dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4044
share rss forum feed


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
reply to jtl999

Re: ddos attack

Not really. You can't hit what you can't reach. Try it, and see.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
But the internet interface is what gets hit, with NAT, the LAN router IP isn't really accessable from the internet, so it doesn't matter.

Additionally, most consumer routers, are you not able to enter anything but the 192.168.0.0/16 network.

--
Yes, I am not employed and looking for IT work. Have passport, will travel.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
If that were true, the OP wouldn't have a problem, as Shaw would take the hit, not him.

Some do slide past the WAN.

Not true. You can change most router LAN's easily.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
Change most router LAN addresses easily, yes, but many will only allow the 192.168.0.0/16 network, and won't let you enter the 172.16.0.0/16 network nor the 10.0.0.0/8 network...

If you are getting ddos attacked, it is your external IP address getting hit, not your internal LAN address.

If your router is powerful enough, then your router will handle it, if it isn't, then you are going to be wanting to change your IP address.

Shaw passes along the traffic as an ISP should. Changing your LAN addresses are not going to help.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
All of my routers have allowed me to change LAN IP's.

quote:
If you are getting ddos attacked, it is your external IP address getting hit, not your internal LAN address.
That's precisely what I've previously stated.

Changing LAN addies can indeed help with online gaming attacks.
--
"I fear the day that technology will surpass our human interaction. The world will have a generation of idiots." ~ Albert Einstein

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
I didn't say not allowed, many I have used/configured will only allow 192.168.0.0-192.168.255.254 for LAN IP, not 10.0.0.0 addresses.

If your external IP 24.76.55.84 (for example) is getting DDOS attacked, how is changing your LAN IP from 192.168.1.1 to 10.0.5.200 going to help?
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
From what I've experienced, the 192.x.x.x LAN IP seems to be a common attack vector regardless of the WAN IP. Perhaps it's because it's common? I'm not sure to be truthful.

I have noticed these hits are far less common on the 10.x.x.x internal IP's though.
--
"I fear the day that technology will surpass our human interaction. The world will have a generation of idiots." ~ Albert Einstein

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Or maybe you're just behaving yourself more online? haha


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
Heh! Not really, but I like that theory.


18286719

join:2013-02-02
Whistler, BC
reply to 18286719
just to be clear, a ddos attack attacks the modem through the ip address, and it will either temporarily flood the ip with all the data it has or will continually flood the ip untill the booter is turned off (seems to be my situation) earlier i had my network up and running regardless of the fix, i was asking questions so if it happens again i can quickly grab a new ip, and u guys did a good job of helping me with this, the mac adress method did work as when i checked ipchicken it was giving me a dif ip after changing the mac and rebooting the router, however, even after i thought i had changed ip's, i was still getting hit off from the same guy booting the same ip he pulled from me last night, wich means that the mac adress wasnt accually changing the ip somewhere, even tho it said it was, i think in one of the first posts in this thread someone said, when u change the mac it tricks shaw into thinking the ip is different even tho its accually not, or they said something like that


18286719

join:2013-02-02
Whistler, BC

1 edit
reply to 18286719
nvm, my internal adress is NOT being hit, my external address is being hit

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
reply to ShawUserX
Giving out 127.0.45.3 would be even better to give out for people to try and do bad things to... Surprisingly enough, people have tried to get me in the past with that IP...

-Posted from my phone


18286719

join:2013-02-02
Whistler, BC
reply to 18286719
but when i called shaw and asked to change ip, they said all i could do was restart and hope, but its not garaunteed to change, then when i spoke to a supervisor he said in order to grab a new dynamic ip i would need to have the router of for 4 hours and wait for someone else to take the ip i had (lmao cause its being hit offline), my router has been off for 5 hours now and im connected on my telus network, getting tempted to turn it back on and hope for the best.


18286719

join:2013-02-02
Whistler, BC

1 edit
whats the difference between my external ip address and the ip address shown on ip chicken, cause i know my ip changed on ip chicken and i was still getting hit offline on the same ip that i was being hit off on originally because it was impossible for the booter to acquire my new ip

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
They are the same,
Your router will have an internal ip address, 192.168.1.1 and an external IP from Shaw, ipchicken.com will show you the external address.

4-5 hours may not be long enough, default lease time is 48 hours.

Did changing your MAC address not help?

-Posted from my phone

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3

1 edit
reply to 18286719
Delete.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
reply to 18286719
If whatever device is connecting online that they are 'mad' at you for, website, game-name, ect, it can/will update them with your new IP when you sign back in, could this be it?

But yeah, ddos attacks are annoying (couple days ago was getting around 1,000+ login attempts on one of my servers each minute) its annoying, but a good router is key.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.

xtachx

join:2005-11-19
canada
Reviews:
·voip.ms
said by kevinds:

If whatever device is connecting online that they are 'mad' at you for, website, game-name, ect, it can/will update them with your new IP when you sign back in, could this be it?

But yeah, ddos attacks are annoying (couple days ago was getting around 1,000+ login attempts on one of my servers each minute) its annoying, but a good router is key.

I have a question with such DDOS attacks. If no ports are forwarded on the router side, wouldnt the packets just be ignored?

