New DDoS attack kicks in

3-3-2010 13:07

According to Michal "Carmac" Blicharz, Product Manager of Extreme Masters, ESL has been hit by another DDoS attack.

Yesterday just past noon, we reported about DDoS attacks directed at the ESL network here at CeBIT. A fresh note from Michal "Carmac" Blicharz just kicked in, as he reported to us that the network has once again been hit by a DDoS (Distributed Denial of Service) attack.

Yesterday it played a huge impact on games such as mTw versus Frag eXecutors and fnatic against Evil Geniuses. Until now, there had been no problems with the network and everything had been working fine. But with the DDoS attacks once again starting, it has affected the Quake Live and WoW group stage matches currently being played.

The ESL network is under heavy fire

This also affects the next Counter-Strike games, as there is currently a break for the teams. The games were supposed to resume at 13:30CET, but with the DDoS attacks delaying the two other games, it is very unlikely that Counter-Strike matches will resume at official starting time.

Quizzed about where the attack is coming from, Blicharz stated, "it's from very different ip addresses." Last year, when DDoS attacks knocked, ESL discovered that the attacks had come from China. Stay tuned for updates regarding the attacks and how much delay there will be before Group B resumes.

hahahzhhaa

2010-03-03 13:07

hahaha lol

2010-03-03 13:07

1 reply

aSpX stop attacking !! :(

2010-03-03 14:11

Of course....

2010-03-03 13:09

china :s

2010-03-03 13:09

omfg

2010-03-03 13:09

expected !! :P

2010-03-03 13:09

there must be a Chinese conspiracy against German inet...lame excuse, strangely yesterday it happened around same time. At least no real upsets were created today.

2010-03-03 13:11

1 reply

exactly. It's bullshit. They just can't handle this thing. Unprofessional event. Shame on those guys.

2010-03-03 13:15

how can they not be ready to counter these ? unbelievable...

2010-03-03 13:12

7 replies

if the hackers good, it's not that easy

2010-03-03 13:32

6 replies

come on they are Intel-related, they have access to the best hackers in the world to protect them don't they ?

2010-03-03 13:35

5 replies

No, they dont.

2010-03-03 14:23

intel isn't the CIA (:

2010-03-03 17:14

oh yeah.. they will obviously call kevin mitnick to help them out..

2010-03-03 17:48

1 reply

Kevin is a cracker, not a hacker and they're not the same ;)

2010-03-05 21:48

they have McGyver

2010-03-04 02:20

noob... RR rounter y go..AJAJAJA :p emmm...ingeniry informaty solutyion...0k4p.

2010-03-03 13:13

"Attacked". How many times do you need to be "attacted" to freakin secure the network. All that money and you allow this crap two days in a row. Great job guys.

2010-03-03 13:13

5 replies

they are to busy with the one and only "fatality" making crap and giving shit out!!

2010-03-03 13:15

4 replies

hehehehe. True that. Don't forget Klitschko advertising Intel chips. This is fucking ridiculous.

2010-03-03 13:17

3 replies

it's driving me crazy, god damned, think we all got the picture there's no need to come and advertise the same shit again and again and again...jeez, just come on stage give free stuff and get the hell out of there, so than cs can return! Right?

2010-03-03 13:19

2 replies

Hahaha. Agree. There is a thing called insistent advertising. And what they do there is exactly that. Having their logo on every freaking thing in that building doesn't do the job apparently. Funny stuff.

2010-03-03 13:23

the advertising is the consideration for all the money which intel and puts it. They give nothing away like presents, they invest it.

2010-03-04 04:54

Chinese nerds.. When WMF will play there will be no attacks for sure.

2010-03-03 13:14

3 replies

The truth is chinese people dont like korea.

2010-03-03 13:31

its lithuanian and russian comparison between korea and china :D

2010-03-03 13:34

1 reply

hahahah ; DDD agree chinese guys have nothing to do with this crap.

