Hey everyone, looks like you all decided to invoke me so here I am. Here is everything I know about the Xbox DDoSing issue and why it is a problem only related to Xbox and really has nothing to do with Overwatch. This problem has been known to affect multiple games (not just Overwatch). It is related to the system party chat feature which is a peer-to-peer service which is why your IP address can be exposed. Blizzard Technical Support Representative Drakuloth has posted full details which I will copy here:
I wanted to take some time here to talk about what a DDoS attack is and is not, since there seems to be some misunderstanding here in this thread. I’m also going to provide some general tips to help with connection issues. This is going to be a somewhat long post because there are a few inaccurate things in this topic that I need to correct, so bear with me. I want to make sure I’m helping you all avoid making your IPs vulnerable to anybody who might do this sort of thing. Hopefully it helps anybody reading understand this all a bit better.
What is a Denial of Service attack and how does it work?
So let’s start with what a Denial of Service attack is. A Denial of Service attack happens when a person or organization floods a specific router with a bunch of requests by targeting its IP address. The router eventually becomes overwhelmed, resulting in connection issues for anybody who needs to use that router as long as the router is under attack. A Denial of Service attack is only a “Distributed Denial of Service” (DDoS) attack if it targets a router that affects many thousands of users. The fact that it targets a major internet router somewhere is what makes the attack “Distributed.” In the rare event that one of you are actually suffering a Denial of Service attack specifically, that is not a Distributed attack, it’s just a DoS attack. While mostly semantics, I thought that might be good to know for your personal information.
So they need my IP to do a Denial of Service Attack. How do they get it?
Without going into the actual process by which this is done (I don’t want to encourage any more people to do this, because it’s illegal), it starts by having a Peer to Peer connection with another person. I’m bringing this up specifically because it is impossible for someone to get your IP address from within Overwatch. We do not use any Peer to Peer connectivity in Overwatch - as both your game connections and Vivox go through our centralized servers.
Currently, some Party Chat on Xbox Live goes through Peer to Peer, but this is a problem that Microsoft is currently working on . Because Peer to Peer connections do not occur within Overwatch, your best chance at avoiding such an attack is to never join an Xbox Party Chat Request from someone you do not trust. If you only use Overwatch in game chat to communicate, you will not have your IP exposed, since all traffic goes through a centralized server.
I may have exposed my IP address and I think I’m being attacked. What do I do?
Please note that there is nothing that we can do to help you with a Denial of Service attack, because we have no control over your IP address. Similarly, if you are disconnecting from the game for any reason, we do not remove leaver penalties . If you’re regularly disconnecting, you need to troubleshoot the disconnections , and if you think you’re disconnecting due to a DoS attack, that means reaching out to your Internet Service Provider.
Since a DoS attack requires your IP address, the easiest way to fix it is to contact your ISP and ask them to change your IP address. Once they do this, the attacks should stop (unless you join a Peer to Peer service with someone and expose your IP address again.) With that in mind, if you continue to disconnect after changing your IP address, you were not experiencing a DoS attack. You’d want to do normal connection troubleshooting instead.
I hope this covers a bit about the situation and how you can avoid being DoSed, or fix situations where you’re in a position to be DoSed. Note that beyond providing this information, there’s nothing else we can do as support. If you run into any other issues, however, feel free to create a new topic about them.