Also, in case of a bridged connection, if I have a script like fail2ban, does it just ignore the packets once a host has got a ban, or does it still cause the computer to slow down etc.?
--
Bell Canada: It is “Preposterous" that consumers should get content they want on their cellphones.
Expand your moderator at work

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw

1 edit
reply to xtachx

Re: ddos attack

Its usually the router that gets hammered, the router can't handle it, and crashes.

Sometimes the connection, It doesn't take that much to send 10 mbps of garbage traffic to an IP with ddos.

--
Yes, I am not employed and looking for IT work. Have passport, will travel.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
reply to xtachx
said by dasman09 :

A normal internet user is highly unlikely to get DoS'ed. The best recommendation in this case is to avoid doing douchie things that invite DoS attacks.


--
Yes, I am not employed and looking for IT work. Have passport, will travel.


18286719

join:2013-02-02
Whistler, BC
define a normal internet user, here in the world of competitive call of duty ddos is a daily routine for many players just to get there wins, i even watched a pro team loose a tournament qualifier on livestream the other day cause 2 of them were getting ddos, so yes a normal internet user probably isnt likely to incur a ddos attack, but when ur beating someone in a game and then can just hit u off for the win, the douchy people r usually the ones attacking, usually the people getting hit are innocent. as far as my connection goes the mac adress thing worked to change my ip but i dont know how i was still getting hit of originally, maybe the modem was just overwealmed, either way my connection is working now so hopefully i dont get another attack for a while

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Then get a better router... Dual-Core 1.5 GHz with 1GB ram should be overkill...

-Posted from my phone


Napsterbater
Meh
Premium,MVM
join:2002-12-28
Milledgeville, GA
Reviews:
·Windstream
reply to Juggernaut
said by Juggernaut:

From what I've experienced, the 192.x.x.x LAN IP seems to be a common attack vector regardless of the WAN IP. Perhaps it's because it's common? I'm not sure to be truthful.

I have noticed these hits are far less common on the 10.x.x.x internal IP's though.

You have no idea what you are talking about.

No one can reach 192.168.x.x from another network. That not what they are attacking, they are attacking the WAN IP which is provided by the ISP, changing the LAN IP does nothing. They cant hit the 192.168.x.x they cant hit the 10.x.x.x it no different.
--
ASUS M4A79T Deluxe | AMD Phenom II x3 720 BE AM3 w/4 Cores @ 3.41Ghz(OC) | 4Gb DDR3 Memory @ 1600mhz | Sapphire ATI HD4870 1GB 800mhz/1000mhz(OC) | 2x500GB HDD's Raid 0 | Windows 7 Ultimate x64 Build 7600 (RTM) | Windstream DSL 12m (14.9m Sync)/766k


pfak
Premium
join:2002-12-29
Vancouver, BC
reply to xtachx
said by xtachx:

I have a question with such DDOS attacks. If no ports are forwarded on the router side, wouldnt the packets just be ignored?

DDoS will cause your downstream or upstream to be saturated, thus preventing legitimate traffic from reaching the intended destination.

Replacing your router is not going to resolve the problem. Having cooperation from your ISP to filter traffic, or stop pissing off people is the best result
--
The more I C, the less I see.

xtachx

join:2005-11-19
canada
Reviews:
·voip.ms
said by pfak:

said by xtachx:

I have a question with such DDOS attacks. If no ports are forwarded on the router side, wouldnt the packets just be ignored?

DDoS will cause your downstream or upstream to be saturated, thus preventing legitimate traffic from reaching the intended destination.

Replacing your router is not going to resolve the problem. Having cooperation from your ISP to filter traffic, or stop pissing off people is the best result

So I guess in this case, we would need cooperation from the host ISP. Its funny how someone can be DDOSed and he/she will go over their bandwidth caps for no fault of his/ hers.
--
Bell Canada: It is “Preposterous" that consumers should get content they want on their cellphones.


pfak
Premium
join:2002-12-29
Vancouver, BC
said by xtachx:

Its funny how someone can be DDOSed and he/she will go over their bandwidth caps for no fault of his/ hers.

Doubtful that it's unwarranted. The original poster is not a business, and therefore there is no benefit of DDoSing them for extortion or otherwise ..
--
The more I C, the less I see.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
reply to pfak
Upstream no, because your router should simply drop the traffic, and not respond to it.

Downstream, possible, but unlikely with faster internet speeds. 10 mbps wouldn't be hard to saturate with ddos, 25 and up, significantly harder...
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


rustydusty

join:2009-09-29
Red Deer, AB
reply to 18286719
If you are getting attacked, I would suggest unplugging your modem and taking it to Mcdonalds for a big mac. Come back, get a new MAC for your router, plug the modem back in and enjoy a new dynamic IP. For whoever gets your old one, sucks to be them. Or, you could just stop being an idiot online and get rid of any mic's you have.


pfak
Premium
join:2002-12-29
Vancouver, BC
reply to kevinds
said by kevinds:

Upstream no, because your router should simply drop the traffic, and not respond to it.

Downstream, possible, but unlikely with faster internet speeds. 10 mbps wouldn't be hard to saturate with ddos, 25 and up, significantly harder...

Upstream can be saturated by causing the router to respond to requests, via ICMP Ping or other services (eg. UPnP).

25Mbps is a ridiculously small DDoS attack. I suggest you do some reading
--
The more I C, the less I see.