2010-03-03 13:55

lats year chinese gaming fire at the ESL Tournament. This year, i bet is someone on the pay role for H2K..... ESL will burn before he could consecrate a champion. Take that Admins ESL NOOBS. But not every one. HAHAHAHAAH Go GO P.s: yes i want to see the matches but this time is personal, they lock my acount again.

2010-03-03 13:15

"it's from very different ip addresses." well duh... The hacker probably has a botnet built up with computers from all over the world. Seriously, give these guys some schooling on how to secure the network... It isn't that hard

2010-03-03 13:18

16 replies

They've banned his ip and they thought it's a done deal :D "specialists"

2010-03-03 13:20

15 replies

just block all communications from the outside to the inside except for the ip addresses of the broadcasters and hltv and basically all ip addresses they can trust. Seriously, a couple of firewall rules to write, what's so hard about that...

2010-03-03 13:21

12 replies

I've got no freakin idea. It just shows how unprepared for this kind of event they are. I think only IEM has this kind of problems.

2010-03-03 13:24

this guy makes sense

2010-03-03 13:36

yes this may help but it depends on how many computers are attacking esl server, it can't be stopped

2010-03-03 13:36

3 replies

if you block the connections the computers won't be able to do jack shit vs. the network :D

2010-03-03 13:38

2 replies

It is not that easy just "block" everything, eg im sure cebits has many services..etc things what can viewed from internet, so you can't use "collect spesific ip's" if there is thousands of viewers.

2010-03-03 13:51

1 reply

didn't actually think of that :p completely different situation then :<

2010-03-03 14:02

I thought exactly the same thing, but when I think of it they _must_ have tried that already... if they can set up the whole network for this event I'm sure they're smart enough to have considered this. :/

2010-03-03 13:52

I doubt they can block the incoming traffic to CeBIT, I am afraid.

2010-03-03 14:24

1 reply

ye t800 said it as well. Didn't take that into account :(

2010-03-03 14:25

just block all communications from the outside?? Do you know what a three way handshake is?

2010-03-03 21:44

2 replies

Yes I do. And if you'd have read my post before that one you would've known that. I've no idea why I put that there, probably wasn't thinking and really didn't mean it like that. But what I actually meant to say was the same as my other post. You won't really be able to browse to some sites you're willing to go to. But if it offers a secure LAN why not do it?

2010-03-03 22:43

1 reply

apparently, you can edit only once :s nm my last two lines, just woke up. Use a stateful firewall.

2010-03-03 22:55

like non steam ban on variable IP adress ;DDD

2010-03-03 13:56

1 reply

hehehehe yeah neostrada style :D

2010-03-03 14:01

wtf? what a noob security... how can they strike a second time lol!

2010-03-03 13:19

1 reply

3rd or 4th time already fyi ;D

2010-03-03 13:22

guys its not really possible to say where is the attack coming from... Because the head organisator of the attack is hidden by 2 or even 3 lines of other PCs. He sends packets from that "infected" PCs, so maximum they can know is the address of those infected PCs, or in the special cases they can know the addresses of the 2nd line PCs. Those kind of attacks are done by hundreds of PCs that dont even know that they are used for attacks -.- Anyways I hope that they will resolve their problems and play the matches at their schedules. GL :)

2010-03-03 13:19

2 replies

so is this like a virus? is osama behind it :D

2010-03-03 13:43

Hundreds? Wait wat. More likely hundred thousands, if they are succeeding in taking down the ESL-line provided for them, by CeBIT.

2010-03-03 14:25

how can the intruedr remotly enter a LAN network, i though that could not happen only on inet. Only stream should get affected. esl-You shure about this really being DDOS?

2010-03-03 13:21

7 replies

the LAN network is connected to a WAN (Internet). That's how it's possible to perform a DDoS in the network.

2010-03-03 13:23

4 replies

Hmm, ok ty now I get it. but still, denial of service is the oldest hack know to man, how come they cant secure theyr router better?

