I wonder if it's as simple as the attackers somehow getting their victims' IPs (maybe through some intelligent human-guided port-scanning?) & then firing the DDoS.
The alternative could be that there's some sort of common protocol the gaming sites are using that allows attackers to send malformed packets to other users (like a specially-crafted invalid private message packet) and there's no server-side validation of the packets.
Either way, I can't wait to see what they turn up.
The alternative could be that there's some sort of common protocol the gaming sites are using that allows attackers to send malformed packets to other users (like a specially-crafted invalid private message packet) and there's no server-side validation of the packets.
Either way, I can't wait to see what they turn up.