Reality Check
 

If someone is DoS'ing the Login Server (I have been working in the IT world for a decade and this appears like a classic Smurf attack), this is for you.

I am 35 years old, I lost my job as the Internet Sales Manager for a GM dealership back in November. I am now a stay at home dad. After the kids go to sleep and my wife stops complaining about having to be the breadwinner now I just want to log on and play EQ and remember how much fun I had years ago.

Please stop, I am one of hundreds if not thousands during the course of each week lately that are dissapointed when we try to log on.

I am hoping you too can remember the "good ol times".

Think of the rest of us I beg you.

the software needs to be fixed and hew hardware gotten, and it probably is a classic type of an attack probably one that should have been plugged up years ago but this is what happens when no real development is done on software for years at a time for whatever reason vulnerabilities that shouldnt be a problem are a problem

as nice as that would be of whoever is doing it i highly doubt we will ever see that happen it was a good nice gesture to post that but i doubt they care

I have a Cisco and Checkpoint firewall at home. Either of these would and are capable of negating these attacks when properly configured. There are some attacks, however, that need to be stopped at the server level, which usually simply requires updates to the software in order to remove the vulnerability. I would not mind lending some assistance if I were given the required details and access in order to investigate this issue.

note: I am not the be all, end all of knowledge, but I do spend quite a bit of time reading, learning, and of course doing this at work.

I'm pretty sure its not a simple dos attack or a packet attack doing this... I think its something with their server that they launch that crashes it and they do this delibaterly, I could be wrong. I think if it was just a simple firewall issue they would've set that up already.

I'm glad I listened to my wife and put potential donation money into a re-upping my live subscription. This stuff is getting pretty ridiculous.

revised....

i am seriously thinking about going to live as well, as i understand it there will be a new progression server that will stop at luclin

Goshdern_VZ....

I totally feel you man... Though I do not play on any Eqemu server not even my own... I have worked very hard on my server for many many years (7 years this June) ...

Thats 12% of my life... and this is my life... I quit my job to do this full time though I live in a mold infested crap apartment... I am dedicated to my work..

This has had a huge impact on me as well... As it has to probably every server op involved in this project..

When this is over, I promise you... Everything will be vindicated... Doodman and KLS have worked hard to get this stuff working right spending very long hours...

This community will thrive no matter what, and you can take that to the bank..

King Mortenson
www.raidaddicts.org

i dont get it ... is something serious happening?

first i see people posteing about the ls server just being down, nothing new but now this?

soooo ya is something bad going on like a hacker messing things up or what???

Makes me think a little.

If the LS is indeed receiving DoS attacks, surely the culprit(s) can be traced and reported to thier ISP. However, I think they would be savvy enough to hide behind proxy server(s), even then is it not possible to trace to that server and Identfy the owner and report the attacks?

I don't know if the outfits the run these anon proxy servers can be held to account for the traffic that passes through, especailly if that traffic is malicious in intent.

Is this just some random numptie(s), or someone who has an axe to grind, are these recent occurances, or have we had a history of such attacks.

There is no real accounting for some peoples defective mind states that they would derive some perverse pleasure by depriving other a little pleasure with themselves or thier friends.

Just hope an end is put to the nonsence.

just block the ips from the server iptables and the problem is solved cant attack what they cant connect to that will give them time to actually fix the code

I would say possible, but not probable. Until computer users stop running viruses (see Zombie Computer), you can report issues to ISPs and they will usually inform the user of the issue (sometimes disconnecting their service until they can prove they have the virus removed), but with all of the anonymous proxies out there, that all depends on the willingness of the proxy owner to help.

The problem with just blocking the IPs @ the firewall is they start coming from another IP (mostly proxies, but not all of them). Doodman was trying to force 500-series errors to trick the bots into giving up, although I'm not really sure what became of that (I stopped following the IRC logs about a week or so ago).

The issue is the web server was being DoS'd, not the login server (out of 10,000 connections available, ~9,000 of those were from a single IP). That was causing the issues with the main page, forums, etc from being accessed. However, this wasn't really affecting the login server.

The issue with the login server was a buffer overflow exploit (my money's on the user count). Doodman addressed this in the post in the News section, including that a fix has been put in for the issue:

The bottom line is, yes, there are more than likely enhancements that can be made to the existing login server source, but if a more powerful server was in place, it would have been much more likely for it to shrug off the DoS attack, which was the main problem. That's still going to be the biggest bottleneck, not an issue in the software that has already been patched.

Logged in, was having fun.. got hung up zoning and now can't get back in.. Thinking my zoning problem was related to the problem that is also causing the login problem...

I wish Live would implement an old world server.. :(