The problem of third-party interference in the behavior of eSports matches has been around for a long time. But lately, it has manifested itself especially sharply in Dota 2 and CS:GO. Many games have to be delayed for an hour, or even canceled, rescheduled and replayed. We will tell you how easy it is to carry out a DDoS attack and how to effectively defend against it.
What is DDoS?
DDoS attack, computer-launched or by a server that has been given a goal and an order to start. After the start, the network of infected machines will start sending dead packets (useless information) to the target's router and thus block the connection. Imagine a boat with one oar trying to get out of a polluted river.
Attack
To carry out an attack, you only need two things: a DDoS provider and a target. DDoSer services depend on the amount of time they want to ruin your internet connection and the amount of junk sent to your router. The direction of the attack is determined by the IP address. It's simple - if the attackers have it, then it will not be difficult to zaddos you. Therefore, it is very important to avoid its falling into the wrong hands.
Unfortunately, getting the right IP is now very simple. You can find the address of the Valve server through Dota 2, and even if it is hidden through the console, Packet Sniffer will get it without problems. 
As for the IPs of individual players, they leave traces in many programs. In order to get an IP through Skype, you only need your nickname in the program, and this is just one of the many ways. Imagine that the situation from the video below will happen to you (18+):
You don't even have to pay for DDoS. I found free service, which allows you to send from 10 to 200 Mbps as a sample. This is enough to put most standard networks: 
How to protect yourself?
There are many ways to protect yourself from attack. I'll just talk about a few:
- Rent a VPN. It will hide your IP behind a strong and secure server. If you use communication programs, then make sure you do it through a VPN. The number of providers of this service is very large.
- Limit communication via Skype, Teamspeak, etc. This is one of the easiest ways to get your address and mess up the connection.
- Most people believe that they do not have any viruses on their computer. Unfortunately, in 90% of cases this is not the case, and you should clean up more often to avoid a sudden network outage.
- Be careful when visiting websites and forums. Administrators see your IP.
- Firewalls. Some routers have a built-in, as in Windows itself, but they will not have time to filter out the incoming "garbage" before it blocks the Internet.
Then you have to resort to very difficult manipulations with the router. The ISP will not help you in any way, since they do not have to deal with such problems in their work. You need change WAN MAC router to automatically get a new address. If this does not work out, then you will have to pull the router out of the network and wait a long, long time.
Conclusion.
As has been said many times, this is far from full information to protect against DDoSa, and players have to deal with much more sophisticated tricks. So we wish you not to fall under such attacks and, if possible, protect yourself.
According to the standard, there are two tactics of warfare, this is an attack on the enemy, with its subsequent extermination, or a deaf defense, comparable to an ambush. Where players have to wait for their opponent to prevent him from passing through the given perimeter of the map. Today we will talk about how to properly carry out an attack.
I think that everyone is aware that an attack is not something that you have to approach the lines of fire, and so you wait. The attack is a pure breakthrough to the enemy troops, massive and unshakable. This is an aggressive tactic to psychologically suppress enemies. After all, victory in the round mainly depends on the correct attack. If you did everything reasonably, without any jambs. So consider yourself a winner. But let's note that the tactics in the attack can differ significantly from your composition, and the initiative personalities in it, the intensity.
If you touch on the intensity, then there is a lightning attack (RUSH - a jerk, an onslaught. In Russian it will be “let's go Rush”), an accurate attack, and a mutually covering attack.
What is Mutual Cover Attack. This is an attack with the support of all players. Its essence boils down to the fact that from 2 to 3 players participate in the breakthrough, the rest of the group is on cover. As soon as the first group reaches the designated point. She stops and digs in. The second group approaches her, realizing that the first one is covering them. After a similar situation begins. The first one goes ahead. The second covers. If you look closely at professional players, you can see this tactic. If you are playing on a public server. Then skip forward the noobs who are eager to fight. Follow them. They will take the first fire strike. Well, you can cover them from the rear.
