New Type of DDoS Attack Targets Online Games

For online computer games, distributed denial-of-service (DDoS) attacks are nothing new. But a new type of DDoS attack, used last week to take down the online game "League of Legends" and several other video-game servers, is proving both highly effective and difficult to defend against.

What's more, it's costing professional gamers, who make money from advertisements during livestreams of their performances, thousands of dollars out of their livelihoods.

MORE: 13 Awesome PC Games That Have Gone Free

DDoS attacks consist of overloading a targeted server with a huge volume of seemingly legitimate, but difficult to fulfill, requests, which overwhelms the server so that it can't efficiently respond to real requests.  Many websites can defend themselves against older means of generating DDoS attacks, which usually involve manipulating the Internet's Transmission Control Protocol (TCP) to create fake IP (Internet Protocol) addresses and junk data packets to flood targeted servers.

However, a new trick that abuses the Network Time Protocol (NTP), which keeps computers' clocks synced up to Coordinated Universal Time, is proving more difficult to thwart.

The NTP method first began to appear late last year. To bring down a server such as one running "League of Legends," the attackers trick NTP servers into thinking they've been queried by the "League of Legends" server.

The NTP servers, thinking they're responding to a legitimate query, message the "League of Legends" server, overloading it with as many as 100 gigabits per second (Gbps). That's large even for a DDoS attack.

In this way, one small request to an NTP server can generate an enormous response capable of taking down even high-capacity websites.

NTP-style DDoS attacks were used last week (Jan. 2-3) to take down the servers for the online gaming platforms Steam, Origin and Battle.net as well as "League of Legends."

Aside from angering a whole lot of players, these attacks also cost professional gamers a lot of money by making them unable to do their jobs.

"These people generate revenue using game servers, so when they're attacked, it creates dramatic financial loss for them," Matt Mahvi, CEO of DDoS protection company Staminus, told Ars Technica.

Staminus told Ars Technica that many of its customers have been targeted by NTP-style DDoS attacks in the past few weeks, including several popular "Minecraft" servers.

NTP attacks are made possible via a vulnerability in the NTP servers, which the National Vulnerability Database first flagged on Jan. 2.  

There isn't much that individual gamers can do to protect themselves against DDoS attacks. However, server operators can upgrade their NTP software to version 4.2.7p26 or later, in which the vulnerability exploited in these DDoS attacks has been patched.  

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

TOPICS

Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects. 

Latest in Online Security
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Best antivirus software
How does antivirus software work
and image of the Google Chrome logo on a laptop
Google Chrome at risk from shape-shifting browser extensions — how to stay safe
Latest in News
Samsung Galaxy S25 Edge back
Samsung Galaxy S25 Edge price comes into focus with latest leak
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
NYTimes Connections
NYT Connections today hints and answers — Wednesday, March 12 (#640)
Jean Smart as Deborah Vance and Hannah Einbinder as Ava Daniels in Hacks
Max reveals 'Hacks' season 4 release date and trailer — here's when it's coming
Google Pixel 5 review
Google Pixel 10 lineup leaked in new renderings — here's what they look like
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
  • owmesyajut
    The NTP website at http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using says that versions 4.2.4p8 or 4.2.6, or later are immune to this attack, rather than just 4.2.7p26
    Reply
  • joel abraham
    Hope this one helps youhttp://letushare.com/issue-with-ntp-servers-the-new-ddos-target/
    Reply