New Type of DDoS Attack Targets Online Games

For online computer games, distributed denial-of-service (DDoS) attacks are nothing new. But a new type of DDoS attack, used last week to take down the online game "League of Legends" and several other video-game servers, is proving both highly effective and difficult to defend against.

What's more, it's costing professional gamers, who make money from advertisements during livestreams of their performances, thousands of dollars out of their livelihoods.

MORE: 13 Awesome PC Games That Have Gone Free

DDoS attacks consist of overloading a targeted server with a huge volume of seemingly legitimate, but difficult to fulfill, requests, which overwhelms the server so that it can't efficiently respond to real requests.  Many websites can defend themselves against older means of generating DDoS attacks, which usually involve manipulating the Internet's Transmission Control Protocol (TCP) to create fake IP (Internet Protocol) addresses and junk data packets to flood targeted servers.

However, a new trick that abuses the Network Time Protocol (NTP), which keeps computers' clocks synced up to Coordinated Universal Time, is proving more difficult to thwart.

The NTP method first began to appear late last year. To bring down a server such as one running "League of Legends," the attackers trick NTP servers into thinking they've been queried by the "League of Legends" server.

The NTP servers, thinking they're responding to a legitimate query, message the "League of Legends" server, overloading it with as many as 100 gigabits per second (Gbps). That's large even for a DDoS attack.

In this way, one small request to an NTP server can generate an enormous response capable of taking down even high-capacity websites.

NTP-style DDoS attacks were used last week (Jan. 2-3) to take down the servers for the online gaming platforms Steam, Origin and Battle.net as well as "League of Legends."

Aside from angering a whole lot of players, these attacks also cost professional gamers a lot of money by making them unable to do their jobs.

"These people generate revenue using game servers, so when they're attacked, it creates dramatic financial loss for them," Matt Mahvi, CEO of DDoS protection company Staminus, told Ars Technica.

Staminus told Ars Technica that many of its customers have been targeted by NTP-style DDoS attacks in the past few weeks, including several popular "Minecraft" servers.

NTP attacks are made possible via a vulnerability in the NTP servers, which the National Vulnerability Database first flagged on Jan. 2.  

There isn't much that individual gamers can do to protect themselves against DDoS attacks. However, server operators can upgrade their NTP software to version 4.2.7p26 or later, in which the vulnerability exploited in these DDoS attacks has been patched.  

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

TOPICS

Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects. 

Latest in Online Security
and image of the Google Chrome logo on a laptop
Google Chrome at risk from shape-shifting browser extensions — how to stay safe
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
Android 12
Google March Android Security Update fixes two high severity vulnerabilities — update now
An Android bot next to an Android TV remote
Millions of Android TVs hijacked in massive botnet — how to see if yours is at risk
Poster of Elon Musk saying "I am stealing from you"
Elon Musk's DOGE blocked from accessing your data – and 3 in 4 Americans agree
A fake text message on a smartphone being held by both hands.
Toll road scams are worse than ever — what to look for and how to stay safe
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Sunday, March 9 (#637)
Prime Gaming's selection of free games for March 2025
Amazon Prime is giving away these 20 games in March — get Fallout, Saints Row 3, and more free games now
Hugh Grant as Mr. Reed in "Heretic"
Max top 10 movies — here’s the 3 worth watching right now
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #371 (Sunday, March 9 2025)
Nintendo Switch 2
Nintendo Switch 2 price rumors and predictions — everything we've heard so far
Samsung Galaxy S25 Edge back
Samsung Galaxy S25 Edge latest leak hints at good news for pricing
  • owmesyajut
    The NTP website at http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using says that versions 4.2.4p8 or 4.2.6, or later are immune to this attack, rather than just 4.2.7p26
    Reply
  • joel abraham
    Hope this one helps youhttp://letushare.com/issue-with-ntp-servers-the-new-ddos-target/
    Reply