Hackers booting people off of Xbox Live

by Justin McElroy on Feb 20th 2009 9:31AM

Denial-of-service attacks are nothing new on the web, but the BBC reports that it's becoming an increasingly large problem on Xbox Live, where hackers are using the attacks to kick other players out of games. Not to get too technical, but the DoS attack basically works like this: Angry data takes your pipes from fat to skinny, so the pictures of aliens getting shot and the sounds of guns firing at said aliens can't get through them. Confusing for the common man, we know, but that's why we went to blogging college.

Microsoft says that it's investigating the attacks. Have any of you been victims?

Source

Tags: hackers, microsoft, Xbox-360, xbox-live

Reader Comments (109)

Pipes? No. Tubes.

"It's allll pipes! What's the difference?!"

The internet is not a truck!

And you guys pay for that service? Man, I'd be raising a fuss. I'm a PSN boy and not once have I ever had a problem that wasn't related to my own home network.

PSN WANTS to be the bastard step child of XBL

Seriously though, I have all current gen systems and PSN does not hold a candle to XBL.

I'd pay 50 a year for a quality PSN setup.

You would raise a fuss because a service you pay for is tampered with by an outsider? Geez, talk about grumpy...

Oh, and yes folks, that is sarcasm. We cannot expect Captain Sarcasm to bail us out every time "they just don't get it".

:P

at the very least gamers who have been denied service by hackers should get some kind of compensation like 100 MS points or a government bailout.

@ soulblade.
Funniest thing I've heard all day!

It's funny how quickly the Xbox fanatics jump on anything negative you say about their precious console and service. My intentions were not to bash it, but to compare the two on this particular subject and state my opinion were I an XBL subscriber.

Fact is, if it's a paid service, MS should have the money to develop the tools to make the network more secure from this sort of thing. I mean, you don't see WoW getting DDoS'd, do you?

I've seen a WoW player get DoS'ed, yeah. I've also seen websites get DoS'ed. I've even seen some poor little old lady in a farming town get DoS'ed. I shit you not.

Cuso, you don't use XBL so you have no idea what you are comparing to PSN. I have and use both and XBL is simply better - get over it. Both work well, but XBL offers more, which many people are willing to pay for.

Now, lets see how many people really have had this happen to them before you start the $50 a year is a ripoff bs.

Try not coming off like a sanctimonious, trolling fanboy, and perhaps people will engage in a discussion with your rather than jumping down your throat.

Oh cuso...
It is not what you said, it is how you said it, you and Mr. Rabot should attend my seminar. Its called G T F O, which stands for Great Trolls F*ck Opinions. I will basically cover how to express oneself without coming across as an empty condom.

Neverary 31rst @ Madison Square Garden: 8am - 8:05am.

CALL TICKETMASTERZz!

I'm comparing my lack of getting DoS'd on PSN to people getting DoS'd on XBL - is it that hard to comprehend? Yes, we don't know the numbers, but the fact is there's a story on this while there is not one on PSN, so I'm working with the facts I have.

It's Friday people, relax!

"..is it that hard to comprehend?"
Y yes it iz, cus I not b smart likes yu iz.

Don't be such a tool. If you think a handfull of jackasses using a DoS attack outweighs the benefits of XBL to the people that use it, then you are having the comprehension problem.

You were doing the typical PS fanboy bit of talking smack about paying for XBL and I am pointing out that you can't talk about a service that you don't use because you can't compare the ups and downs of them and have an advised opinion. I, and many others here, use both and DoS attack possibility or not - it's a better service.

As a multitude of people have already expressed. This is not a platform specific problem, this is an issue related to your home network connection. The only people that can help you stop a DoS attack is your ISP, and I have my doubts they are going to listen to you if you call up bitching about your online game experience.

The reason you're hearing about DoS attacks on XBL players and not anyone else is probably because XBL players are a more attractive target than, say, WoW players or LBP players, what with all of the stat tracking, racism, homophobia, etc.

That article about the age demographics dominated by the different consoles probably explains a lot of this.

@aggrazel

most games use peer-to-peer connections, Xbox Live simply provides the matchmatching

And besides, (lets just get out of the way that I have both consoles and like them both, so I don't have any fanboy allegiance) but maybe no one is reporting being the victim of DoS attacks on PS3 because there is a sizable difference in player base. I don't care how Sony spins the numbers, the number of actual people playing games has GOT to be much lower.

PSN is garbage. It's a big reason why I buy multi-platform games on the 360 instead of the PS3 (I also like the 360's controller more, but that is beside the point). Considering that I paid 70 dollars for 26 months of Xbox live (Basically 35 a year with 2 extra months thrown in) it is a no brainer.

I would gladly pay 30+ a year for PSN to just work like XBL does.

Yeah, agreed. You can't compare the two if you don't have both. I do, and I'm happy to pay for Live since, you know, it works. And also there's way more people online.

Home, imho, was a nice idea but does not come close.

Once more eNrique has to come in as the raging ass with his comment. I guarantee you that in comparison between the two of us, I am a f*cking genius.

