Help for stopping your DDOS Attacks

I believe if you change some of your authentication structure, you can beat these DDOS attacks. These attacks happen because of large amounts of connections directly to one of your devices / servers. The attackers put a bot up (or multiple) and have
it do multiple connections / icmp connections directly to it to overwhelm the server / routers with connections. Normally the way to stop this is through access lists and keys / cookies. If your device doesn't know who you are, it drops the connection.
Everything else goes through as normal.
So here's my suggestion. Think about linux and SSL certificates per userID. You have to have a key on your device and one on the connecting device to allow connection to what you are trying to access. If they match for your user ID, you can connect.
They expire after X amount of time, and you have to create a new one. While not foolproof, it does offer up a way to knock down the DDOS attacks. First, you need to change your authentication servers / webpages to drop any connection to it via MAC address
or Key/Cookie that it does not recognize. Next, redirect the user to a page that forces you to authenticate your device as a human. Many other companies have moved to a similar method of this. Look at Steam, Chase online, Bank of America, etc. If you
log into their sites / servers via a MAC address or IP it doesn't recognize, it forces you to authenticate. You can do this via phone or Email. Once done, you can install a cookie or an SSH key on the device to prove this device is allowed into your network.
Then through your firewalls, routers, F5's etc, your access lists allow that MAC address of that device through. You can then monitor on the first connection to it that it's being "used" or lock it out. Again, similar service to what others are doing.
This proves you are human and not just someone trying to spam your network.
Last set up captures for all denied IPs that try to come through and get redirected. If you see a flood of them, that is someone trying to DDOS your system. You can report it properly.
Now I know this does not solve all of the problems. Someone could still DDOS the key site, and stop new users or new devices from getting registered in your network. But unlike today, your entire user base would not be down. Most of your users would
be up and running, while you battle whomever is spamming your new authentication site.
I'm sure there's idiosyncrasies to your own network / design that are not accounted for in the above, but I'm positive that by going this route you will stop many of these DDOS attacks that seem to be happening frequently. You can then be sure that valid
devices are actually trying to access your network, and protect all of your websites from getting spammed in the future.
Thanks for your consideration of all of the above, and have a Merry Christmas.

:)

 

DDoS attacks need to be addressed.

Hey aG,

If you are receiving DDoS attacks, please contact your local ISP and local police force. This is the only way that we can help. Microsoft cannot help with personal DDoS attacks.

 

I got ddos and I got ban and can't write a review

Case reviews on the Xbox Enforcement website are only available if you're eligible for one.

If you believe you are facing a DDoS attack on your network, see here for the steps in stopping it: FAQs About DoS and DDoS Attacks on Xbox One

 

The connection negotiation is probably not blocking attacks so well. My idea is to have the VERY FIRST packet sent from your XBox to the service provide a unique key (similar to how your authenticator has a rotating key used to log into your live account)
this key would be based off the XBox SN and other things say time as the seed. This key would then allow traffic from that IP to move forward and continue the verification and sign in process. If that key is used from more than 5 IPs (or whatever number would
work best) in the time frame that IP it auto blocked for a time. There would need to be devices/edge servers that handle this first packet and would only accept this type of traffic and verify it. All other attempts or traffic (without first being verified)
would result in a block of that IP.

So a break down.

1. XBox comes on and sends a verify packet to the edge firewall with a unique rotating key (this is the first packet sent)

2. After the connection attempt is verified traffic from that IP is allowed through to continue the communication other verifications and log in process.

3. All traffic of any kind coming from an outside source that has not provided a key is blocked.

4. Abuse of a key by trying to use it from multiple sources also results in a block.

 

They probably have a checkpoint firewall......junk. Go get some SRX's. I hope they have some F5's there's a ton an functionality on them. And their technical and replacement services are the best I have encountered. I was reading that they DDoS to prove
MS has lack luster security. Hell a basic Dynamic ACL list would be worth something. I mean they requires us to jump through hoops now mines well have us jump through a security loop or two. It amazes me that companies don't tend to think about security as
much as they should. I mean the world is quickly becoming a free for all on the net. People basically doing whatever they want hacking and stealing digitally huge corporations. I was reading the way they hacked into JP Morgan recently was a windows 2003 server
that was not up to snuff. Out off all their servers they found one old one and exploited it. Stuff like that amazes me 2003? The support for that is about to run out. At least 2008 R2 not win 2003? Car companies the same thing they are building all this technology
into their cars and probably don't even have a security guy on the payroll. It seems everyone is waiting to be burned first before they get their *** together. Problem is when companies get burned it's really all their customers that take on most of the heat.
It's our information that is floated and sold and our lives ruined. Maybe that is why security is not taken seriously because it is not to much of their concern. If it were me security would have to sign off of everything don't now a days. And security would
be the highest paid because you cannot put a price on your customers private information.

 

Hey there, MonkeyChow! We really appreciate the help you've provided. To get the best visibility on this, it may be best posted as a suggestion on our
Feedback site. See if you can find a similar suggestion posted already and give it a vote to move it up the Hot Ideas page!

Microsoft takes the security of our customers’ data very seriously and employs a team of professionals to monitor and manage the security of the services that process and store customer data. We recommend you visit our dedicated Xbox Live
Security page at http://xbox.com/security to learn how to help protect your account.

If you need assistance with any other support issue, please post up a new thread detailing what you're running into and troubleshooting you've completed. This way our community can get you the individual support that works best on the forums.