 JuggernautIrreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC |
to jtl999
Re: ddos attackNot really. You can't hit what you can't reach. Try it, and see. |
|
 kevinds
Premium Member
join:2003-05-01
Calgary, AB |
kevinds
Premium Member
2013-Feb-16 11:31 pm
But the internet interface is what gets hit, with NAT, the LAN router IP isn't really accessable from the internet, so it doesn't matter.
Additionally, most consumer routers, are you not able to enter anything but the 192.168.0.0/16 network. |
|
JuggernautIrreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC |
If that were true, the OP wouldn't have a problem, as Shaw would take the hit, not him.
Some do slide past the WAN.
Not true. You can change most router LAN's easily. |
|
kevinds
Premium Member
join:2003-05-01
Calgary, AB |
kevinds
Premium Member
2013-Feb-17 12:25 am
Change most router LAN addresses easily, yes, but many will only allow the 192.168.0.0/16 network, and won't let you enter the 172.16.0.0/16 network nor the 10.0.0.0/8 network...
If you are getting ddos attacked, it is your external IP address getting hit, not your internal LAN address.
If your router is powerful enough, then your router will handle it, if it isn't, then you are going to be wanting to change your IP address.
Shaw passes along the traffic as an ISP should. Changing your LAN addresses are not going to help. |
|
JuggernautIrreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC |
All of my routers have allowed me to change LAN IP's. quote:
If you are getting ddos attacked, it is your external IP address getting hit, not your internal LAN address.
That's precisely what I've previously stated. Changing LAN addies can indeed help with online gaming attacks. |
|
kevinds
Premium Member
join:2003-05-01
Calgary, AB |
kevinds
Premium Member
2013-Feb-17 12:35 am
I didn't say not allowed, many I have used/configured will only allow 192.168.0.0-192.168.255.254 for LAN IP, not 10.0.0.0 addresses.
If your external IP 24.76.55.84 (for example) is getting DDOS attacked, how is changing your LAN IP from 192.168.1.1 to 10.0.5.200 going to help? |
|
JuggernautIrreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC |
From what I've experienced, the 192.x.x.x LAN IP seems to be a common attack vector regardless of the WAN IP. Perhaps it's because it's common? I'm not sure to be truthful.
I have noticed these hits are far less common on the 10.x.x.x internal IP's though. |
|
kevinds
Premium Member
join:2003-05-01
Calgary, AB |
kevinds
Premium Member
2013-Feb-17 12:56 am
Or maybe you're just behaving yourself more online? haha |
|
JuggernautIrreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC |
Heh! Not really, but I like that theory.  |
|
18286719 (banned)
join:2013-02-02
Whistler, BC |
18286719 (banned)
Member
2013-Feb-17 3:36 am
just to be clear, a ddos attack attacks the modem through the ip address, and it will either temporarily flood the ip with all the data it has or will continually flood the ip untill the booter is turned off (seems to be my situation) earlier i had my network up and running regardless of the fix, i was asking questions so if it happens again i can quickly grab a new ip, and u guys did a good job of helping me with this, the mac adress method did work as when i checked ipchicken it was giving me a dif ip after changing the mac and rebooting the router, however, even after i thought i had changed ip's, i was still getting hit off from the same guy booting the same ip he pulled from me last night, wich means that the mac adress wasnt accually changing the ip somewhere, even tho it said it was, i think in one of the first posts in this thread someone said, when u change the mac it tricks shaw into thinking the ip is different even tho its accually not, or they said something like that |
|
18286719
1 edit |
18286719 (banned)
Member
2013-Feb-17 3:38 am
nvm, my internal adress is NOT being hit, my external address is being hit |
|
kevinds
Premium Member
join:2003-05-01
Calgary, AB |
to ShawUserX
Giving out 127.0.45.3 would be even better to give out for people to try and do bad things to... Surprisingly enough, people have tried to get me in the past with that IP...
-Posted from my phone |
|
18286719 (banned)
join:2013-02-02
Whistler, BC |
18286719 (banned)
Member
2013-Feb-17 3:44 am
but when i called shaw and asked to change ip, they said all i could do was restart and hope, but its not garaunteed to change, then when i spoke to a supervisor he said in order to grab a new dynamic ip i would need to have the router of for 4 hours and wait for someone else to take the ip i had (lmao cause its being hit offline), my router has been off for 5 hours now and im connected on my telus network, getting tempted to turn it back on and hope for the best. |
|
18286719
1 edit |
18286719 (banned)
Member
2013-Feb-17 3:50 am
whats the difference between my external ip address and the ip address shown on ip chicken, cause i know my ip changed on ip chicken and i was still getting hit offline on the same ip that i was being hit off on originally because it was impossible for the booter to acquire my new ip |
|
|
kevinds
Premium Member
join:2003-05-01
Calgary, AB |
kevinds
Premium Member
2013-Feb-17 3:54 am
They are the same,
Your router will have an internal ip address, 192.168.1.1 and an external IP from Shaw, ipchicken.com will show you the external address.
4-5 hours may not be long enough, default lease time is 48 hours.
Did changing your MAC address not help?
-Posted from my phone |
|
kevinds
1 edit |
to 18286719
Delete. |
|
| kevinds |
to 18286719
If whatever device is connecting online that they are 'mad' at you for, website, game-name, ect, it can/will update them with your new IP when you sign back in, could this be it?
