Wednesday, February 13, 2008

Stupid ...

... attacks. I don't know if anyone of you is familiar with DDoS attacks and their consequences. I don't wanna go into detail, but roughly spoken, some guy gets control over hundreds of computers and commands them to send useless bits of information to one single server at one specific moment. This either causes the addressed server to crash, as he has to process all this useless information, or the inbound connection to this server gets jammed, so no other valid information can come through.
Well, I am no technician, so actually I don't care about possible defense mechanisms as long as they come in quick.

The problem I am having is: What is the suitable amount of information to give out to your community. They are very well aware that we have a problem with those kind of attacks and understandably they request answers from us on how long this situation will last and how long it will take us to put sufficient countermeasures in place.
I would love to tell them everything about the situation, about purchases of new hardware, about sophisticated software solutions we've developed, you name it. BUT, isn't that already motivation enough for the attacker? If he sees us running about like headless chickens, couldn't that cause him to try to deal the final blow?
On the other hand, if we don't inform the community sufficiently, there will not be any community left to protect, as they will all - at least a significant amount - leave us for another online game.

I've talked to one of our customers today. He was really upset and disappointed by our performance. I've written him a long and extensive email, trying to explain the current situation and the limitations we are bound to. Interesting enough, he replied shortly after and was totally at ease and calm. So this is telling me, talk to the people and they will understand and sometimes even support you in your battle.
Once again, how to solve this dilemma? I am faced with a Hobson's choice. Informing the community to keep them happy always comes along with informing the attackers about our current state. Damnit!!!!

No comments: