bad bots.

A proven way to do this is to interrogate various attributes associated with your network traffic. When relevant, this includes HTTP headers, variations in cookie support, IP and ASN information and any other unique file characteristics.

Using these elements, a system can build an accurate profile of your authorized users. At Incapsula we use a multi-level approach for client classification. First we look at the header data, then we check out the IP and ASN information. After that, we start paying attention to patterns of behavior. And finally, we deploy client technology fingerprinting to establish the ‘humanity’ of the client.

The entire webinar can be heard here. For more information on DDoS protection and security solutions for your organization, please visit our Knowledge Center. Questions for our tech team? Please leave a comment below.

Keep your finger on the pulse

Sign up for updates from Imperva, our affiliated entities and industry news.