Now, once again, look at the problem being discussed before you act up. DoS attacks are not themselves linked into the service. So if its part of your complaint about XBL you are simply wrong.

I respect your needs and wants with a consoles online service but thespecific features you wave off as not needed, i consider an inconvenience like not having a cell phone in this day and age...

Just saying

If Live's servers were getting DoS'ed, everyone would drop off every single time someone got DoS'ed, but that isn't the case.

Therefore, you, eNrique, are a colossal moron who has no idea what he is talking about.

Again, there is no need to hack any server to obtain an IP address. XBL games are peer-to-peer, meaning all of the players are directly connected to one another, so all you need to see the IP addresses of everyone in the current game is to use a tool like Wireshark to look at the packets being sent and received by the 360.

The IP addresses of the sender and receiver are contained in every single packet. That is how TCP/IP works. Knowing this, it is ridiculously easy to get the IP of anyone who ever establishes any sort of connection with you, even over XBL.

There is little Microsoft could do to protect Live users. There is little Sony could do to protect PSN users. There is little Valve could do to protect Steam users. A DoS attack is a direct attack against YOU. Your best bet is to report a DoS incident to your ISP and ask them for help.

So, now, what was I supposed to get?

Don't be so quick to jump down my throat next time.

You all have it way wrong. WFC FTW
/me facepalm

I second that Cuso - WTF with charging for Ecksbawks live when it's open to interference from angry nerds???

That's really not acceptable for a paid for service!

DoS attacks are everyone's problem. PSN, Steam, etc. are all just as susceptible, because it completely shuts you off from the Internet.

On a free service, it would be acceptable, but when you pay for a service you would expect them to spend some of that money preventing things like this, No?

If this happened and it took a week to get back online do you thing Microshaft would refund a weeks worth of subscription? I very much doubt it.

You pay for your internet, and you're still open to DoS attacks. In fact, you're likely more open to them than any of the big companies such as Sony or Microsoft. At least they have technicians that can fix it, while you only have yourself. And you still pay for the internet.

Yet it's perfectly acceptable to pay your ISP for a service that is exactly as vulnerable.

How exactly are MS supposed to prevent it again? If the games use any peer-to-peer communication, then your IP address can be determined. That - well, that and preferably a zombie botnet, or else just a fast connection - is all a 'hacker' needs to DoS your ass.

If the games are strictly client-server [where the server is controlled by MS] then it should be preventable - there may be issues where IP addresses are revealed in the protocol. I'm guessing they are not, though.

Look to your ISP for possible filtering or other protection against DoS attacks, but it's a hard problem to solve.

Your right to an extent yet it seems with your witty wordplay, your focus is on "MS and paying" overall. Paid for or not, you are underestimating the abilities of a hacker. Whether your service is free, or generates billions the same thing can happen.

Its a DoS (most likely DDoS) attack sir. There is little they can really do to prevent it. Anything online based (including Joystiq!) can do little to prevent it other than to close off the connections

Golly. My apologies for getting in so late =p

If you're so worried about getting DoS'ed, call your ISP and ask them to deny all inbound traffic to you. That'll stop those damn hackers!

You know, as i get used to seeing brave men and women fight in the "console wars", i wonder...
Do you really expect to be taken seriously when words such as: "Ecksbawks, Piece of Shit 3, Microshaft " etc. are used in your opinions? Its a double edged razor because with out you there would be nothing to vote down, no one to ridicule. With that said i would to thank you Mr. Rabot.

Thanks for being here.

So how do these 'Hackers' (incorrect term btw, the correct term is 'asshats') figure out the target's IP address? I guess I always assumed that my XBLA packets went to some server at Microsoft and then was sent from there to whoever I was playing online with. In that case, I shouldn't be making a direct connection to another xbox, therefore packet sniffing shouldn't reveal anything but microsoft's server. But I guess I was wrong.

oops, replied to wrong post.
@aggrazel

most games use Peer-to-peer connections, Xbox Live only provides the matchmaking.

To obtain an IP, you can use a number of tactics. The most covert (and complicated) one is to sniff the connection for XBL traffic and use that to determine which IP belongs to which player. Of course, some people will gladly just tell you their IP address.

And as xenocidic said, XBL games are peer-to-peer, meaning you're connected directly to the other players and not to a central server. Microsoft's servers do the matchmaking, stat tracking, etc.

Lots of good info on this here:
http://blog.spywareguide.com/2009/02/hackers-use-diy-botnets-to-ddo.html

Since the connections are P2P, I imagine Wireshark on a hub with the 360 would be able to pick up the IP of the host. Then, DDoS with a botnet. Simple. I imagine the system is susceptible to a PoD attack as well.

We have this happen a countless number of times in online competitions.

Friends of friends that i know of through Live can do it. It's great when there is some guy acting like a total-pardon the French-fuckwad during a match of Gears of War 2 and suddenly he isn't on Live anymore.

I like how they describe a definite increase....I mean 2 people complaining about it compared to nobody complaining about it is a definite increase....still means sod all in the grand scheme of things.

"off of"

?

Incorrect grammar is acceptable, nay, expected, from those commenting, but shape up, Justin McElroy!

