In early February 2008 distributed denial of service attacks (DDoS) wreaked havoc at a whole slew of online gaming sites with Full Tilt Poker, Titan Poker, Virgin Games and Party Poker being among the sites attacked by a web-based botnet, according to the Shadowserver Foundation, a watchdog group of security professionals that gathers, tracks, and reports on malware, botnet activity, and electronic fraud. Some e-commerce sites were also attacked.
The full impact of these attacks was not immediately clear but Full Tilt Poker's Web site was inaccessible for most of two days forcing Full Tilt to "pause" the final table of the FTOPS VII Main Event for a brief period, with just three players remaining when its client lost connectivity with the Full Tilt servers.
“Botnet DDoS attacks are the likely culprit for Full Tilt's client problem during the tournament” said Andre M. DiMino, director of the Shadowserver Foundation. "A botnet is a network of compromised computers that act as drones under the common control of a central server traditionally the way they're formed is through viruses that infect machines that are then recruited to join the botnet. The operator of the botnet, through the command server, then issues instructions to compromised machines that form the botnet." DiMino said.
“In the case of Full Tilt Poker each of the compromised machines was instructed to send simultaneous requests to the online game’s site, which was too much for the servers to bear." DiMino explained. "The requests overloaded the bandwidth and took the servers offline."
The fact that the DDoS attacks were web based made it more difficult to repel, DiMino said. Traditionally, DDoS attacks are controlled by Internet Relay Chat (IRC), which is fairly easy to block, DiMino added. But Web botnets are "more resilient and difficult" to stop.
The Shadow Foundation traced the initial attacks to a server hosted by Layered Technologies. That server has been shut down, but the botnet has moved to a new host and IP address. "DDoS attacks are always going to be out there," DiMino says. "In the past, they were used to show the might of the botnet. But the real purpose for botnets now is fraud and identity theft."
Webscreen - answer to Botnet DDoS prevention
One technology that would have been able to help prevent the Botnet from disrupting Full Tilt’s global poker game is the Webscreen WS Series network security appliance. Webscreen monitors all Web traffic hitting the network looking for signs on non-human behaviour. Botnets are triggered automatically which Webscreen can distinguish from the normal Web activity expected from a legitimate punter. A Webscreen appliance positioned at the network gateway in front of the gaming site’s servers would have blocked the botnet traffic whilst allowing the game to continue.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment