• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

Aftermath of DDoS: State of the Servers Part Deux..

Status
Not open for further replies.

Tikki

New Member
I'm guessing someone spoofed CC2 and Sake's IP's if those really are theirs, it's not that hard to spoof, particularly when it comes to college campuses. Why do I think it's a spoof? CC2 and Sake are not stupid, I'm pretty sure if they *DID* do a DDoS, we wouldn't find their IP in the server logs. (And I'm not saying they did, I'm just stating that they're technical enough to do it)

Someone used those IP's on purpose.

No one besides 4chan and the like would bother to spoof THAT particular IP, because you know they love to cause drama. They also enjoy raiding Vent and our servers in general.

This.

Also http://en.wikipedia.org/wiki/IP_address_spoofing

You see, IPs can lie, don't try to tell yourself or anyone else otherwise. But as the article states, there are ways to protect yourself from it. If any if this is applicable in this case? I have no idea!
 

nobuyuki

Member
I love the smell of drama in the morning.

And now back to your regularly scheduled gaming sessions
 

Loarx12

New Member
very odd from what i under stand is that cc2 owns a number of tf2 furry servers, i have also noticed a very slight tension between the furs who play regurlay on cc's servers they seem to dislike the TFP i get that this isnt some thing i should worry about but TFP is some thing that i would get my hands dirty for. is it possable that cc wants to be the only one with tf2 fur servers. this is almost like the 360 version of tf2 with all the clans fighting over who discoverd glitchs and the dev consle... I will stand by the TFP, you guys have my support and services.
 

Vandell

NOT A RACCOON
My problem with this whole thing is that, of course, you guys point to the most convoluted, drama-induced reasoning possible, rather than thinking that coincidences happen and, in all likelihood, some #chan trolls or something else decided to run some script-kiddy programs (at the very least), or an experienced griefer spoofed some IPs (at the very most). I mean, Cc2's servers were attacked as well. What person, in any state of mind, would make a knee-jerk reaction to attack another server in response? For no reason? At the exact same time?

"My servers, they are being lagged to death! RAAAR, THIS MUST BE THE WORK OF THE FURRY POUND!! COUNTERATTACK!!" There is some major disconnect in the flow of logic. You'd have to be messed up to come to this kind of immediate conclusion. Cc2, while a dick, is anything but passionate, fiery and/or spiteful. There would be nothing to gain from this, even if his IPs weren't traced. It's not like a single DDOS attack would make everyone suddenly run from The Furry Pound and back to Cc2's servers.

Grow up and stop pointing so many fingers. :/
 

Slayth

Rawr
*after eating his bowl of popcorn he finally speaks*

I'm just gonna say what I have to say and move on.

I don't personally care who DDoS'd who, who did this, who did what anymore. All I know there is a bunch of furs here that are trying to fight this like a case. Yes, DDoS'ing is illegal I understand that, but why don't we just move on? Even if CC2 and Sake wanted to DDoS, they wouldn't leave the trails behind like someone did.

*skip this part, 4chan /b/ inc*

4chan's /b/ HATES furries. I see furry hate threads ALL the time on there. To whoever said 4chan kids most likely couldn't do this, they hacked youtube, a MAC website, and have crashed many servers before, so you are saying they can't DDoS and leave breadcrumbs to a pair of innocent furs? You guys might have known Boxxy on youtube (I didn't care for her personally), but her account was hacked by someone on /b/, and the person posted a screenshot, etc yadayadayada, deleted all her videos, and put one up about how they were tired of her shit and what affect it had on /b/.

tl;dr Just quit arguing, move on
 

Miriafox

New Member
My problem with this whole thing is that, of course, you guys point to the most convoluted, drama-induced reasoning possible, rather than thinking that coincidences happen and, in all likelihood, some #chan trolls or something else decided to run some script-kiddy programs (at the very least), or an experienced griefer spoofed some IPs (at the very most). I mean, Cc2's servers were attacked as well. What person, in any state of mind, would make a knee-jerk reaction to attack another server in response? For no reason? At the exact same time?

"My servers, they are being lagged to death! RAAAR, THIS MUST BE THE WORK OF THE FURRY POUND!! COUNTERATTACK!!" There is some major disconnect in the flow of logic. You'd have to be messed up to come to this kind of immediate conclusion. Cc2, while a dick, is anything but passionate, fiery and/or spiteful. There would be nothing to gain from this, even if his IPs weren't traced. It's not like a single DDOS attack would make everyone suddenly run from The Furry Pound and back to Cc2's servers.

Grow up and stop pointing so many fingers. :/
This.
I used to play regularly on Cc2's, and I spent a lot of time in the ventrillo, and Cc2 hates raiding and DDoS attacks with a passion (the servers have been attacked by /b/ and /v/ several times, way before most other furry communities/servers existed). He and Sake may be dicks, but they're not the kind of dicks that would do that, especially after suffering so much grief and annoyance with attacks that did way more damage then slowing a server down off peak times (the forum was wiped and the website taken down at least once).

Occam's Razor. Which makes more sense? Cc2's DDoS' their OWN server at the same time as TFP in a thinly veiled attempt to make people come to their community, or 4chan, which has done this for ages to most furry websites, including FA, and has people who frequent furry websites and know about the drama, did the attack? Seriously, college just started back up, most of their user base is back in the saddle. I think the answer is obvious.

The immediate finger pointing was kinda childishly lame, though.
 

Kesteh

Twenty
ITT: People jump in and add networking 101 "detail" without knowing what it actually is.

Because we all know that drawing out something over more places than intended (this topic for example) is a way to "drop it".


If the raid was done by 4chan or anyone related, you're likely to see an ED article reverted edit of some newfag trying to record the deed for generations to come.
 
Last edited:

Slayth

Rawr
This.
I used to play regularly on Cc2's, and I spent a lot of time in the ventrillo, and Cc2 hates raiding and DDoS attacks with a passion (the servers have been attacked by /b/ and /v/ several times, way before most other furry communities/servers existed). He and Sake may be dicks, but they're not the kind of dicks that would do that, especially after suffering so much grief and annoyance with attacks that did way more damage then slowing a server down off peak times (the forum was wiped and the website taken down at least once).

Occam's Razor. Which makes more sense? Cc2's DDoS' their OWN server at the same time as TFP in a thinly veiled attempt to make people come to their community, or 4chan, which has done this for ages to most furry websites, including FA, and has people who frequent furry websites and know about the drama, did the attack? Seriously, college just started back up, most of their user base is back in the saddle. I think the answer is obvious.

The immediate finger pointing was kinda childishly lame, though.

I sir, tip my hat at you
 

Slayth

Rawr
ITT: People jump in and add networking 101 "detail" without knowing what it actually is.


Because we all know that drawing out something over more places than intended (this topic for example) is a way to "drop it".


If the raid was done by 4chan or anyone related, you're likely to see an ED article reverted edit of some newfag trying to record the deed for generations to come.


notice at the end it says "We all lose"? I didn't mean read the article under it, I just wanted you guys to look at the comic, because it doesen't have just CC's side ^^
 

Runefox

Kitsune of the PC Master Race
In response to everyone who keeps posting the same thing over and over again, while what I think doesn't matter any more than what you think in this issue (Read: None / OH MY GOD MY OPINION DOESN'T MATTER?!) the evidence points a certain way, and I find it highly unlikely that a *chan group managed to locate and forge that specific IP address. So, I'm finding it much easier to relate to the TFP side of this whole mess. I mean, if that's what happened, I should probably go out and buy a lotto ticket.

There hasn't really been anything to refute what's been brought to the table except the whole "MAYBE *CHAN DID IT HUH" thing (which without any specific activity from a *chan is a cop-out), and the actions and reactions of the CC2 camp seem to be extremely weird (and I should mention that a good number of them have signed up specifically to troll/flame here). And again - I would like to point out that I would be happy to defend CC2 if the evidence here could convince me of that. Unlike most of the people posting in this topic, I don't particularly have an axe to grind.
 

