We continue our “Between the Lines” column, where we talk about the difficulties, mistakes,

The internet, often touted as a miracle of modern technology, is not as reliable as we tend to believe. While it connects us to a wealth of information and enables communication across vast distances, the reality is that it can be unpredictable and fraught with challenges. This narrative will explore the frustrations our clients faced when their internet connections failed and how we stepped in to restore order. At first glance, the internet appears to be an expansive, seamlessly interconnected web. It promises instant access to data, social platforms, and endless entertainment. However, beneath this glossy surface lies a chaotic realm where connectivity can falter without warning. Many of our clients have encountered situations where their internet suddenly stopped working. For some, it was during crucial business hours, while others faced disruptions in their personal lives when trying to connect with loved ones. These experiences often led to frustration and confusion, as they attempted to troubleshoot issues that seemed insurmountable. One client, a small business owner, found herself unable to process orders during peak hours. The internet went down, and with it, her revenue stream. Another client, a student, faced a similar dilemma when his connection failed just before a critical online exam. These scenarios illustrate how a seemingly minor issue can escalate into a significant problem, affecting both personal and professional lives.

The internet is often compared to the Wild West—an uncharted territory where rules are vague and consequences can be dire. When users venture beyond the safety of two-factor authentication and trusted cookies, they enter a realm filled with potential dangers. In this chaotic landscape, trolls lurk in the shadows, ready to disrupt the lives of unsuspecting users. These individuals thrive on creating havoc for their entertainment, exploiting vulnerabilities in systems, and reveling in the chaos they cause. Our clients have experienced firsthand the impact of these digital miscreants, whether through hacking attempts, phishing scams, or simple trolling. To illustrate the unpredictability of the internet, let’s delve into a few case studies. As mentioned earlier, the small business owner faced a sudden internet outage during peak hours. After contacting our support team, we discovered that her router had been compromised due to a phishing attack. We quickly implemented security measures, including a system reset and firmware updates, and educated her on the importance of maintaining robust security protocols.

The Evolution of DDoS Attacks and Our Response

In the distant year of 2014, the internet was plagued by a rising wave of Distributed Denial of Service (DDoS) attacks. These attacks are termed “distributed” because they involve an attacker using multiple internet hosts to flood a specific IP address with overwhelming traffic, causing the protocol stack to crash. Unlike traditional hacking attempts designed to infiltrate networks and steal data, DDoS attacks aim solely to disrupt access to services, effectively blocking legitimate users from reaching their targets. By the end of 2014, a worrying trend emerged: DDoS attacks were no longer the domain of highly skilled hackers with advanced degrees in information technology. Instead, they became accessible to virtually anyone willing to pay for the service. While some individuals engaged in this digital vandalism purely for the thrill, others had more calculated motives. For instance, launching a DDoS attack could guarantee the interruption of a match in a competitive game, particularly if one’s team was losing. During the first months of 2015, we witnessed a dramatic spike in DDoS attacks targeting popular games like Dota 2 and CS:GO. Companies across the gaming industry reported similar increases in these disruptive incidents. The simplification of the attack process made it available to anyone with a few dollars to spare, escalating the threat landscape significantly.

In August 2015, DDoS attacks disrupted the prestigious tournament, The International. While the competing players remained unaffected, studio commentators and analysts struggled to join matches and deliver quality broadcasts for over two hours. The online transmission of matches was jeopardized, creating an atmosphere where games felt as if they were taking place in a vacuum. A professional tournament boasting millions of viewers and significant financial stakes faced chaos due to an easily accessible tool launched by an anonymous individual for just five dollars. This issue could not be ignored. In our quest to find a viable solution, we explored numerous strategies. Our first approach involved filtering traffic using robust network switches. Unfortunately, this method proved ineffective for gaming traffic. For gaming servers, receiving unsolicited UDP traffic from various IP addresses is standard practice.

Imagine a mailroom that filters out junk mail while also managing a “Reader’s Advice” column for a local newspaper. In such a scenario, the mailroom would struggle to distinguish between legitimate correspondence and spam, as it constantly receives messages from unknown senders. Similarly, gaming servers face challenges in discerning which packets are authentic and which are malicious. Compounding the issue, UDP protocol addresses are easily spoofed, making it impossible to rely on source IPs as an indicator of a packet’s legitimacy. At that time, Steam was handling a massive flow of gaming data through an extensive network. We utilized this infrastructure to route game traffic through specialized pathways, optimizing data exchange and employing advanced technologies. While this approach improved response times for players, it did not shield them from DDoS attacks. The inherent vulnerabilities of the UDP protocol meant that our own network was not immune to exploitation. To prevent our network from being weaponized against our servers, we needed comprehensive control over all ingress and egress points. We developed relay servers that directed all game traffic through these intermediaries, ensuring that every packet was channeled through them. Consequently, every client attempting to connect to game servers underwent authentication and redirection via these relays.

This setup effectively concealed the IP addresses of the servers from end users, leaving attackers in the dark about which addresses to target. Returning to our earlier analogy, attackers were left without knowledge of which address to bombard with traffic. They could send messages to every post office requesting them to forward their correspondence, but without identity verification, those messages would go nowhere. Furthermore, the post office would find it suspicious if one person attempted to send a hundred thousand letters simultaneously. Could relays themselves be attacked? Technically, yes. However, we designed them specifically to absorb such attempts, and we had a virtually limitless number of these relays at our disposal. Each relay functions as a computer running a particular program. While it can be attacked or disconnected, the protocol was developed to withstand such challenges. If a client loses connection with a relay during gameplay, another relay seamlessly takes its place. These relays act like hundreds of gaming chips scattered across the globe, dedicated solely to protecting game.