Attention
You have Cookie disabled in your browser. Displaying the site will be incorrect!
Back to cases

How we protected Albion Online against complex and massive DDoS attacks

Posted: 29.01.2020
Albion
Albion Online is a medieval fantasy sandbox MMORPG developed by Sandbox Interactive, a game development studio in Berlin, Germany

About Albion Online

Albion Online is a sandbox MMORPG set in an open medieval-style world.

The game allows players to combine armor and weapons for numerous different playstyles, explore the world, challenge other adventure-seekers in exciting battles, conquer territories, craft items, and build their own homes.

The game's official launch was in 2017, and in April 2019 it went free-to-play.

Today, Albion Online is true cross-platform MMO available on Windows, MacOS, Linux, iOS, and Android.

Why did Sandbox Interactive choose our hosting?

The free-to-play launch brought huge amounts of players into the game from all over the world. Server stability, scalability and an effective DDoS protection are paramount for an online game of this scale.

Thanks to our successful track record of designing and supporting infrastructure for large video game developers like Wargaming and RedFox Games, Albion Online's developers entrusted hosting to G-Core. After all, we are the only hosting company with Guinness World Record-awarded infrastructure!

DDoS attacks after free-to-play

DDoS attacks are a common scourge in the games industry, particularly for successful publishers. Sandbox Interactive was no exception: immediately after the free-to-play release, the game was targeted in a series of coordinated attacks, more intense than usual.

The solutions we used to reflect DDoS attacks on client servers previously did not fit the Sandbox Interactive case, as Albion Online was attacked via UDP Flood.

What is Generated UDP Flood?

Generated UDP Flood is a distributed, artificially generated traffic. An attacker usually preliminarily explores the intricacies of the game application and then generates UDP packets from spoofed IP addresses (on average, more than 100,000 unique IP addresses can be involved in a single attack).

What makes protecting against such attacks difficult?

The IP address and port of the server (in this case, the address of the game server and the application port) are targeted. In particularly difficult cases, an attacker can guess the size (window) of a legitimate packet and generate the necessary bitrate for the SRC_IP and DST_IP pair (one flow). This effectively obstructs filtering. For example, you cannot use countermeasures that are filtered on the basis of rate-limiting. If an attack is well-generated, it is almost impossible to distinguish legitimate (game) traffic from illegitimate traffic by means of analysis.

In the real world, the game application can encrypt UDP payload (e.g. DTLS), which renders countermeasures such as regex_based_filtering useless. Finding a regexp close to the one used by the application is a difficult but possible task. It all depends on the attacker’s persistence.

There are not that many countermeasures to filter such attacks.

Which filtering methods were required?

Effectively reflecting DDoS attacks on Sandbox Interactive/Albion Online required support for all existing filtering methods:

  • Rate-limiting

    Rate-limiting

  • Regexp-filtering

    Regexp-filtering

  • Whitelisting

    Whitelisting

  • Blacklisting

    Blacklisting

  • IP Geolocation Filter

    IP Geolocation Filter

  • Rate-limiting

    This countermeasure uses various techniques for limiting traffic, for example via the SRC_IP and DST_IP pair. In this case, though, part of the traffic will still reach the server, and an attacker can guess an approximate bitrate of the legitimate application. For dynamic applications, this measure is not efficient.

  • Regexp-filtering

    You can either skip or discard packets that match regexp in payload. This is quite efficient, but for some types of applications it is not always possible to write a regexp for whitelisting, which means that we can only discard “bad” packets. In these cases, this method becomes extremely inefficient.

  • Whitelisting

    This implies a server login where the player is pre-authenticated, and his or her IP address is added to the whitelist (for example, via the API). Everything contained in the whitelist is allowed at the game port, the rest is discarded. The method has its drawbacks: it cannot always be architecturally appropriate, and it is difficult to maintain the current state of whitelisting (the user can close the browser while still being logged into the system), and the use of Idle Timeout may lead to the system blocking the player’s session after a certain period of time, forcing reauthentication. In addition, some operators can create NAT from a pool of addresses. Doing so may result in the user’s IP address being changed during the game.

  • Blacklisting

    This works the same way as whitelisting, but in reverse, i.e. “bad” addresses are added to the list. (In fact, there are not many cases where this countermeasure will be effective.)

  • IP Geolocation Filter

    This involves blocking IP addresses based on geographical location, such as from high-risk countries. But this countermeasure is also quite easy to bypass.

As a result, the main problem was that there were not many solutions on the market that supported all of the above filtering methods. Ours, however, does!

The solution we proposed

To protect Albion Online against DDoS attacks, we suggested using the G‑Core Labs' software suite.

This is one of those solutions that not only support all of the above countermeasures, but is also brand-new and unparalleled in attack mitigation technology.

G‑Core Labs' Challenge Response (CR) is one such unique method. This is a stand-alone protocol; integrating it into the client allows passing the challenge for the application, thus validating the IP address of the client.

Head of Global Network and Security Department
at G‑Core Labs

Oleg Yudin

“This solution is well-suited when it is not possible to validate traffic. We recommend using it for all gaming applications”

Head of Global Network and Security Department
at G‑Core Labs

Oleg Yudin

RESULT: Albion Online is now securely protected

Thanks to G‑Core Labs' Challenge Response (CR), we have reliably protected Albion Online. The game remains accessible to users all around the world.

Head of Global Network and Security Department
at G‑Core Labs

Oleg Yudin

“Indeed, attacks on Albion Online are still ongoing. Moreover, there are now more complex attacks having a new vector. But thanks to our service, the actions of cybercriminals effect neither the client’s business nor their players”

Head of Global Network and Security Department
at G‑Core Labs

Oleg Yudin

CTO at Sandbox Interactive

David Salz

“Having a reliable and quick-to-respond hosting partner is crucial to the success of an MMO game like Albion Online. G‑Core Labs delivers just that. Whether it was the implementation of an advanced DDoS protection solution for our game, or resolving the connectivity issues of individual players, the G‑Core Labs technicians have been there for us 24/7. Always helpful, professional and dedicated”

CTO at Sandbox Interactive

David Salz

As our customers’ experience shows, to attain and maintain success in the gaming industry, it is important not only to create exciting game worlds, but also to have a powerful and invulnerable infrastructure…

…and that’s what we at G‑Core Labs can provide for you.

Subscribe to a useful newsletter

Favorable offers and important news once a month. No spam

Wargaming
Tinkoff
Lamoda
МегаФон
BANDAI NAMCO Entertainment America
Rutube
RedFox Games
Michelin
WARPCACHE
Melsoft
SynEdge CDN Software
EVA Studio
Friday's Games
Reloaded Technologies, Inc.
DFM Radio
Solid Stage
Unisender
Zerouno
Magisterion
78
Nordeus
Melon Fashion Group
BitBox
Avast
Racing.by
Arzamas
Joom
Nevosoft
AIgrind
Atanar Technologies
Digital Present
Orion
Nanobit
LiveU
Playkey
Envato
Awok
e96.ru
DNS – интернет магазин цифровой и бытовой техники
Aizel
РЕН ТВ
Букмекерская контора «Фонбет»
Gameye
Sandbox
Albion
Tell us what your business objectives are, and we will help you grow anywhere in the world