Miriafox

New Member
ITT: People jump in and add networking 101 "detail" without knowing what it actually is.


Because we all know that drawing out something over more places than intended (this topic for example) is a way to "drop it".


If the raid was done by 4chan or anyone related, you're likely to see an ED article reverted edit of some newfag trying to record the deed for generations to come.

Eh, not really. The /v/ raid done on Cc2's isn't mentioned or acknowledged anywhere I know of. It wasn't very successful, but it did happen. You just come to sort of expect the shit nowadays, wait till they get bored, then move on.
 

Animalous

Banned
Banned
There hasn't really been anything to refute what's been brought to the table except the whole "MAYBE *CHAN DID IT HUH" thing (which without any specific activity from a *chan is a cop-out), and the actions and reactions of the CC2 camp seem to be extremely weird (and I should mention that a good number of them have signed up specifically to troll/flame here). And again - I would like to point out that I would be happy to defend CC2 if the evidence here could convince me of that. Unlike most of the people posting in this topic, I don't particularly have an axe to grind.

Heh, well when pressing for proof, I found TFP lacked anything near a link between Cc's IP and the raid. While there was an IP address that originated in Chicago Illinois, Cc2 does not even live in the city. The IP's listed in the post vary greatly from the IPs in the screenshot. While I don't want to start conspiracy, members of TFP and Dragoneer seem to spite Cc2, and it seems just as likely to me that this raid was just a well-placed convenience for the two parties to blame Cc2 and gain support by merging with the monopoly of a furry art hub. As you have seen, Cc2 has shown very little interest in making accusations towards "rival" server communities because he doesn't care. Whether or not TFP or any other furry server is affecting his community population is irrelevant because the community is still growing and any attempts to stop the growth of the community, whether it be in the form of accusations or raids have all been halted and the same goes for this incident. TFP made the mistake of reacting dramatically to the attacks and just fueled the raid. Cc2 quickly hindered any attempts to spam the servers, cleared the forums of vulgar spam posted by one, "JESUS_CHRIST" and mocked the same trouble maker in ventrilo by disabling guest permissions to the point that the only thing the raider could do was sit in silence and constantly change his name as everyone got a good laugh.

Just because TFP decided to post on an already hazy forum with the support of a -very- biased administrator does not mean the contrary proof isn't there. You simply aren't interested in looking.
 
Last edited:

Jacob Blakk

is better than you.
Jesus people, no one spoofed CCs IP. Hes already said he monitors the server with HLSW, if you look into a non-DDoSed servers (or even the servers going right now) that hes watching you'd likely see his IP just as many times.

What everyone should be more concerned about is the fact the head admin of this site doesn't seem to mind stepping around his own ToS to make his friends look better.

Copy/paste fron Nidhoggs comic page:

In section Account Privacy - Data Collection, it clearly states that FA "does not engage in active data collection of its users" and "will not be resold and/or distributed to external organizations."

I don't give a shit how affilated they are, they are still an external organization. Even when you put the FA name on them, 'Neer said himself they will still be a seperate group. The ToS doesn't say "data except IP addresses", data is data and he went against his own rules. And even *IF* the ToS covered that, that doesn't even touch the fact it was posted publicly.

Guess I should change what I have on FA just incase 'Neer gets pissed at me. Good way to mod a site.
 
Last edited:

Adrianfolf

Member
Heh, well when pressing for proof, I found TFP lacked anything near a link between Cc's IP and the raid. While there was an IP address that originated in Chicago Illinois, Cc2 does not even live in the city. The IP's listed in the post vary greatly from the IPs in the screenshot. While I don't want to start conspiracy, members of TFP and Dragoneer seem to spite Cc2, and it seems just as likley to me that this raid was just a well-placed convenience for the two parties to blame Cc2 and gain support by merging with the monopoly of a furry art hub. As you have seen, Cc2 has shown very little interest in making accusations towards "rival" server communities because he doesn't care. Whether or not TFP or any other furry server is affecting his community population is irrelevant because the community is still growing and any attempts to stop the growth of the community, whether it be in the form of accusations or raids have all been halted and the same goes for this incedent. TFP made the mistake of reacting dramatically to the attacks and just fueled the raid. Cc2 quickly hindered any attempts to spam the servers, cleared the forums of vulgar spam posted by one, "JESUS_CHRIST" and mocked the same trouble maker in ventrilo by disabling guest permissions to the point that the only thing the raider could do was sit in silence and constantly change his name as everyone got a good laugh.