Lightning attack, it's a rush. That is, a sharp massive jerk at enemies. Compare with suicide. If the enemy with all his might is waiting for you in ambush. But basically, according to the tactics of the maps, the teams are divided into small groups. And if you don’t drift off with your whole team, and attack in one direction as a group, then you will break through the enemy’s defenses. It has a very strong psychological effect. Imagine yourself. You are sitting on the de_inferno map on the plant, waiting for 2-3 enemies. Hold the entrance. And then there is one player. You start shooting at him. And 5 players immediately follow him. You are lost. Basically, this is the main feature of this tactic. Massive breakthrough to a key point, plant a bomb, or rescue hostages.
Now consider a neat attack. This method is more relevant when you are left alone, or two against an opponent who outnumbers you. You just have to hold down the walk key, and slowly, silently move towards your opponent. With the help of sound, you will be able to navigate in the environment. Either the opponents run towards you, or they run away somewhere. This is basically the main tactic of a neat attack. In the people she calls silent.
Now consider the type of tactics in terms of composition, there are also three of them. Breakthrough, infiltration and passage from the rear.
A breakout type, very similar to a rush. That is, where is the entire attack of your team, concentrated in one direction. And it is used in any period of time. A rush is used only at the very beginning of the round. Use the breakthrough when you are sure that your numerical superiority over the enemy is real. And not so that you break through, and you are all mowed down by enemies who will be waiting for you in an ambush.
In regards to leaking, this is the most common tactic, not only because the team is so intelligent. No. It's just that the players play by themselves and some follow in pairs. So. This is the seepage, when 2-3 players seep in different directions. But this is more like luck. Since you can go through the noobs, or get into the top three of professional players who can easily disassemble you into “spare parts”).
Well, the last type is a call to the rear. Basically, this tactic should be implemented in the middle or at the end of the round. But mostly in the middle. When most of the players have already died, and some have leaked through some directions. Here is your chance. You need to flash between the enemies and your own, and try to reach the enemy from the rear by roundabout ways. A very popular tactic on the map, by the way. Where through the water, a lot of players seep through, and they immediately go to the rear of the enemies, making them nervous and leave firing positions.
That's basically it. Train your skills on your personal experience.
Today I will tell you how to quickly rush length in solo on the dust2 map from a nearby spawn, we will also analyze in detail the distribution of flash drives and smoke.
Honestly, I'm a little surprised that many CS players don't know how to do it right and make the same mistakes. By studying the proposed tactics for quickly capturing the length, you will not only help your teammates, but also save your butt from burning.
To win as terrorists, it is important to be able to open the length - above you see one of the key points on the map. But when we tell our teammates to open frag, they are doing something completely different. It often happens that you are a great counter puller, but when you change sides, the enemy simply does not allow you to take key positions and drains the entire team before you have time to do anything.
I'll tell you how to quickly open the length! Let's go!
The essence of the tactic is that the counters running along the length are constantly flushed and cannot sell their eyes by the time you are already in the pit area. That is, you need to throw two timing flashes and either put a smoke or try to shoot the outgoing counter (for example, with AWP - cs go roulette (http://csgo-rich.ru/) will allow you to win skins for this most powerful weapon). This strategy is very dependent on your spawn, I recommend doing this discovery if you spawned on the right side of the middle - then you will have a temporary advantage over counters for one to three seconds.
However, this strategy is not a panacea: if counters run backwards throughout the entire length. However, this way they will lose precious time.
Let's take a look at this strategy in more detail. The main mistake of many players is that they throw a flash just on the run, without jumping. Such a flash drive almost does not blind the counters running along the length. The first flash drive must always be thrown from a jump. In order for the flash drive to have the maximum coverage area, it must be thrown from the corner marked by me in the screenshot above, and not directly, as most players do: then it will blind the player right on the corner if he managed to run there.
It is very important that the trajectory of the grenades be as little curved as possible - see the screenshot above. In this case, the flash drive flies further and explodes low, covering the entire length entirely. If you throw it higher, it will explode in the area behind the door and hit almost no one.
