Millions of gamers were unable to access Sony's PlayStation Network for what seemed to be the entirety of Sunday after it was crippled by a distributed denial-of-service (DDoS) attack, according to a Sunday post, which adds there is no evidence of a breach of personal information.
Other gaming networks also experienced similar problems at various points throughout the weekend, including Microsoft's Xbox Live, which continued to have some issues on Monday, and Blizzard's Battle.net. Additionally, developers of League of Legends and EVE Online took to their respective forums to discuss being targeted by DDoS attacks.
As it turns out, the methods used to carry out DDoS attacks against websites are virtually identical to those used to hit gaming networks such as the PlayStation Network and Xbox Live, Matthew Prince, CEO of CloudFlare, told SCMagazine.com in a Monday email correspondence, explaining that DDoS attacks are ultimately about overwhelming a resource with a large number of requests.
“I don't know a lot about [PlayStation Network's] or Xbox Live's application design, but my hunch is it's just based on typical web protocols and therefore would be vulnerable to the same application attacks that a website is; and even if it's based on some custom application, since it is accessible over the internet, it wouldn't be difficult to craft application level requests (Layer 7) that would affect it,” Prince said.
However, speaking specifically on the PlayStation Network, Prince speculated that it was downed by a volume-based Layer 3 attack – DNS reflection is an example of a Layer 3 DDoS attack – because of a Sunday tweet from John Smedley, president of Sony Online Entertainment, in which he wrote, “The problem is upstream of our network we have no control. So they are flooding the routes to us too. That's how it works.”