Evil Avatar  



Go Back   Evil Avatar > Daily Gaming News > News Items

» Sponsored Links


» Recent Threads
Trump Cancels...
Last post by Terran
Today 01:05 PM
51 Replies, 2,533 Views
The UNDERWATER Trailer...
Last post by Chief Smash
Today 12:36 PM
12 Replies, 613 Views
Watch the new Gears of...
Last post by Chief Smash
Today 12:30 PM
3 Replies, 141 Views
Game & Movie Releases...
Last post by Booda
Today 12:22 PM
3 Replies, 149 Views
Watch Dogs: Legion:...
Last post by SpectralThundr
Today 12:19 PM
2 Replies, 132 Views
The Charlottesville Lie
Last post by blackzc
Today 11:43 AM
14 Replies, 940 Views
Gears 5 Halo: Reach...
Last post by ElektroDragon
Today 09:27 AM
3 Replies, 125 Views
Sony Buys Spider-Man...
Last post by ministryofwrath
Today 08:52 AM
5 Replies, 360 Views
Reply
 
Thread Tools
Old 03-08-2015, 12:12 PM   #1
Emabulator
The Voight-Kampff
 
Emabulator's Avatar
 
Join Date: Feb 2005
Location: The Garden State
Posts: 31,315
Blog Entries: 58
Sony's Yoshida: "PSN Is Attacked Literally Every Day"



Shady turds are on the attack!
Emabulator is offline   Reply With Quote
Old 03-08-2015, 01:09 PM   #2
Anenome
Autarchist
 
Anenome's Avatar
 
Join Date: May 2007
Location: Recursion City
Posts: 49,889
Blog Entries: 62
Welcome to the internet?
__________________
Choose your government: the majority ruling the minority, the minority ruling the majority, or everyone ruling themselves long as they do not initiate force, fraud, or theft against one another.
Anenome is offline   Reply With Quote
Old 03-08-2015, 02:43 PM   #3
Terran
Evil Dead
 
Terran's Avatar
 
Join Date: Jan 2008
Posts: 13,886
So, perhaps you should be a bit more prepared for it when it happens, so that restoration of services/features doesn't take as long?

Naaaaaah! Who am I kidding? Silly question...
__________________
Quote:
Originally Posted by Eats View Post
"...boys lining up outside a room to take a turn gang raping a woman?...I went to frat parties where shit like this was going down
Quote:
Originally Posted by Eats View Post
I certainly went to frat parties where girls were getting roofied
Terran is offline   Reply With Quote
Old 03-08-2015, 03:53 PM   #4
koorb
Reaper
 
Join Date: Feb 2005
Location: UK
Posts: 192
For some people, trying to hack PSN is ore fun than any of the available multiplayer games.
koorb is offline   Reply With Quote
Old 03-08-2015, 04:23 PM   #5
SpectralThundr
Evil Dead
 
SpectralThundr's Avatar
 
Join Date: Oct 2013
Location: Boston/Ontario
Posts: 8,754
Quote:
Originally Posted by Anenome View Post
Welcome to the internet?
Remember kids, DDOS attacks don't harm anyone cause damages or costs.
SpectralThundr is offline   Reply With Quote
Old 03-08-2015, 05:26 PM   #6
Anenome
Autarchist
 
Anenome's Avatar
 
Join Date: May 2007
Location: Recursion City
Posts: 49,889
Blog Entries: 62
Quote:
Originally Posted by SpectralThundr View Post
Remember kids, DDOS attacks don't harm anyone cause damages or costs.
DDOS doesn't cause physical damage. This is indisputable. It may frustrate business objectives for a time--not the same thing. It's in the category of nuisance, not damage. So now we're talking about metaphorical damage at best. If you can charge damages for DDOS, you might want to wonder if an ex-girlfriend can charge you for the metaphorical damage of breaking up with her later on. You thought feminism / liberalism was bad now, just wait.