Many players do not know how to quickly get a flash drive. You need to bind it to a key - for example, bind mouse4 "slot7".
Now about the second flash drive! The second flash drive should fly out of the box already. Everyone throws it on the run and again it explodes, not reaching the length. The trajectory turns out to be wrong, respectively, the coverage area too. We need it to fly over the line shown in the screenshot above. We do the same in the jump, we throw the flash drive on the drift, thus the flash drive will not blind us when we go out and will blind the entire length. Keep in mind that if the counters run correctly in length, then only such flashes can blind them. If they run along the far wall, then the usual one will do.
With a well-executed spread, the counters do not have time to close up the box or go into the pit, since you will intercept them on the run. Your next task is to quickly get into the hole. A smoke grenade will allow you to divert the attention of enemies and calmly take a position. Sowing in the pit, you do not need to exchange fire with enemies, because in the case of a numerical advantage, they will easily crush you, or remove you from the AWP. In this position, you are assigned the role of an irritant, which will not give enemies the opportunity to tighten the teammates leaving the box. Once you occupy this area, then you just need to press the plant and win the round.
Confidentiality of CS resources consists in the possibility of access to them only for those entities (for example, users, processes or network nodes) that have the right to do so (authorized entities) (i.e., in the impossibility of access to them by unauthorized entities).
Availability of CS resources lies in the possibility of access to them by authorized subjects (always when they need it).
Integrity of CS resources lies in their integrity.
Authenticity of CS resources lies in their validity (genuineness) (i.e., in the fact that authorized subjects, when accessing resources, will receive exactly those resources that they requested access to).
In order to ensure the security of the CS, in the general case, a complex of hardware, software, administrative and conceptual tools is created, which can be generally designated as CS security system. Accordingly, the requirements for CS security systems are:
- ensuring confidentiality of CS resources;
- ensuring the availability of CS resources;
- ensuring the integrity of CS resources;
- ensuring the authenticity of CS resources.
For different resources, the content of the confidentiality, availability, integrity, and authenticity properties may be different (and for certain types of resources, some of these properties may not be suitable at all). In particular, the content of the availability property with respect to network services includes their availability and sufficient efficiency. The content of the integrity property with respect to devices or network services includes the integrity of their settings, with respect to memory, data files or programs - the absence of unauthorized modifications of their content or attributes; with respect to such a resource as processor time, it is hardly possible to talk about integrity at all. The content of the authenticity property with respect to network services can be interpreted as the validity of the servers that serve the corresponding requests, or as the validity of the data that is transmitted in response to these requests. Further specification of the properties of confidentiality, availability, integrity and authenticity of CS resources can be carried out in accordance with the possible types of access to these resources.
Threat to the security of the COP(hereinafter also simply “threat”) is the possibility of an event due to which the security of the CS will be affected (i.e., the affected confidentiality, availability, integrity and / or authenticity of the CS resources). The occurrence of this event is called implementation of the threat.
The implementation of a threat can be intentional or unintentional.
Unintentional Implementation threats may occur, for example, due to erroneous actions of CS users or unreliable operation of software or hardware KS. Therefore, the security problems of the CS are closely related to the problems of software and hardware reliability. Prevention of the implementation of security threats to the CS that arise due to insufficient reliability of the software and hardware of the CS is carried out by improving the corresponding software and hardware, redundancy at the hardware level (RAID arrays, multiprocessor computers, sources uninterruptible power supply, cluster architectures), firmware (backup domain controllers, backup routers) or at the level of data arrays (file replication, backup).
Intentional implementation threats to the security of the COP is a consequence of an attack on the COP.
The person(s) who conceived and initiated the attack is called the subject of the attack. The computer system targeted by the attack is the object of the attack.
That is, vulnerabilities create threats, or, in other words, the presence of a vulnerability is a sufficient condition for the existence of a threat. Moreover, it can be argued that any threat is a consequence of the presence of a particular vulnerability, i.e., that the presence of a vulnerability is also a necessary condition for the existence of a threat and, as a result, the implementation of a threat.
