Utopia Temple
Main Forum Page Register an Account for Free! Calendar Frequently Asked Questions about this Board View New Posts Advanced Search Login
  Utopia Temple Forums > Utopia Discussions > Utopia Discussions

« Previous Thread | Next Thread »
Post New Thread Reply
Author Thread
Posts: 11/23
(03-Mar-2003 at 22:09)
Swirve.com Downtime

Swirve.com Downtime
March 3, 2003

Having read one too many posts from people who do not understand the problem and have done nothing but complain about the downtime being the fault of Mehul and his 'poor' servers; I thought I'd provide some information that will hopefully clear up the misunderstanding that many people appear to have about this situation.

First off, I'll start with some statements regarding the most common complaints or comments made in the forums. Then I will explain, as simply as possible, what is actually going on.

1) The downtime has nothing to do with having good or bad servers and a reboot or game restart will not fix the problem.
2) ‘Getting a firewall’ is not going to solve the issue. Besides which, I would bet that Mehul is sitting behind a good firewall already.
3) Increased bandwidth will not necessarily (and most likely would not) solve this issue.

So what is actually happening? The technical term for it is a DOS or Denial of Service attack. In short, a DOS attack is an attack initiated by one or more individuals against a website(s) with the malicious intent to deny legitimate web traffic access to that website.

There are a number of different types of DOS attacks that are increasingly more and more complicated and difficult to stop. The most basic DOS attack is called a ping or packet storm. A single ping is something that a computer can do to establish that a specific web address exists and is available for communication. Very much like an underwater sonar ping, hence the same name. A packet is like a short message. The ping is, in essence, a small packet asking "Are you there?" The response is either "Yes, I am." or an error because the address could not be reached.

In the case of a simple DOS attack, a different type of information packet is endlessly sent at the target. Simply put, each individual packet has a note attached to it asking "May you and I talk?" The computer responds by saying "Yes" and then proceeds to open a doorway for two computers to communicate. Each request to communicate packet opens a new doorway until all the doors are open and no more doors are available. Any subsequent packets are denied.

This is similar to a telephone switchboard. The operator only has so many lines to deal with incoming phone calls. When too many lines are filled with calls, each subsequent caller gets a busy signal. (Note: This is also what occurs when there are too many players accessing the games.)

Now, these types of attacks can come from a single computer or many different computers across the world. While it is possible that many individual users can collectively make this sort of attack, it is more likely that it is caused by a single user. That user simply utilizes the power of multiple computers that he (or she) has gained control over.

How does he gain control over many computers? Through viruses called Trojans. (Remember the story of Troy and the Trojan horse? That's where the name comes in.) A trojan is a virus that allows a hacker to take control of the infected computer. The level of control depends on the system that is infected.

What can they do with an infected computer? Well, just about anything they set their minds to. Unfortunately, most users of computers infected by Trojans are aware they are infected. This topic is a whole other issue that I won’t get into. Simply put, when a hacker has control of another computer, he or she can almost do what they like with it.

So why can't they just install a firewall to block these 'packets'? While very simple DOS attacks can be blocked or filtered out, unfortunately it's not always possible with more complicated attacks. You see, legitimate web traffic still requires certain doorways (called ports) to be open in order to communicate. You can't just rename or renumber these doorways or you would end up blocking all traffic, including the legitimate traffic. For example, if you blocked port 80, then you would not be able to view websites. If you blocked port 110, you’d never be able to get your email! (Well, at least you wouldn’t get any more spam.)

So why can’t they just trace the attack back to the attacker? Well, this is where the more complicated DOS attacks come in. More complicated attacks are difficult to trace because the attack is designed to look like it’s coming from multiple legitimate websites or Internet Service Providers. In other words, the attacks could be made to appear to be coming from AOL, CNN, Apple or even Microsoft! At first glance, the victim would be wondering what Bill Gates had against him. In reality, Bill would just be an unknowing pawn in the actual attack.

Essentially, what is happening is similar to what would happen if you were to mail thousands of letters to the same address, but instead of your own reply address, you put a thousand different reply addresses on the envelope. The receiver would suddenly wonder why they became so popular!

Every bit of data that comes into a web server is recorded to a log file. So now, to try and trace the source of the attack you need the cooperation of the people managing the computers that appear to be attacking the victim. Generally, those attacks have been bounced again from another source and another source and another source… and so on… when you take into account that the log files will generally record over 1 BILLION incoming packets per day during a more complicated attack, you can see how exponentially difficult it would become to trace the source. It is the proverbial needle in the haystack.

Is there anything that can stop these types of attacks? That is the continuing debate of many internet security experts right now. There will never be a perfect cure; however there are things that can be done. Unfortunately, the most immediate changes must occur at the ISP level and NOT the web company’s level. The ISP’s have the ability to filter out those envelopes with the incorrect reply address before they ever leave the area of their control. Much the same as if the post office in New York spotted an outgoing letter that had a reply address in Toronto and threw it in the garbage rather than processing it into the mail system.

However, there are thousands of ISP’s out there all with their own ideas of how to service their customers. Until an international standard can be adopted, this one particular type of attack will and can continue.

So if ISP’s do this, it will stop all attacks? No. I’ve only described one way for ISP’s to deal with certain types of attacks. There are other types of attacks that hackers can (and will) use. Unfortunately, describing other types of attacks would involve much more technical descriptions. It was not my goal to get too overly technical in describing the problems that Swirve is having.

So who is doing this? Who knows. It really could be anyone. The tools that are available to conduct these sorts of attacks are available anywhere on the internet if you know where to go. While it does take a lot more know how to create these tools of destruction, anyone can learn how to use those tools.

There are two breeds of attackers out there. The first is the people with the knowledge of how to write and create those tools, otherwise known as true hackers. The second are people who know where to get those tools and then use them for their own malicious intent, otherwise known as script kiddies. Script kiddies have no real hacking or programming knowledge of their own, they just like to use the hacker’s tools for their own destructive purposes.

In the case of the Swirve attacks, it could be either of these types. However, in the true hacker community, once they’ve proven they can do something once, they generally move on to other challenges. Besides, true hackers generally prefer to fly under the radar and not do things like this.

Script kiddies, on the other hand, generally desire to cause malicious destruction. They get their kicks doing as much damage as possible to websites or companies. Knowing the basic user group of the Swirve sites, it is probably a good bet that the attacker is a player that is angry with something Mehul has done. However, this is only speculation, anything is possible. Heck, why not an angry housewife who is fed up with all the time her husband spends playing Utopia? With the game not available, maybe he’ll pay more attention to her!

I hope this note helps you all to understand better what is going on when the game goes down. Understand that it is not JUST Utopia but it is the entire Swirve website. It does not matter that this is a free game or not. Swirve is a for-profit company and the attacker is doing real financial damage. As a result, this is a criminal action and should be dealt with harshly if they catch the attacker(s).

For those of you who are more technically inclined, I suggest having a read of some of Steve Gibson’s articles on his website. http://grc.com He has been attacked by similar methods in the past, including one attack by a 13 year old script kiddie back in 2001.

Having said all that, good luck the rest of the age and let us hope the game can remain available from now on.

View Public Profile Find more posts by glacier Add glacier to your Buddy List Reply with Quote
(Posted as enforc3r)
Posts: 319/337
(03-Mar-2003 at 22:26)

* applause *

Nicely said.
View Public Profile Find more posts by Enforcer AMB Add Enforcer AMB to your Buddy List Reply with Quote
Posts: 12/102
(04-Mar-2003 at 02:47)
Thanks for the concise answer. Let's hope some people read this and remember it.
View Public Profile Find more posts by Tonteria Add Tonteria to your Buddy List Reply with Quote
Posts: 36/64
(04-Mar-2003 at 03:36)

That was nicely writtin glacier. even though i knew all that i know it was intended for ppl who didn't. im sure it educated many ppl on the subject.
View Public Profile Find more posts by CoS Warrior Add CoS Warrior to your Buddy List Reply with Quote
(Posted as zuzu24)
Posts: 198/1250
Donated $4.00
(04-Mar-2003 at 05:12)

Very well done glacier.
I even learned from your post
View Public Profile Find more posts by Utopian Muse Add Utopian Muse to your Buddy List Reply with Quote
(Posted as depglade)
Posts: 1/1
(04-Mar-2003 at 08:07)
food for thought, Glacier

now, having read the above, i have been able to compile a list of suspects, one of whom (you can tell im English) is responsable for the downtime :-

1. bill gates
2. aol
3. an evil rival who charges money for an inferior game
4. my wife
5. glacier (he knows too much about it for his own good)
6. all of the above
View Public Profile Find more posts by Boban Dweave Add Boban Dweave to your Buddy List Reply with Quote
(Posted as byrnej)
Posts: 60/137
Donated $0.80
(04-Mar-2003 at 08:27)

tnx, for the info. Nice work with the set out as well...

Quite frankly that Bill Gates guy has been against Utopia from the start, BUT it could be one of those Utopia Players in Antartica... seeing as how everyone one on UT makes fun of them, maybe they wanted to get some revenge?!?!

Nex Imperio - Nex Imperio - Nex Imperio
View Public Profile Visit Joseph NI's homepage Find more posts by Joseph NI Add Joseph NI to your Buddy List Reply with Quote
(Posted as Chaos X)
Posts: 818/1495
Donated $10.00
(04-Mar-2003 at 08:33)

nice post glacier, hopefully everyone understands the problem now
View Public Profile Find more posts by Shadowkit Add Shadowkit to your Buddy List Reply with Quote
(Posted as Angelic x HGU)
Posts: 864/2739
Donated $2.40
(04-Mar-2003 at 08:43)

Very nice, i learned a lot!

lol depglade

-Angelic Death-
x nizlopi - jcb song for xmas #1! x
x there is a light and it never goes out... x
View Public Profile Find more posts by Angelic Death Add Angelic Death to your Buddy List Reply with Quote
Posts: 37/64
(04-Mar-2003 at 09:02)
even with all the downtime its glad to see ppl with a sense of humor .
View Public Profile Find more posts by CoS Warrior Add CoS Warrior to your Buddy List Reply with Quote
Posts: 3/5
(04-Mar-2003 at 09:16)
Very nice post. Thanks. I learnt a lot from it.
View Public Profile Find more posts by mercator11 Add mercator11 to your Buddy List Reply with Quote
Posts: 3/4
(04-Mar-2003 at 09:49)
why can't they just block the ips at the router or firewall level of the computers pinging them excessively. set up a script to block any IPs that ping it say 10 times in succession. it seems unlikely that a script kiddie could gain control of enough computers to overcome that.
View Public Profile Find more posts by diesel Add diesel to your Buddy List Reply with Quote
(Posted as Rapter12)
Posts: 233/714
Donated $4.64
(04-Mar-2003 at 10:49)
very nice post...probaly took ages too write that

::: Dean Solutions
::: The Key to Your Web Solutions
View Public Profile Visit Tomer Dean's homepage Find more posts by Tomer Dean Add Tomer Dean to your Buddy List Reply with Quote
Posts: 110/130
(04-Mar-2003 at 11:03)
lazy smile

GREAt!!! Okay, at least we know more about the downtime.. not only just a simple word DOS attack... haha..

great post!!

[size=0.5]To own a bank of wealth is useless without a bank of health,[/size]

[size=0.5]To own a bank of emotions is useless without a manager for them.[/size]
View Public Profile Visit nigelho7's homepage Find more posts by nigelho7 Add nigelho7 to your Buddy List Reply with Quote
Posts: 5/42
(04-Mar-2003 at 11:08)

its about time somebody was pro swirve (if you can call this pro swrive) but i would say at the moment anything which isnt against swirve is a good thing
View Public Profile Find more posts by tbau Add tbau to your Buddy List Reply with Quote
Posts: 6/65
(04-Mar-2003 at 11:53)
lightbulb Congrats

Very interessting and instructive post glacier..... Thanks for taking the time to help people better understand what's going on.

Au fait, avec un nom comme ça, tu es français ?
View Public Profile Find more posts by Swordman Add Swordman to your Buddy List Reply with Quote
(Posted as Akatosh)
Posts: 14/108
(04-Mar-2003 at 12:04)
Excellent post, if some mod or BG could sticky this post or post a link in the pain page it would stop lots of the speculations and infact maybe get peoples to check their computors and use a good firewall.

(theres lots of them out there who can detect and remove trojans)

For you who dont have a firewall, get Zonelabs free one if you dont want to pay.
View Public Profile Find more posts by Akatosh of KF Add Akatosh of KF to your Buddy List Reply with Quote
Posts: 2/11
(04-Mar-2003 at 16:23)
Re: Congrats

Excellent post and thanks for that link gives me something else to do then reclick refresh a couple of hundred times which probably isn't helping swirve that much

..but what's so french about that name swordman.. it's also an english word.
View Public Profile Find more posts by SadisticGrin Add SadisticGrin to your Buddy List Reply with Quote
Posts: 6/42
(04-Mar-2003 at 16:39)


Thank You,,Thank You,,Thank You,,

Finally some Information about this Mess, I can understand.

What a Refreshing Change.....

*I kept trying to cast minor protection over Swirve, but My Wizzies kept Blowin up*
View Public Profile Find more posts by rhettt63 Add rhettt63 to your Buddy List Reply with Quote
Posts: 1/2
(04-Mar-2003 at 16:48)

Nicely put there Glacier...hope this shuts some ppl up~
View Public Profile Find more posts by trgvindicator Add trgvindicator to your Buddy List Reply with Quote

Thread Tools
Display Modes

Forum Jump:

All times are GMT+1. The time now is 15:57.

Powered by vBulletin (modified)
Copyright © Jelsoft Enterprises Ltd.