All because you have a wishy-washy definition of damage.
__________________
Choose your government: the majority ruling the minority, the minority ruling the majority, or everyone ruling themselves long as they do not initiate force, fraud, or theft against one another.
Anenome is offline   Reply With Quote
Old 03-08-2015, 06:15 PM   #7
Orphiuchus
Evil Dead
 
Orphiuchus's Avatar
 
Join Date: Mar 2005
Location: Phoenix
Posts: 4,154
How on earth do you not consider loss of a businesses ability to provide a service to customers anything but damage? A disruption in a service is damage.

I'm currently a software dev at a company that has a customer facing portal. If that portal goes down for a day we lose real fucking money. That's the only kind of damage that matters. Just because we wouldn't need new network hardware if we had to deal with a DDOS doesn't mean there wouldn't be damage. We can actually see the numbers directly, if our external or internal sites aren't reachable for any decent period of time there is a direct and measurable loss of money.
__________________
USMC
Orphiuchus is offline   Reply With Quote
Old 03-08-2015, 06:32 PM   #8
SpectralThundr
Evil Dead
 
SpectralThundr's Avatar
 
Join Date: Oct 2013
Location: Boston/Ontario
Posts: 8,754
Quote:
Originally Posted by Anenome View Post
DDOS doesn't cause physical damage. This is indisputable. It may frustrate business objectives for a time--not the same thing. It's in the category of nuisance, not damage. So now we're talking about metaphorical damage at best. If you can charge damages for DDOS, you might want to wonder if an ex-girlfriend can charge you for the metaphorical damage of breaking up with her later on. You thought feminism / liberalism was bad now, just wait.

All because you have a wishy-washy definition of damage.
Lost of customer dollars from your service being down is damage. Having to constantly spend to fight and prevent your service going down from said DDOS attempts I'm sure isn't cheap either.

It has zero to do with feminism or liberaism, it does have to do with common sense however. Something you've shown to have absolutely zero of.
SpectralThundr is offline   Reply With Quote
Old 03-08-2015, 06:36 PM   #9
Anenome
Autarchist
 
Anenome's Avatar
 
Join Date: May 2007
Location: Recursion City
Posts: 49,889
Blog Entries: 62
Quote:
Originally Posted by Orphiuchus View Post
How on earth do you not consider loss of a businesses ability to provide a service to customers anything but damage? A disruption in a service is damage.
Generally one can't be liable for theoretical losses. You can claim lost business based on what you'd sell on average, but you can't prove that's what you'd actually sell.

Quote:
Originally Posted by Orphiuchus View Post
I'm currently a software dev at a company that has a customer facing portal. If that portal goes down for a day we lose real fucking money. That's the only kind of damage that matters. Just because we wouldn't need new network hardware if we had to deal with a DDOS doesn't mean there wouldn't be damage. We can actually see the numbers directly, if our external or internal sites aren't reachable for any decent period of time there is a direct and measurable loss of money.
But it's a situation you have created and enable by being a public-facing portal. Any time the cost of using a service is zero, you have a situation where it can be mobbed easily. Perhaps the answer is to charge a penny to everyone who connects, and then when you see it's a connection with a valid business concern, you refund the penny. That way you could easily cost only DDOS'ers tons of money and legit customers would face no costs at all.

This is a situation that should be solved by market innovation, not law. There is no actual damage to hardware caused by DDOS. There is only nuisance created and potential lost sales--you don't have a legal right to recoup potential sales.
__________________
Choose your government: the majority ruling the minority, the minority ruling the majority, or everyone ruling themselves long as they do not initiate force, fraud, or theft against one another.
Anenome is offline   Reply With Quote
Old 03-08-2015, 06:37 PM   #10
walstib
Evil Dead
 
walstib's Avatar
 
Join Date: Oct 2008
Posts: 313
Quote:
Originally Posted by Anenome View Post
DDOS doesn't cause physical damage. This is indisputable. It may frustrate business objectives for a time--not the same thing. It's in the category of nuisance, not damage. So now we're talking about metaphorical damage at best. If you can charge damages for DDOS, you might want to wonder if an ex-girlfriend can charge you for the metaphorical damage of breaking up with her later on. You thought feminism / liberalism was bad now, just wait.