Justin? Shape up? Bwahahahahaaaa! Surely you jest!!!

I keed, JMac ;)

FLAMING!!!!!!!!!!!!!

Lol the bottom line is that we live in an age where people HACK things. It doesn't matter if I pay for Live. That doesn't guarantee that it won't get hacked you stupid sony fanboys.

Did you really "lol"?

I work at an ISP. I've never been DoSed myself, but I've seen it happen to someone else while monitoring traffic for problems. All I did was contact the loser's ISP with a log of the DoS, and they removed his account. Apparently he had gotten a few other complaints.

If you're savvy enough to at least get the offender's IP address, don't hesitate to contact your ISP. They may be able to help you out.

| 1 | 2 | 3 | Most Recent | Next 50 Comments

Sorry, you must be logged in to leave a comment.

Breaking News

The most popular posts
in the last 7 days

Vita 'UMD Passport' won't be offered in US 218 comments
Kingdoms of Amalur: Reckoning review: A tempting fate 152 comments
David Jaffe leaves Eat Sleep Play, layoffs hit developer [Update] 107 comments
Don't call it a remake: Final Fantasy X is a 'remaster,' to be clear 95 comments
Battleship movie adapted into FPS by Double Helix 93 comments

Hackers booting people off of Xbox Live

Reader Comments (109)

Posted: Feb 20th 2009 9:33AM darkinchworm said

Posted: Feb 20th 2009 9:52AM MLS said

Posted: Feb 20th 2009 10:18AM (Unverified) said

Posted: Feb 20th 2009 9:35AM Araman said

Posted: Feb 20th 2009 9:42AM (Unverified) said

Posted: Feb 20th 2009 9:43AM Negatron said

Posted: Feb 20th 2009 9:49AM SoulBlade said

Posted: Feb 20th 2009 9:54AM (Unverified) said

Posted: Feb 20th 2009 10:00AM Araman said

Posted: Feb 20th 2009 10:04AM Zertoss said

Posted: Feb 20th 2009 10:18AM Duke said

Posted: Feb 20th 2009 10:19AM Courtney said

Posted: Feb 20th 2009 10:20AM Negatron said

Posted: Feb 20th 2009 10:21AM Araman said

Posted: Feb 20th 2009 10:29AM Duke said

Posted: Feb 20th 2009 10:30AM hfm said

Posted: Feb 20th 2009 10:38AM Zertoss said

Posted: Feb 20th 2009 10:39AM xenocidic said

Posted: Feb 20th 2009 10:39AM hfm said

Posted: Feb 20th 2009 11:23AM BananaBoat said

Posted: Feb 20th 2009 12:59PM jumpshot said

Posted: Feb 20th 2009 1:45PM Duke said

Posted: Feb 20th 2009 2:11PM Negatron said

Posted: Feb 20th 2009 2:39PM Zertoss said

Posted: Feb 20th 2009 3:20PM Zertoss said

Posted: Feb 20th 2009 4:28PM Duke said

Posted: Feb 20th 2009 11:12PM Fraggy4 said

Posted: Feb 20th 2009 9:41AM (Unverified) said

Posted: Feb 20th 2009 9:44AM Zertoss said

Posted: Feb 20th 2009 9:50AM (Unverified) said

Posted: Feb 20th 2009 9:55AM (Unverified) said

Posted: Feb 20th 2009 9:56AM Zertoss said

Posted: Feb 20th 2009 9:57AM xxxsam said

Posted: Feb 20th 2009 10:00AM Negatron said

Posted: Feb 20th 2009 10:06AM Premature ejaculation man said

Posted: Feb 20th 2009 10:07AM Premature ejaculation man said

Posted: Feb 20th 2009 10:09AM Zertoss said

Posted: Feb 20th 2009 10:10AM Negatron said

Posted: Feb 20th 2009 10:37AM (Unverified) said

Posted: Feb 20th 2009 10:43AM xenocidic said

Posted: Feb 20th 2009 10:52AM Zertoss said

Posted: Feb 20th 2009 10:59AM vidguy said

Posted: Feb 20th 2009 9:43AM (Unverified) said

Posted: Feb 20th 2009 9:43AM Mognet T said

Posted: Feb 20th 2009 9:45AM (Unverified) said

Posted: Feb 20th 2009 9:46AM (Unverified) said

Posted: Feb 20th 2009 9:51AM xFenixKnightx said

Posted: Feb 20th 2009 9:47AM (Unverified) said

Posted: Feb 20th 2009 10:17AM (Unverified) said

Posted: Feb 20th 2009 9:53AM Zertoss said

Info

Description

MSRP

Release Date

Genre

Developer

Publisher

Rating

Breaking News

Double Fine Kickstarter passes $1 million in under 24 hours, breaking yet another record

Featured Stories

Ghost Recon: Future Soldier brings information warfare to the front

Rhythm Heaven Fever review: Crazy into you

Remedy not done with Alan Wake

The most popular postsin the last 7 days

Engadget

TUAW

Massively

WoW

The most popular posts
in the last 7 days