Jump to content

RuneScape DDoS attacks: fact or fiction?


ixfd64

Recommended Posts

I occasionally hear about people being DDoS'ed in RuneScape. However, I'm having doubts as to whether this is really possible.

 

From what I gather, there are two types of RuneScape-related DDoS attacks:

 

1. The attack is performed against a game server.

2. The attack is performed against a specific player.

 

It seems to me that the second type is a lot more common, for a few reasons:

 

1. A company like Jagex (which generates most of its revenue from online services) is likely to have significant protection against such attacks.

2. DDoS attacks are often used for political purposes. If it was really that easy to DDoS RuneScape, people protesting against controversial updates would likely be using them instead of rioting. In most reports of DDoS attacks, they are used to gain an unfair advantage.

 

But even in the latter case, the attacker would still need the victim's IP. I can only think of two situations in which they could acquire it:

 

1. The attacker is an administrator on a site that the victim has visited.

2. The attacker's and the victim's computers have directly connected (such as using AIM's direct IM feature).

 

Even then, most computers are on a private network (and will have a class A, B or C address) instead of being connected directly to the Internet. Any DDoS attack would affect the router at the ISP instead of the victim's computer.

 

So are DDoS attacks in RuneScape just a myth? Or is there any truth to them?

ixfd64.png

 

ARENAscape:

 

Baratus [AS] max hit: 166 with Moon Battle Hammer

ixfd64 [AS] max hit: 116 with (untitled spell #2)

Link to comment
Share on other sites

It can happen, it has happened.

 

However, the DDoSer needs to know the IP of the player, which that can't find over Runescape. Usually, they might try to find it by other methods, such as asking the played to use a 3rd party chatting program where its possible to see the IP of the other person. Once they have their IP, they can directly DDoS that player.

Link to comment
Share on other sites

As Danni111111 said, it does happen. They don't DDoS the server.

 

For the most part, videos on YouTube showing someone DDoSing another player by simply typing their name into a program and hitting, "Attack," are fake. However, not all of them are. I've seen extremely large lists of IP addresses/display names first hand, so they do exist.

 

It's very easy to get someone's IP. One of the most common ways was to get someone into a Skype call. However, that's no longer needed, as now you only need their Skype username to get the IP to where they last logged in. Of course, instead of fixing the issue, Skype simply attempts to take down websites publicly explaining and offering services to it. Sounds a lot like Jagex.

 

Another method that people used on victims here on Tip.It was to privately host an image. They'd then PM someone that picture and then check the IP of who's seen/requested that image. That's why only trusted image hosts are allowed on TIF now. Of course, there's always IRC, DB leaks, and other methods but... :P.

09144a99bb.png

Link to comment
Share on other sites

Fiction, 99.999999999999999999999999% of rs players will never have to worry about this, its only people who do high risk stuff that have a chance of it happening.

Archermanme.png
Quest Cape Achieved on November 14, 2007

Iron_Archer.png

Items Acquired

Crystal Pick and Hatchet

Berzerker Ring x 3

3/28 Barrows Items

Link to comment
Share on other sites

I lost around 10bil to ddosers staking, as Stev said it was someone who sent an image to me (was just a generic looking pm with a picture that looked like the background of the forum... -.-).

 

But seriously, no one will ddos you for your rune sets or 100k stakes.

 

 

Also people gain IPs through other online games, especially like Minecraft.

 

I've heard rumors that's one way 999 was able to get a handful of people's IPs (probably [cabbage]) but still doable.

are you referring to me there?... Because I would like to know why you think its ok to randomly spurt shit because you are jealous that I am not terminally stupid in the way I stake.

  • Like 2

Check it out, huge amount of effort has gone into this massive mod!

ODG6e0M.png

[hide=old sig]

newsig.png

[/hide]

Link to comment
Share on other sites

I lost around 10bil to ddosers staking, as Stev said it was someone who sent an image to me (was just a generic looking pm with a picture that looked like the background of the forum... -.-).

 

But seriously, no one will ddos you for your rune sets or 100k stakes.

 

 

Also people gain IPs through other online games, especially like Minecraft.

 

I've heard rumors that's one way 999 was able to get a handful of people's IPs (probably [cabbage]) but still doable.

are you referring to me there?... Because I would like to know why you think its ok to randomly spurt shit because you are jealous that I am not terminally stupid in the way I stake.

 

 

999, notice how I said it was almost definitely a rumor?

 

I am in no way jealous. You play RS for an entirely different reason than I do, I was just stating a mechanical fact, and that I have heard similar thoughts from you (that IPs are obtainable through Minecraft PS).

Link to comment
Share on other sites

I don't think it was at all necessary to mention that, rumor or not.

 

He was one of the people I know who has indepth knowledge about Minecraft servers, and thus I mentioned his knowledge of it. Maybe I shouldn't have mentioned it, but his reaction was equally as uncalled for. Sorry to prick his interwebs ego abit too much.

 

999, notice how I said it was almost definitely a rumor?

The way you worded it made it seem like you were certain he DDoS'd people, but that you were unsure about the method.

 

Well I ammended the situation.

 

 

Moral of the story is: IPs are fairly easy to obtain, if you are stupid about where to go with your internet searching, etc.

Link to comment
Share on other sites

And the true moral of the story, is don't worry about it unless your a high profile person/high value staker.

Archermanme.png
Quest Cape Achieved on November 14, 2007

Iron_Archer.png

Items Acquired

Crystal Pick and Hatchet

Berzerker Ring x 3

3/28 Barrows Items

Link to comment
Share on other sites

It's very easy to get someone's IP. One of the most common ways was to get someone into a Skype call. However, that's no longer needed, as now you only need their Skype username to get the IP to where they last logged in. Of course, instead of fixing the issue, Skype simply attempts to take down websites publicly explaining and offering services to it. Sounds a lot like Jagex.

 

 

Frankly, from what I can tell there's not a working skype resolver at the moment. At least not a public one.

Beyond that is the fact that patching things like this isn't easy.

I know for a fact that skype has tried many many times, and the API is simply remade to bypass their changes.

 

Beyond that, multiple people outside of skype, that frankly are better than the guys in skype, have tried and failed.

 

Your best bet to avoid skype resolvers(without having to resort to spoofing), is to run your skype under a proxy.

It should also be noted that your skype IP that gets resolved is updated every 24 hours. So you only need to run it under a proxy at the beginning of the day, and at the end of the day. The rest of the time, your IP should be that of the proxy, without you having to have ran the proxy.

Which is easy and the only thing that has to be under the proxy is skype. Nothing else.

 

 

That said, DDoS isn't a myth.

 

However, some times networks and computers lag at extremely unfortunate times, and those lags are sometimes blamed to be a DDoS when it's just an unfortunate incident.

QneWhoSighs.png
Link to comment
Share on other sites

Frankly, from what I can tell there's not a working skype resolver at the moment. At least not a public one.

Bingo. :P. Once they go public, Skype usually takes them down relatively quickly which is most likely the only reason they're becoming less and less. Lately, instead of people selling the resolver as a service (for like $4 a month), I've seen them actually selling the resources for the user to create their own with a free host.

09144a99bb.png

Link to comment
Share on other sites

Frankly, from what I can tell there's not a working skype resolver at the moment. At least not a public one.

Bingo. :P. Once they go public, Skype usually takes them down relatively quickly which is most likely the only reason they're becoming less and less. Lately, instead of people selling the resolver as a service (for like $4 a month), I've seen them actually selling the resources for the user to create their own with a free host.

 

I think it's the way you're wording it that makes me disagree.

They're not just "taking them down".

They're patching the exploit.

 

When I think of "taking them down" I think of them doing what Jagex or Blizzard does to private servers, and taking their website + server over/off the net.

 

The resolvers, however, are still on the net, they just don't work as the API needs to be updated due to skype patches.

Some of it's dealing with skype patching the exploit directly, others are dealing with skype doing a routine update that involves values the resolver might use.

 

 

So to this end, skype is fixing.

It's simply that the over all exploit is virtually unpatchable.

Give it enough time, and enough popularity, and other video chat tools like skype that have a client, will likely be exploited in exactly the same way.

QneWhoSighs.png
Link to comment
Share on other sites

It used to be a big issue staking, and also in competitive warring apparently. (There's like 4 people staking in eoc these days)

 

I don't have a skype, so I'm pretty sure my IP was bought from a SwiftIRC Oper. It has happened in the past, a while ago one of them was banned for selling IPs.

 

I've lost a blue partyhat and a purple to ddosing, and also 'lost' 2b to one of them, but staked the guy again whilst logged into a neighbour's wifi and won it back. The solution with staking is for your character to continue auto attacking in the event of a disconnect - not sure if this is practical/possible.

 

Oh, and it's absolutely a fact, and also performed against the player rather than the server.

 

One of the more disreputable hosts in win all day would hit other hosts off when they announced a big bet in the fc, so they'd do it on him instead. It is actually quite a significant issue that needs looking into IMO.

  • Like 1

Asmodean <3

Link to comment
Share on other sites

^ Crashing your internet in the middle of a stake/bet/dm/clanwar

'Rock Hard' boss pure - 60/60 Attack | 99/99 Range | 1/1 Defence | 44/44 Prayer | 99/99 Strength | 99/99 Mage - level 79 combat EOC

 

## '07 Server ## "Best Runescape update ever: Removing 6 years of updates."

 

Rock_Hard.png

 

"Warning: If you are reading this then this warning is for you. Every word you read of this useless fine print is another second off your life. Don't you have other things to do? Is your life so empty that you honestly can't think of a better way to spend these moments? Or are you so impressed with authority that you give respect and credence to all that claim it? Do you read everything you're supposed to read? Do you think every thing you're supposed to think? Buy what you're told to want? Get out of your apartment. Meet a member of the opposite sex. Stop the excessive shopping and masturbation. Quit your job. Start a fight. Prove you're alive. If you don't claim your humanity you will become a statistic. You have been warned- Tyler"

Link to comment
Share on other sites

  • 1 year later...

I hadn't known about the personal DDOS thing prior to reading about it on this forum. Though I have seen a similar thing on Halo 2 involving bridging connections and blocking others, though this is a totally different method requiring you to be the connection host, but I digress.

 

I read this then realized that someone actually tried this on me while we were PvM-ing, I already thought it was weird that he wanted to Skype when my clan has a TeamSpeak server, considering we're in the same clan. After the 2nd Skype call he asked me if I received the picture he sent me which seems to me as if he wanted to dc me from the game and loot my grave.

 

After he realized I wasn't biting (Skype was on my phone and I don't open things from random people, Paranoia FTW) he hasn't attempted to Skype again even though we have bossed many times since. Thanks for the useful information now I know what to watch out for.

Link to comment
Share on other sites

Please next time do not resurrect an old topic. If you want to dicuss the recent server disruptions, follow the following link: http://forum.tip.it/topic/325945-jagex-refunding-items-server-disruptions/.

 

I'll be locking this topic.

Our deepest fear is not that we are inadequate. Our deepest fear is that we are powerful beyond measure. It is our light, not our darkness that most frightens us. We ask ourselves, 'Who am I to be brilliant, gorgeous, talented, fabulous?' Actually, who are you not to be?~ Marianne Williamson

 

For account help/issues, please follow this link:

Account Help

. If you need further assistance, do not hesitate to PM me or post here.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.