All because you have a wishy-washy definition of damage.
wow. this is about the stupidest thing i have ever read here.

seriously? denying a business their operations and service to their customers is only a "nuisance"?

jeez.
walstib is offline   Reply With Quote
Old 03-08-2015, 06:40 PM   #11
Anenome
Autarchist
 
Anenome's Avatar
 
Join Date: May 2007
Location: Recursion City
Posts: 49,889
Blog Entries: 62
Quote:
Originally Posted by SpectralThundr View Post
Lost of customer dollars from your service being down is damage.
Not when you control whether that happens or not. Again, charging a penny per connection and then refunding legit customers would be a 100% effective end to all DDOS, yet companies have not implemented this, because it would suck to implement, but it's still a cure.

Quote:
Originally Posted by SpectralThundr View Post
Having to constantly spend to fight and prevent your service going down from said DDOS attempts I'm sure isn't cheap either.
Every big, visible company has to deal with that almost constantly. It's a cost of doing business in the same way that getting your building spray painted is a cost. And some customers might not come in if your neighborhood has too much graffiti, but you don't get to sue the graffiti artists for lost profits on that basis.
__________________
Choose your government: the majority ruling the minority, the minority ruling the majority, or everyone ruling themselves long as they do not initiate force, fraud, or theft against one another.
Anenome is offline   Reply With Quote
Old 03-08-2015, 06:42 PM   #12
Anenome
Autarchist
 
Anenome's Avatar
 
Join Date: May 2007
Location: Recursion City
Posts: 49,889
Blog Entries: 62
Quote:
Originally Posted by walstib View Post
wow. this is about the stupidest thing i have ever read here.

seriously? denying a business their operations and service to their customers is only a "nuisance"?

jeez.
Show me actual physical damage and I'll recant. Till then, enjoy your shock.

DDOS as far as I'm concerned is about as damaging as your neighbor walking around nude on his property. It's a nuisance that harms you only indirectly, that's easily avoidable by closing your drapes.
__________________
Choose your government: the majority ruling the minority, the minority ruling the majority, or everyone ruling themselves long as they do not initiate force, fraud, or theft against one another.
Anenome is offline   Reply With Quote
Old 03-08-2015, 08:53 PM   #13
brandonjclark
Evil Dead
 
brandonjclark's Avatar
 
Join Date: Dec 2007
Posts: 10,914
Quote:
Originally Posted by Anenome View Post
Show me actual physical damage and I'll recant. Till then, enjoy your shock.

DDOS as far as I'm concerned is about as damaging as your neighbor walking around nude on his property. It's a nuisance that harms you only indirectly, that's easily avoidable by closing your drapes.
Dude, come on man.

I also work in IT and support customer facing portals. How, do tell, would you charge a penny to connect if the website was down due to a denial of service attack?

You can't charge for the initial connection. Certificates, which is what I believe you are really looking to as an answer, are not the answer.

A DDOS attack brings down the server by overloading it with requests. Anything that happens after the connection attempt is made doesn't matter, because more requests are flooding in, to the point that the server cannot handle it.

Now, Netscaler or F5, sure, they have SOME protection in a Global Server Load Balanced setup, but you're still pretty much screwed.

There really is no magic bullet to this. Yet. Maybe ever.
__________________
~B$
Gamertag: legisilverback | Steam Nickname: brandonjclark
...playing Rebel Galaxy
brandonjclark is offline   Reply With Quote
Old 03-08-2015, 09:51 PM   #14
Atticus XI
Peon
 
Join Date: Mar 2010
Location: New England
Posts: 8
Damages don't have to be literal, physical, etc. Argue theory all you want, but business interruption claims (it's not called "lost business" - lost profit/revenue is what you claim in damages) do exist, can be proven, and can result in actual monetary recovery.

Here's the reality - Sony can get a judgment all day, but they'll rarely see a dime from these guys because, possibly, they're international, have no money/assets (are judgment proof), etc. Unless it's a deep-pocketed competitor attacking them, which is doubtful, all Sony would end up with is a paper judgment with no actual value. IMHO, the best way to go after these guys is criminally, but you still may have jurisdictional issues.

