RMT DDoS Revenge?

FFXI will be affected since all of their servers are in Japan sharing the same Cogent path between North America and Tokyo. It's either a DDoS messing up their ***or it's Cogent Network. The fact that it's been going on all day, they could have worked with Cogent by now if it wasn't a DDoS. So, It could be a DDoS because Cogent rates are cheaper than NTT rates and they have to pay the bandwidth bill. Or I could be wrong because I just spoke to some Japanese guy in game and he said he hasn't had any issues yet... So... Maybe Square hasn't even contacted Cogent yet or withdrawn routes from Cogent to divert us from that path, so their monitoring sucks.

FFXIV should be okay in other regions... since they have multiple data centers in different regions. Unless they are stupid and use the same authentication server for multiple regions.

FFXI packet loss to Tokyo:
|------------------------------------------------------------------------------------------|
| WinMTR statistics |
| Host - % | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
| cellspot.router - 4 | 590 | 568 | 0 | 5 | 110 | 2 |
| 142.254.237.93 - 1 | 678 | 677 | 9 | 18 | 124 | 12 |
| agg53.lsaicaev02h.socal.rr.com - 1 | 678 | 677 | 10 | 20 | 127 | 11 |
| 72.129.19.22 - 0 | 682 | 682 | 10 | 24 | 125 | 16 |
| agg26.tustcaft01r.socal.rr.com - 1 | 678 | 677 | 12 | 24 | 131 | 19 |
| ae-5-0.cr0.chi10.tbone.rr.com - 0 | 682 | 682 | 13 | 26 | 129 | 22 |
| 66.109.5.247 - 0 | 682 | 682 | 12 | 23 | 139 | 15 |
| ae3.cr7-lax2.ip4.gtt.net - 0 | 682 | 682 | 12 | 26 | 133 | 25 |
| be3258.ccr41.lax04.atlas.cogentco.com - 0 | 682 | 682 | 13 | 25 | 149 | 14 |
| be3360.ccr42.lax01.atlas.cogentco.com - 0 | 682 | 682 | 12 | 23 | 149 | 23 |
| be3177.ccr22.sjc01.atlas.cogentco.com - 1 | 678 | 677 | 25 | 35 | 143 | 28 |
| be3179.ccr22.sfo01.atlas.cogentco.com - 0 | 682 | 682 | 24 | 36 | 148 | 30 |
| be3694.ccr21.pdx01.atlas.cogentco.com - 1 | 674 | 672 | 76 | 88 | 189 | 82 |
| be3701.ccr21.hkg02.atlas.cogentco.com - 4 | 598 | 577 | 188 | 199 | 283 | 198 |
| be3690.ccr21.tyo01.atlas.cogentco.com - 4 | 598 | 577 | 173 | 185 | 297 | 177 |
|be3723.rcr51.b060372-1.tyo01.atlas.cogentco.com - 4 | 598 | 577 | 174 | 187 | 297 | 182 |
| square-enix.demarc.cogentco.com - 4 | 598 | 577 | 174 | 187 | 297 | 181 |
| 61.195.56.165 - 4 | 598 | 577 | 168 | 182 | 278 | 173 |
| 219.117.144.78 - 4 | 594 | 572 | 175 | 189 | 321 | 188 |
| 219.117.144.49 - 4 | 591 | 569 | 168 | 181 | 287 | 175 |
| 219.117.146.129 - 4 | 598 | 577 | 173 | 185 | 296 | 177 |
| 219.117.146.182 - 4 | 594 | 572 | 175 | 186 | 270 | 184 |
| 124.150.152.208 - 4 | 594 | 572 | 174 | 186 | 276 | 179 |
|________________________________________________|______|______|______|______|______|______|
WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider



FFXIV North America, no packet loss, just ICMP filtering:

|------------------------------------------------------------------------------------------|
| WinMTR statistics |
| Host - % | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
| cellspot.router - 11 | 505 | 451 | 1 | 4 | 73 | 24 |
| 142.254.237.93 - 0 | 720 | 720 | 9 | 18 | 76 | 21 |
| agg53.lsaicaev02h.socal.rr.com - 0 | 720 | 720 | 12 | 21 | 82 | 22 |
| 72.129.19.22 - 0 | 720 | 720 | 10 | 22 | 79 | 23 |
| agg26.tustcaft01r.socal.rr.com - 0 | 720 | 720 | 12 | 23 | 74 | 15 |
| ae-5-0.cr0.chi10.tbone.rr.com - 0 | 720 | 720 | 13 | 24 | 73 | 23 |
| 66.109.5.247 - 0 | 720 | 720 | 12 | 21 | 74 | 23 |
| ae3.cr7-lax2.ip4.gtt.net - 0 | 720 | 720 | 12 | 23 | 87 | 21 |
| ae16.cr0-mtl1.ip4.gtt.net - 0 | 720 | 720 | 74 | 85 | 156 | 77 |
| iweb-gw.ip4.gtt.net - 0 | 720 | 720 | 74 | 85 | 211 | 79 |
| ae0.cr5.mtl.iweb.com - 1 | 708 | 705 | 74 | 83 | 140 | 77 |
| te7-4.dr9.mtl.iweb.com - 0 | 720 | 720 | 74 | 85 | 265 | 78 |
| 70.38.72.102 - 0 | 720 | 720 | 74 | 84 | 142 | 77 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 144 | 0 | 0 | 0 | 0 | 0 |
|________________________________________________|______|______|______|______|______|______|
WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider

The weekly cap to sparccolades is going to backfire in such as horrible way. You thought 300m alexandrite base mythic prices were bad...

This is possibly the worst way they could have "countered" RMT measures. They could have linked it to something annoyingly simple, like completing a random deeds quest or killing random unm every time you want to reset. No RMT would ever waste their time doing that and legitimate players would hardly be inconvenienced, plus it would help them in other ways. SE is so lost lol

at first looks like a good idea but most ppl do sparkcolades during gain exp (time pressure). if you pull the random RoE from the full set of RoEs ppl can end up with time consuming once and are basically screwed again and if you pull them from a limited pool of RoEs then RMT will just write bots for those.
maybe if the completion of the random RoE out of the full list would make up for the time loss, otherwise it be a suboptimal solution.

Making a cap for everyone is a suboptimal solution that will harm your players far more than RMT. Sparks is one fraction of everything else RMT bot. Take one step forward two back in actually fighting RMT

entirely dependant on where they choose the cap to be and the time frame it resets itself. there is a good chance that it will not interfer with regular players farming behaviour at all.
we'll have to wait and see after the update.

"RMT DDoS Revenge?" was my first thought also yesterday but who knows..

This will end up being such a stupid decision I fear, depending on the cap.

Not only will RMT go farm other stuff that annoys everyone else like ambuscade, currency etc they will also go back to hacking peoples accounts via unsecured websites and the like. Also yeah, DDOS is gonna come, these people are effectively getting their income taken away, they aren't just going to eat that without throwing a tantrum.

So many people got trojans injected on their computers from somepage, and lost vast amounts of gil and accounts...among other things.

The more the developers crack down on the RMT, the more savage they will become. To be more accurate, the milk toast RMT will leave and so prices will rise and that will encourage more cut-throat sellers to enter the market.

The best way to stop RMT is to lower the importance of gil, the DI changes were a prime example of this.

Are people still having trouble connecting?

All seems fine atm, remains to see what happens around the same time today. I had 0 issues btw on all accounts.

So it might have been a bad route for North Americans to Tokyo as they have changed to their alternative path using NTT provider which costs a premium:

|------------------------------------------------------------------------------------------|
| WinMTR statistics |
| Host - % | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
| cellspot.router - 0 | 30 | 30 | 1 | 2 | 6 | 2 |
| 142.254.237.93 - 0 | 30 | 30 | 11 | 17 | 28 | 23 |
| agg53.lsaicaev02h.socal.rr.com - 0 | 30 | 30 | 13 | 19 | 29 | 16 |
| 72.129.19.22 - 0 | 30 | 30 | 12 | 21 | 30 | 20 |
| agg26.tustcaft01r.socal.rr.com - 0 | 30 | 30 | 15 | 22 | 36 | 21 |
| ae-5-0.cr0.chi10.tbone.rr.com - 0 | 30 | 30 | 16 | 22 | 37 | 20 |
| 66.109.5.247 - 0 | 30 | 30 | 14 | 20 | 32 | 21 |
| ae3.cr7-lax2.ip4.gtt.net - 0 | 30 | 30 | 15 | 20 | 52 | 19 |
| ae2.cr3-lax2.ip4.gtt.net - 0 | 30 | 30 | 16 | 22 | 49 | 25 |
| as2914.cr4-lax2.ip4.gtt.net - 0 | 30 | 30 | 16 | 20 | 29 | 21 |
| ae-3.r23.lsanca07.us.bb.gin.ntt.net - 0 | 30 | 30 | 15 | 21 | 38 | 21 |
| ae-12.r31.tokyjp05.jp.bb.gin.ntt.net - 0 | 30 | 30 | 110 | 117 | 136 | 115 |
| ae-3.r00.tokyjp08.jp.bb.gin.ntt.net - 0 | 30 | 30 | 126 | 131 | 141 | 130 |
| ae-0.a00.tokyjp08.jp.bb.gin.ntt.net - 0 | 30 | 30 | 118 | 124 | 142 | 123 |
|xe-0-0-8-1.a00.tokyjp08.jp.ce.gin.ntt.net - 0 | 30 | 30 | 119 | 128 | 198 | 120 |
| 219.117.144.66 - 0 | 30 | 30 | 119 | 127 | 168 | 120 |
| 219.117.144.45 - 0 | 30 | 30 | 111 | 117 | 135 | 115 |
| 219.117.146.129 - 0 | 30 | 30 | 118 | 123 | 143 | 122 |
| 219.117.146.182 - 0 | 30 | 30 | 120 | 127 | 152 | 122 |
| 124.150.152.208 - 0 | 30 | 30 | 119 | 125 | 141 | 120 |
|________________________________________________|______|______|______|______|______|______|


If we still get knocked off tonight, then it's a DDoS.

I was waiting for next gain exp on Wednesday afternoon (my time US midwest central time zone) to decide if there was somebody being butthurt.

To be fair, RMT hacking people's accounts is just a way of life to them.

are ppl still having connection problems?
what server does the ip adress 124.150.152.208 conncet to? asura?

Don't think so. At least I haven't since they fixed their ***.

Think you hit the nail on the head, just saw local news with a story on how networks are showing their weaknesses during the covid time and how they are making the internet better than what it was.