But yeah, ddos attacks are annoying (couple days ago was getting around 1,000+ login attempts on one of my servers each minute) its annoying, but a good router is key. |
|
| |
xtachx
Member
2013-Feb-17 6:10 am
said by kevinds:If whatever device is connecting online that they are 'mad' at you for, website, game-name, ect, it can/will update them with your new IP when you sign back in, could this be it?
But yeah, ddos attacks are annoying (couple days ago was getting around 1,000+ login attempts on one of my servers each minute) its annoying, but a good router is key.
I have a question with such DDOS attacks. If no ports are forwarded on the router side, wouldnt the packets just be ignored? Also, in case of a bridged connection, if I have a script like fail2ban, does it just ignore the packets once a host has got a ban, or does it still cause the computer to slow down etc.? |
|
 your moderator at work
 hidden :
|
kevinds
Premium Member
join:2003-05-01
Calgary, AB
1 edit |
to xtachx
Re: ddos attackIts usually the router that gets hammered, the router can't handle it, and crashes.
Sometimes the connection, It doesn't take that much to send 10 mbps of garbage traffic to an IP with ddos. |
|
| kevinds |
to xtachx
said by dasman09 :A normal internet user is highly unlikely to get DoS'ed. The best recommendation in this case is to avoid doing douchie things that invite DoS attacks. |
|
18286719 (banned)
join:2013-02-02
Whistler, BC |
18286719 (banned)
Member
2013-Feb-17 4:58 pm
define a normal internet user, here in the world of competitive call of duty ddos is a daily routine for many players just to get there wins, i even watched a pro team loose a tournament qualifier on livestream the other day cause 2 of them were getting ddos, so yes a normal internet user probably isnt likely to incur a ddos attack, but when ur beating someone in a game and then can just hit u off for the win, the douchy people r usually the ones attacking, usually the people getting hit are innocent. as far as my connection goes the mac adress thing worked to change my ip but i dont know how i was still getting hit of originally, maybe the modem was just overwealmed, either way my connection is working now so hopefully i dont get another attack for a while |
|
kevinds
Premium Member
join:2003-05-01
Calgary, AB |
kevinds
Premium Member
2013-Feb-17 6:50 pm
Then get a better router... Dual-Core 1.5 GHz with 1GB ram should be overkill...
-Posted from my phone |
|
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO
|
to Juggernaut
said by Juggernaut:From what I've experienced, the 192.x.x.x LAN IP seems to be a common attack vector regardless of the WAN IP. Perhaps it's because it's common? I'm not sure to be truthful.
I have noticed these hits are far less common on the 10.x.x.x internal IP's though.
You have no idea what you are talking about. No one can reach 192.168.x.x from another network. That not what they are attacking, they are attacking the WAN IP which is provided by the ISP, changing the LAN IP does nothing. They cant hit the 192.168.x.x they cant hit the 10.x.x.x it no different. |
|
 pfak
Premium Member
join:2002-12-29
Vancouver, BC |
pfak to xtachx
Premium Member
2013-Feb-17 11:19 pm
to xtachx
said by xtachx:I have a question with such DDOS attacks. If no ports are forwarded on the router side, wouldnt the packets just be ignored? DDoS will cause your downstream or upstream to be saturated, thus preventing legitimate traffic from reaching the intended destination. Replacing your router is not going to resolve the problem. Having cooperation from your ISP to filter traffic, or stop pissing off people is the best result  |
|
| |
xtachx
Member
2013-Feb-18 12:01 am
said by pfak:said by xtachx:I have a question with such DDOS attacks. If no ports are forwarded on the router side, wouldnt the packets just be ignored? DDoS will cause your downstream or upstream to be saturated, thus preventing legitimate traffic from reaching the intended destination. Replacing your router is not going to resolve the problem. Having cooperation from your ISP to filter traffic, or stop pissing off people is the best result So I guess in this case, we would need cooperation from the host ISP. Its funny how someone can be DDOSed and he/she will go over their bandwidth caps for no fault of his/ hers. |
|
pfak
Premium Member
join:2002-12-29
Vancouver, BC |
pfak
Premium Member
2013-Feb-18 12:58 am
said by xtachx: Its funny how someone can be DDOSed and he/she will go over their bandwidth caps for no fault of his/ hers.
Doubtful that it's unwarranted. The original poster is not a business, and therefore there is no benefit of DDoSing them for extortion or otherwise .. |
|
kevinds
Premium Member
join:2003-05-01
Calgary, AB |
to pfak
Upstream no, because your router should simply drop the traffic, and not respond to it.
Downstream, possible, but unlikely with faster internet speeds. 10 mbps wouldn't be hard to saturate with ddos, 25 and up, significantly harder... |
|
| |
to 18286719
If you are getting attacked, I would suggest unplugging your modem and taking it to Mcdonalds for a big mac. Come back, get a new MAC for your router, plug the modem back in and enjoy a new dynamic IP. For whoever gets your old one, sucks to be them. Or, you could just stop being an idiot online and get rid of any mic's you have. |
|
pfak
Premium Member
join:2002-12-29
Vancouver, BC |
to kevinds
said by kevinds:Upstream no, because your router should simply drop the traffic, and not respond to it.
Downstream, possible, but unlikely with faster internet speeds. 10 mbps wouldn't be hard to saturate with ddos, 25 and up, significantly harder...
Upstream can be saturated by causing the router to respond to requests, via ICMP Ping or other services (eg. UPnP). 25Mbps is a ridiculously small DDoS attack. I suggest you do some reading |
|