It's a goddamned mess. But, you should "recant" because this is how it works in an actual case. It's real law, which I practice.
Atticus XI is offline   Reply With Quote
Old 03-08-2015, 10:07 PM   #15
ElektroDragon
Evil Dead
 
ElektroDragon's Avatar
 
Join Date: Feb 2007
Location: Seattle area
Posts: 10,862
Quote:
Originally Posted by Anenome View Post
Generally one can't be liable for theoretical losses. You can claim lost business based on what you'd sell on average, but you can't prove that's what you'd actually sell.
Holy crap, thank the gods you're not a legislator or judge.
__________________
Proud to be perma-banned 5 times on NeoGAF.
ElektroDragon is offline   Reply With Quote
Old 03-08-2015, 11:09 PM   #16
Anenome
Autarchist
 
Anenome's Avatar
 
Join Date: May 2007
Location: Recursion City
Posts: 49,889
Blog Entries: 62
Quote:
Originally Posted by Atticus XI View Post

It's a goddamned mess. But, you should "recant" because this is how it works in an actual case. It's real law, which I practice.
Lots of law is bad law, I don't respect it merely because it's law, I respect good legal/ethical reasoning, which firstly goes back to a theory of damage.

It's not like I think DDOS is a good thing, and I recognize very real monetary losses, what I'm looking for, thus far unsuccessfully, is a good legal theory of online damage without problems.

I can cause a business incredible losses by producing a better, cheaper product than they do, for instance. Financial loss alone doesn't mean anything necessarily. Loss has to be paired with a property violation.

And on the net, property boundaries are not well defined at all.

If I hired a crowd of fake customers to come to your store, walk in the front door, look around, take up your time asking questions, but never buying anything, meanwhile you can't get any legitimate customers in because of the maximum occupancy. I have DDOS'd your business. Would this be something to be criminally punished?

No. At best you could kick those customers out and bar entry to them from then on. I could not be charged with anything for so hiring them. This is mere nuisance, there is no property violation.

You are allowing them into your property in hopes of a sale, but you're not asking them up front if they will buy, or if I hired them, etc.

Similarly, it's possible to accidentally DDOS a site just by trying to access it when lots of other people are too, and refreshing the page too often. Should that be illegal now too? It costs you customers just the same.

And suppose you only have one server but five million legitimate customers per second--they are DDOSing your site trying to get to it, so now they're all breaking the law apparently, eh?

But that same 5 million wouldn't be DDOSing you if you simply had more capacity. So there's a case where whether something is DDOS or not is dependent on how much capacity the business itself has.

Have you ever heard of another category of crime that depends on the state of your customer? I haven't.

Theft is always theft, whether the person stolen from has more or less money. Murder is always murder whether the person was in better or worse health. How can DDOS be a crime when whether it happens or not depends entirely on the networking capacity of the business?

The exact same attack that would take down a random website would be absorbed by, say, www.google.com without even a hiccup. So is it still damage even when the DDOS fails to take down the site?
__________________
Choose your government: the majority ruling the minority, the minority ruling the majority, or everyone ruling themselves long as they do not initiate force, fraud, or theft against one another.
Anenome is offline   Reply With Quote
Old 03-08-2015, 11:36 PM   #17
blackzc
Evil Dead
 
blackzc's Avatar
 
Join Date: Nov 2005
Location: I am boot, hear me win!
Posts: 7,084
I think what Anemone is saying is that companies, going back to the beginning of the internet have hedged far to much on a system that is open, should stay open, and should have, (from the start) developed a way of completing secure connections instead of looking for the government to do the job for them by making Ddos attacks illegal.

Sounds legit to me.
__________________
Nintendo: A guiding light in a sea of video game degeneracy
blackzc is offline   Reply With Quote
Old 03-09-2015, 12:05 AM   #18
Anenome
Autarchist
 
Anenome's Avatar
 
Join Date: May 2007
Location: Recursion City
Posts: 49,889
Blog Entries: 62
Quote:
Despite what others are saying, yes you can [defeat a DDOS].