2010-03-03 13:28

3 replies

no idea :p

2010-03-03 13:31

Well just tell Cebits IT-team close all ports expect what CS / HLTV using to WAN network, then it would work better :)

2010-03-03 13:33

1 reply

hahahahahahhahaha, perhaps the most retarded comment i've ever read :D

2010-03-03 14:26

That is very good questions :) I think all traffic, LAN & WAN networks are routed to same routers, so when some makes ddos attack to this router from WAN network, it also slows/breaks LAN connection

2010-03-03 13:23

arent they playing on steam that is using the same network? :$

2010-03-03 13:24

I guess that's Russians (:

2010-03-03 13:21

1 reply

no, sure not, its hackers from West Ukraine, from Lwow, russians and East Ukrainian guys - bad programmers and hackers, low qualification for that.

2010-03-03 13:28

hhhhhhhhhhh

2010-03-03 13:22

Proxys coming from China or DDoS? :)

2010-03-03 13:24

2 replies

Last years attacks came from China.

2010-03-03 13:34

1 reply

Okidoki!

2010-03-03 13:42

They never learn...

2010-03-03 13:26

fucking nerds :)

2010-03-03 13:26

I'VE GOT A QUESTION (cuz I'm a noob on hacking and stuff) Is so difficult to FIX it? firewall? somethinnnnnnnngggggggg????? I don't think it's so hard to prevent a "DDoS attack"... omg

2010-03-03 13:27

5 replies

it´s not....is a simple correction in the firewall.

2010-03-03 13:37

4 replies

right...

2010-03-03 14:01

no its not

2010-03-03 14:27

what??? Do you really think the people in the world's largest computer trade fair, are too stupid to plan a network? It's not that easy. Why do you think companies like Google, IBM , Microsoft, ebay have always these kind of problems? If you have no idea please shut up.

2010-03-04 05:13

1 reply

and again....Another one try's. pleasethis was yesterday, so belive in what you want.... Peace. P.S: I do belive it's possibel....

2010-03-04 10:51

yea baby

2010-03-03 13:27

Cmon seriously...

2010-03-03 13:27

;'(

2010-03-03 13:27

no china

2010-03-03 13:27

lanxiangjixiao!!!!!!!!!

2010-03-03 13:29

5 replies

lol !!

2010-03-03 13:36

wtf are you sayin'?

2010-03-03 13:49

3 replies

i think, "lanxiangjixiao!!!!!!!!!" - his recognition in DDoS attacks, or something about "i kill white guy's entertaiment from internet"

2010-03-03 14:06

it's a name of a school that once hacked google.actually, that kind of school train people ability for working.but some people from other countries thought they have military support.

2010-03-03 14:21

1 reply

I dont know if I expressed clearly with my limited vocabulary and suckass grammar...:p

2010-03-03 14:29

ESL needs Cisco firewalls :)

2010-03-03 13:30

3 replies

word!

2010-03-03 13:31

in France, cf Albanel, they need "OOo"

2010-03-03 13:33

thats correct .... XD

2010-03-03 13:42

the problem here, it's the hacker(s) : "enfoire de pirate de merde en gros"

2010-03-03 13:32

Dunno why many of you are laughing, it's pathetic to attack an event with DDoS.

2010-03-03 13:34

LOl just ban every ip adress exept hltv one and start playin ffs

2010-03-03 13:36

1 reply

Sorry, does not quite work like that.

2010-03-03 13:50

Dudes calm down. Simple Rules of Internet Security, Block everything, Ask the ESL TV and Hltv there i.p, Giving orders to the Routt ( by some firewall programing, some simple lines of code will do ) to pass the information from the i.p's given, and then enjoy seeing the sucker jam in a end less Reconnect try out. I belive and if I'm not mistaken, for to jump from i.p to i.p, is probably inside the event or out side in the rain with a lap top, don't try to fallow the i.p or try to understand where is camming from just look arround and you will see the guy fuc**** laughing Alone in some corner. Peace out ESL hahaha

2010-03-03 13:36

3 replies

If you could keep companies from something like this, how come you're not rich? Or are you?