The presence of a vulnerability is not, however, a sufficient condition for the realization of a threat. To do this, you must create additional terms. The full set of conditions that leads to the realization of a threat (i.e., is sufficient for the realization of a threat) is called threat implementation mechanism(CS security). Obviously, one of these conditions should be the presence of an appropriate vulnerability (vulnerability is a necessary component of the threat implementation mechanism).
Any attack is aimed at the implementation of a particular threat, respectively, the implementation of the attack consists in the artificial creation of a mechanism for the implementation of the corresponding threat. Therefore, the presence of an appropriate vulnerability is a necessary condition for the success of an attack.
We give examples that illustrate the relationship of the concepts considered.
The lack of password encryption in the telnet and ftp protocols is a vulnerability. It causes the threat of password disclosure by listening to the information exchange behind these protocols and the possibility of carrying out attacks aimed at realizing this threat.
The lack of validation of user authorization is a vulnerability that causes a number of threats and the possibility of carrying out an appropriate number of types of attacks (in the simplest case, the threat that the program that performs input processing will be “hanged” as a result of an attack that consists in sending specially selected input data to this program).
Absence automatic check files that CS users receive via communication channels, for infection computer viruses(or insufficient effectiveness of antiviral software) is a vulnerability that causes a threat of infection of the CS software with computer viruses and the possibility of carrying out corresponding attacks.
Types of loss that may affect computer systems. Classification of threats to the security of a computer system, mechanisms for their implementation and attacks on computer systems by type of loss.
In general terms, it is obviously possible to single out the following types of loss that may affect the COP:
- violation of confidentiality of CS resources;
- violation of the availability of CS resources;
- violation of the integrity of CS resources;
- violation of the authenticity of CS resources.
Further, each of these types of loss can be classified according to the type of resource that can be directly affected by the loss. For example, it is possible to allocate such an important resource as information that is stored, processed or transmitted to the CS (therefore, information protection is one of the components of the CS security). Or, for example, a printer, disk space, communication channels, etc.
For each of the resources, different forms can be distinguished in which it can be damaged (its confidentiality, availability, integrity or authenticity are affected). These forms are diverse and for different resources, respectively. For example, for hardware resources, we can talk about such a form of integrity violation as physical destruction; for both software and hardware resources - about unauthorized changes in parameters, etc. Some universal forms of infliction of loss can also be distinguished. For example, a violation of the confidentiality, availability, integrity or authenticity of a resource as a compromise of the resource, i.e. loss of user confidence that the resource is confidential, accessible, complete and authentic (this may have direct damage associated, for example, with reinstalling software or conducting an investigation).
In accordance with this, a classification of threats to the security of the CS, mechanisms for their implementation and attacks on the CS can be carried out. The classification criterion can be defined as “the type of loss that can be caused to the CS”, and in the case of attacks, as the “target”. When classifying threats, we get such classes as “the threat of violation of integrity”, “the threat of violation of confidentiality of information”, “the threat of compromising the integrity operating system" etc. When classifying the mechanisms for the implementation of threats - “mechanism (implementation of a threat) violation of integrity”, “mechanism (implementation of a threat) violation of confidentiality of information”, “mechanism (implementation of a threat) compromising the integrity of the operating system”, etc. When classifying attacks, “attacks aimed at violating data integrity”, “attacks aimed at violating the confidentiality of communication channels” (in the latter case, “unauthorized use of communication channels” would be clearer), etc.
Programmatically initiated threat (COP security)- this is such a threat to the security of the CS, which can be realized through informational influence on this CS. Software-initiated threats can only be implemented using software tools.
Software attack (on the CS)- this is an attempt to implement one or another software-initiated threat to the security of the COP (one might say, causing a loss to the COP by software).
We emphasize that not every attack, in the implementation of which software, can be considered a software attack, but only one that is aimed at implementing one or another software-initiated threat.
For the type of damage that can be caused to the CS, software-initiated security threats to the CS and software attacks can belong to any of the types identified above, with the exception, perhaps, of those associated with the physical destruction of the CS.