Many major corporates have very effective solutions, and even the recent Spamhaus battle, which used DNS DDoS at a scale that hasn't been seen previously was covered rapidly once CloudFlare were brought on board.

The solutions I have tested are very effective at transferring DDoS traffic, even when it is a mirror of real, valid traffic. For some of these tests, cutover was sub-millisecond and had almost no measurable effect on legitimate traffic.

These work by dynamic rerouting protocols, and in principle could work anywhere. The reason they are only used by large corporates is they cost a lot.

A sensible fix is for all ISPs is to fleet outbound traffic and share filter lists-this could prevent DDoS attacks entirely. It would just require users and companies to demand it off their ISPs and move from any who didn't provide this service. Eventually any ISP that didn't provide it would just be blacklisted.
Perhaps we need more cooperation. Botnets are used to DDOS multiple targets because the targets aren't publicly blacklisting IPs of botnets. Thus botnet can attack X and then Y the next day.

If people began sharing botnet blacklists, then there'd be much less incentive to create botnets in the first place, since each IP could only be used effectively once.

Ultimately my point is that you need a technological solution to botnets/DDOS, not throwing people in jail.

Quote:

There are in principle ways to stop a DDOS:

The simplest way is to just throw more resources at it. Good luck trying to take down amazon.com or google.com. Combine a round-robin DNS entry with tons of cloud servers and it get's really hard to DDOS you.

Not everyone can afford such immense resources, but that's what services like CloudFlare are for. If you become their customer, they provide the resources (proxies, bandwidth), and as soon as you need it, allocate it to you. It's like an insurance, a lot of people share the investment, and you benefit from it when needed.

DDOS traffic often is distinguishable from legitimate traffic.:
For example, if it comes in as HTTP requests, you could temporarily block port 80, but your HTTPS and email servers would still be reachable. Of course this means a partial shutdown, but better than a complete loss of services.
This is just hearsay, but I've been told that there are specialized switches that can do deep packet inspection with incredible bandwidth, by using FPGAs. They can be used to filter HTTP requests that don't have a proper User-Agent, or TCP packets that look suspicious.

Last but not least, a lot more could be done with cooperation from your ISP, or the backbone providers. If the attack is geographically concentrated, temporarily stop routing data from that region to your servers. I assume these kind of strategies will have to be used more widely in future.

__________________
Choose your government: the majority ruling the minority, the minority ruling the majority, or everyone ruling themselves long as they do not initiate force, fraud, or theft against one another.
Anenome is offline   Reply With Quote
Old 03-09-2015, 04:40 AM   #19
Terran
Evil Dead
 
Terran's Avatar
 
Join Date: Jan 2008
Posts: 13,886
Quote:
Originally Posted by Anenome View Post
DDOS doesn't cause physical damage. This is indisputable.
You're completely wrong. This is indisputable.

A DDoS attack can shut down a network, and there are PHYSICAL repurcussions in our increasingly connected world to VIRTUAL attacks, including power interruptions that can in fact kill people (a PHYSICAL DAMAGE) whose existence depends upon externally-powered devices.

Honestly, how anyone takes your ideas seriously I don't know, considering how little effect they even have upon your own life and how often you contradict yourself and/or ignore your own pronouncements...
__________________
Quote:
Originally Posted by Eats View Post
"...boys lining up outside a room to take a turn gang raping a woman?...I went to frat parties where shit like this was going down
Quote:
Originally Posted by Eats View Post
I certainly went to frat parties where girls were getting roofied
Terran is offline   Reply With Quote
Old 03-09-2015, 05:27 AM   #20
shadow763
Lord of Woe
 
shadow763's Avatar
 
Join Date: Nov 2006
Location: Minnesota
Posts: 4,425
Glad to see Anenome is still keeping this thread crazy.
shadow763 is offline   Reply With Quote
Reply

Tags
psn, sony

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 01:15 PM.