2010-03-04 05:23

2 replies

Dude Believe that it's possible to protect an internal network from outside contact. Peace, Just studi the problem a little bit, and you will see that is not that hard... take some time to do so, but it's possibel. Peace

2010-03-04 10:54

1 reply

maybe in you're little home-network, on CeBit or big companies you have to block it already by the provider

2010-03-04 11:15

I hope they get owned again

2010-03-03 13:37

3 replies

go cut off your balls

2010-03-03 13:57

2 replies

And you go get yourself a brain dumbass

2010-03-03 14:01

1 reply

2010-03-04 13:33

Omg. Less 32k modems please!

2010-03-03 13:38

is there a way to handle/prevent these attacks? i mean some software/hardware or some other shit?

2010-03-03 13:41

1 reply

read #44 thats one way..

2010-03-03 13:43

Where is fodder? hum...

2010-03-03 13:51

\fuck them hacker

2010-03-03 13:52

ESL fail ...

2010-03-03 13:54

I guess the hackers login into HLTV.org, read the news, and have a big smile face to face, about the way that they shut down the most "highclass electronic event" in the world. It's really sad :<

2010-03-03 14:04

ESL stuff age average: 10.

2010-03-03 14:05

fuck u "ddos attackers" !

2010-03-03 14:08

[quote]Quizzed about where the attack is coming from, Blicharz stated, "it's from very different ip addresses." Last year, when DDoS attacks knocked, ESL discovered that the attacks had come from China.[/quote] TYLOO and WNV on REVENGE

2010-03-03 14:09

Lots of noobs here; go read: en.wikipedia.org/wiki/Distributed_denial.. if you think that you can just add a firewall rule or fix your router. Go back playing CS. "Most routers can be easily overwhelmed under DoS attack. If you add rules to take flow statistics out of the router during the DoS attacks, they further slow down and complicate the matter" "Some DoS attacks are too complex for today's firewalls, e.g. if there is an attack on port 80 (web service), firewalls cannot prevent that attack because they cannot distinguish good traffic from DoS attack traffic. Additionally, firewalls are too deep in the network hierarchy."

2010-03-03 14:14

15 replies

No, don't teach them. I'm in school and seriously bored, so let them please keep staking retarded things

2010-03-03 14:29

9 replies

if you are in school to learn computers and still think that it's impossible, I got one advice to you, When the teacher says " This is important " try to take some notes, because probably is. Peace

2010-03-03 14:35

2 replies

I study religion, not CS.

2010-03-03 14:53

1 reply

it's almost the same..... PEACE

2010-03-03 15:03

like you have any idea what is ddos even about :P

2010-03-03 14:39

2 replies

From your comments, it is more likely you that have got no clue at all :)

2010-03-03 14:54

1 reply

well i have some knowledge of ddos, altough i haven't deeply looked into those. But another hand you just post everyone "you don't know anything", but without giving any comments that you really would know something. So i think best you can do is c&p from wiki :P

2010-03-03 15:04

are you an ESL employee? You would fit the description - high school computer knowledge.

2010-03-03 14:47

2 replies

No, I am not. I do, however, know something about It-security. Something neither you nor most other people seem to do or care about. the reason #95 used wikipedia was for forumtrolls with no knowledge (like yourself and [s]hinobi) to understand it. Apperently you even failed that.

2010-03-03 14:57

1 reply

Maybe I'm not Kevin Mitnick. But I'm not that naive to don't see through their bullshit. I guess you've got some first hand info we don't know. But I guess kid like you believes everything corporations tell you. Fair enough.