Just because TFP decided to post on an already hazy forum with the supporty of a -very- biased administrator does not mean the contrary proof isn't there. You simply aren't interested in looking.

I agree with you. I'm being not biased I have played on TFP server its nice in quility but yeah. Its done and over with even TFP's admins said it so what ever Runefox or anyone else says is now irrelvent. (Please forgive my crappy spelling I never was good)
 
Last edited:

Vandell

NOT A RACCOON
In response to everyone who keeps posting the same thing over and over again, while what I think doesn't matter any more than what you think in this issue (Read: None / OH MY GOD MY OPINION DOESN'T MATTER?!) the evidence points a certain way, and I find it highly unlikely that a *chan group managed to locate and forge that specific IP address. So, I'm finding it much easier to relate to the TFP side of this whole mess. I mean, if that's what happened, I should probably go out and buy a lotto ticket.

There hasn't really been anything to refute what's been brought to the table except the whole "MAYBE *CHAN DID IT HUH" thing (which without any specific activity from a *chan is a cop-out), and the actions and reactions of the CC2 camp seem to be extremely weird (and I should mention that a good number of them have signed up specifically to troll/flame here). And again - I would like to point out that I would be happy to defend CC2 if the evidence here could convince me of that. Unlike most of the people posting in this topic, I don't particularly have an axe to grind.

Gosh, trying to defend their position is just so darn suspicious!

Of course they're going to make accounts to talk here, because this is where the discussion has led to.
 

Witchiebunny

A bunny who is Witchie
This is our final statement on the matter:

The attack started at about 1 am EST, or Midnight Server time. Server Admin Nikkyvix was messaged about it 15-30 minutes into the attack by Server Admin Ailure, and all Admins online and active were summoned together.[1]

The final packets were recieved at 3:05:45.24745 EST on US #1, and 4:59:13.037554 on US #2. Those IPs that have been confirmed as attacking the server were 76.202.216.119 and 75.57.176.21, of which the former was most active, and the second was least, having been used towards the end of the attack, from 4:59:11.1967500 to 4:59:13.03841500. The servers were attacked twice, with a break approximately an hour long in between the attacks.

Our investigation has revealed exactly how the servers were attacked. (Long version here, see below for the tl;dr version)

The attack used a very specific exploit present in the Source Engine. Datagrams (UDP Packets) with with zero data and 8 bytes in total length are sent via a source port into a server and the server, in turn freezes its network activity.[2]

The data field here is non-existant, and the length field is set to 8 which is just enough to tell the incoming server that the information being sent is a packet, but is also enough for the packet to contain no data.[3]

tl;dr:
The attacking IPs spammed invalid server query packets into the TF2 server, causing it to freeze it's network activity.



Our admin team was able to recreate this attack against both our US and EU servers by creating a java program to send packets containing no information against said servers.


The attack was done by someone with a very good knowledge of how the Source Engine works and the knowledge of an as-yet-unencountered vulnerability in Source. The attack was directed very specifically against our source ports, with the (assumed) single intent of knocking out the Team Fortress 2 Servers. We have reported it to Valve and hope to have a patch out soon, however we hope that Server Owners will be on the lookout for such attacks in the future, and hopefully the info here will help other Server Owners in securing their own servers.

1. Please see "flood.png" attached here.
2. Please see http://en.wikipedia.org/wiki/User_Datagram_Protocol#Packet_structure for technical reference of datagrams
3. Please see http://developer.valvesoftware.com/wiki/Server_Queries to see what proper server query is supposed to look like, or look at the attached image.
 
good luck tracking down the attackers

and hey, look on the upside: the is completely normal game server drama, not furry-specific drama

i still have fond memories of the soap opera that was XWIS

edit: also lol i had no idea TFP was based out of furaffinity, thats what i get for not clicking the game forum
 
Last edited:

kamunt

Justin Bieber Apologist
EDIT: Let's lay this very hideous, fat, ugly whore to sleep now, please. lol @ 24 people viewing this thread.

Then why don't you just leave it alone? Some of us are still working on it, people like you are just watching.

I'm not going to spam this thread with your pointless bickering, so all I'll say is this--butthurt much? :)


Nidhogg hit the nail dead on the head. I laughed so hard when my BF linked me to this.
 
Last edited:

Demowulf

New Member
EDIT: Let's lay this very hideous, fat, ugly whore to sleep now, please. lol @ 24 people viewing this thread.



I'm not going to spam this thread with your pointless bickering, so all I'll say is this--butthurt much? :)



Nidhogg hit the nail dead on the head. I laughed so hard when my BF linked me to this.


I hate you. And I'm pretty sure you can guess who I am. :rolleyes:
 

STrRedWolf

Lazy-ass Drygerskunk
Excuse me while I kill some drama here.

First of all, Nikky did the right thing in saying quite calmly "Yes, we were DDoS'ed, we're investigating it right now and getting things back up." Informing the public first hand is always the right thing to do because you gain good PR out of it. IBM got burned when their Deskstar line started failing and they kept mum about it -- their HD line is now owned by Hitachi. Seagate, on the flip side, actually came out and said "We have firmware problems on our drives, here's a list, we're pushing out new firmware and are offering free recovery services to bricked drives."

List of those Seagate drives here

Second, while folks here were sniping and performing SWAG research (Stupid Wild Ass Guessing), the cause of the problem was found and Witchy posted the reason -- Source engined game servers have a critical bug Valve better patch soon.

Yes. A bug that slipped through QA and Valve didn't patch yet.

If I were the Heavy, I'd say "Babies make too much drama! I thought we were fighting MEN! Whu... What's that sandvich? Kill them all? Ha ha hah... good idea."
 

Runefox

Kitsune of the PC Master Race
Good, thats settled. I believe an apology is in order.
I don't see why anyone should apologize to anyone here. I don't recall anything being cleared up as to who did it, so honestly, in my opinion, there's no need to apologize. I'm glad we have differing opinions, though, because I really like you people who signed up to troll the topic here and cry "FURRY DRAMA OMFG".

Second, while folks here were sniping and performing SWAG research (Stupid Wild Ass Guessing), the cause of the problem was found and Witchy posted the reason -- Source engined game servers have a critical bug Valve better patch soon.
Uh.

Yes. A bug that slipped through QA and Valve didn't patch yet.
So the server was taken down by a bug? That's what you take out of "The attack was done by someone with a very good knowledge of how the Source Engine works and the knowledge of an as-yet-unencountered vulnerability in Source"? I believe that if that's the case, then any attack on any Windows-based PC is caused by a "bug" in Windows and not someone on the other end of a packet stream randomly firing off corrupted server packets and zero-data UDP packets. I'm sorry, but to add to the drama, you really failed pretty bad here.
 

Jacob Blakk

is better than you.
I don't see why anyone should apologize to anyone here. I don't recall anything being cleared up as to who did it, so honestly, in my opinion, there's no need to apologize. I'm glad we have differing opinions, though, because I really like you people who signed up to troll the topic here and cry "FURRY DRAMA OMFG".

At what point in this thread have I ever spoke to you? And what makes you think I was? And if you knew I wasn't, why bother replying to that other then to start more crap? Cut it. I was addressing witchiebunny for spreading crap and not-so-subtly telling everyone "OMG CC2 AND SAKE DDOSED US".

...and do you even know what a troll is?
 
Status
Not open for further replies.
Top