2010-03-03 15:05

and another one trying.....Some of us simply said " SHUTDOWN the routter implant the new rules of traffic and the re-open first the getway to the Server games, then wait, re-caap see if the Attacks remains, then redirects information to the ESL TV and HLTV. then see if the attack remains, if so Freez every single i.p address trying to connect to the Routt, even if you try to jump from i.p's you will make a critical mistaque, becase the jump program does that on a loop system, so you will eventualy jump to one i.p that is alredy frozzen and from ther on you will became in a loop of reconect....." This is the more simple away to shouw to you that is possible. Ps: the only away this thosen work if, if the guy work for microsoft and have a programe that can loop in i.p's changes for ever, but that prove even my point, why would microsotf try to destroy the event.

2010-03-03 14:30

4 replies

Come on this guy takes his info from wikipedia. There's no matching that kind of knowledge on this matter.

2010-03-03 14:35

3 replies

ya.....you are correct....Wiki Rules, we's probably correct. i'm ssry quakerix never again i will put in question the knowledge from WIKI. Please forgive me.....XD Go Wiki FTW hahahaha

2010-03-03 14:39

2 replies

XD now that's better.

2010-03-03 14:45

1 reply

hahahah

2010-03-03 14:45

I just logged in on the ESL Website and had to smile a little bit, reading "OUR BEST EVENT EVER!" :>

2010-03-03 14:25

They really should have isolated the tournament computers' network with individual firewalls with IP-exceptions for HLTVs etc. If they got DDoSed last event they shuold have known it was coming. Even though CeBIT uses their connection for more things than the tournaments you can actually secore a private network inside the CeBIT network, if not even put the gaming coverage on a separate ISP service alltogether with strict IP-exceptions. But I think just to put the gaming-area behind a well configured firewall would make a huge difference. HLTV might still lag due to the external DDoS attacks but the gamers' network would be relatively safe and lag free. And at the end of the day, that's what matters.

2010-03-03 14:35

1 reply

correct but don't forget WIki says no....

2010-03-03 14:41

non-steam + private network > no ddos..but of course this would mean no hltv :)

2010-03-03 14:46

hahaahah DIE ESL!

2010-03-03 14:51

fuckin China hacks everything...

2010-03-03 14:56

they shouldnt have held the qualifier in taiwan...dont mess with chinese hackers

2010-03-03 15:02

"Last year, when DDoS attacks knocked, ESL discovered that the attacks had come from China." awesome

2010-03-03 16:03

are u sure that the hackers aren't targeting CeBit in general and the cs tournament is caught in the crossfire?

2010-03-03 16:20

dont get the point what esl tv does to you guys to get so much anger. only when none hltv is there any fanboi is screaming like a 10years old kid. I WANT HLTV I WANT HLTV :D thats really retarded. i thought here are more adults than in readmore and co but i was wrong :D

2010-03-03 16:50

3 replies

hltv.org is WAY above RM.de when it comes to trolls, flamers and just sum stupid kids.

2010-03-03 17:12

2 replies

okay not sure how much you have to do here. they should pay you for this job :-)

2010-03-03 17:13

1 reply

I like to do it, plus, it doesn't take too much time. there are busy times, and times where it's pretty quiet, just like in any other job :P As far as i know, on RM.de there are flame-threads on an almost daily basis (:

2010-03-03 17:15

AHAHAHAAHAHAHA lol!

2010-03-03 16:54

This kind of attack has also affected big companies, like Amazon, Twitter, Wal-Mart. So, don't think this is an easy task for the sysadmins..

2010-03-03 18:30

1 reply

+1 these school kids just think you have to activate a check-box in you router and everything is fine :)

2010-03-03 22:00

Honestly, I'd just rather they closed their network to the outside and simply make it work locally, and broadcast the demos just after the match. They could still stream the matches with a little delay and we'd be waiting anyway: either late HLTV broadcast or delayed matches. I'm not exactly sure if this is possible, I might be wrong, but as far as I know there could be a way to do it.

2010-03-03 19:07