dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4068
share rss forum feed


18286719

join:2013-02-02
Whistler, BC

ddos attack

i just got ddos from some angry person on xbox, on my old telus connection i would just unplug my modem for 30 seconds restart and i would get a new ip and be good to play as soon as the connection was back up, with this connection, the cisco modem will not grab a new ip, why? i thought im suppose to have a dynamic ip with shaw and i cant get my connection back up been trying over an hour now

and also how the heck do i directly connect to the cisco cause i even tried wiring my computer directly to it and typing in the address on the side 192.168.0.1 and i couldnt get to a router or wi fi setup or anything


jtl999
CEO of Actiontec Dev Team

join:2012-11-24
In the GVRD
kudos:4
Does the Cisco have MAC Address clone?
If not use bridge mode.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
No, there wouldn't be a reason to have access to that...

Yes, IP addresses are dynamic, but they don't change all that often.

If you want to change your IP on demand, you have to change the MAC address pulling the IP.

So as @jtl999 said, you have to bridge it, and then you can change the MAC address of the device plugged into the modem (or own router or a computer you have connected)
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


18286719

join:2013-02-02
Whistler, BC
i am bridged now, i thought this was the problem tho as it didnt let me get into the modem settings, when i talked to shaw they said the only way to loose my ip was to turn my network off, and wait upto 4 hours, and the only way i will get a new one is if someone takes my old one, could u explain how changing the mac address would force my modem to grab a new ip

also i just got off the phone with shaw and they said the line that my internet was installed on the other day is to weak and they dont know why it was installed on that line so i have a tech coming sunday to fix it (pretty funny the guy who originally installed it couldnt do his job right, he specifically said the line had a good signal)


jtl999
CEO of Actiontec Dev Team

join:2012-11-24
In the GVRD
kudos:4
The DHCP server assigns IP's by using the MAC address and the HFC MAC. Changing either of these will change your IP.


18286719

join:2013-02-02
Whistler, BC
ok so i can change my mac adress through the d link router settings? i have a dir 655 where in the settings should i do this

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw

1 edit
MAC Clone in internet settings

Clone from your computer, or make something up numbers and letters A through F.

Your modem will have a max of 2 IP addresses, maybe only one, so after you change the MAC address, you may have to power cycle your modem, and then your router again to pull an IP.

--
Yes, I am not employed and looking for IT work. Have passport, will travel.


18286719

join:2013-02-02
Whistler, BC
mac clone section isnt there

there is 4 main categories with settings

Setup (gives dchp reservation and shows mac adress for devices but gives me no option to change it)

Advanced (nothing in here to do with mac adress at all)

Tool (pretty sure its not in here

Status( i know its not in here)

to be clear, im trying to change the mac adress on my cisco modem through my d link router? and its suppose to be done in bridge mode this way?

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
Bridge mode makes your modem/router combo unit into just a modem.

Need to change the WAN MAC address of your router,

Where you select Dynamc IP as your internet type,

There is a screen that asks Host Name and a few other boxes,
MAC Address should be at the bottom

»www.dlink.com/us/en/support/prod···3pdf.pdf

Page 21
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


18286719

join:2013-02-02
Whistler, BC
Click for full size
ok so before i screw something up on my router i wanna make sure what im doing is right, i got to the internet settings where it lets me choose my internet connection type (dynamic ip) i have screenshot the page im at, so im assuming i just need to enter a new mac adress, if anyone can tell me what numbers or letters i should be replacing on the mac adress that would be much appreciated.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Clone PC will copy it from your computer,

but any numbers and letters A-F, just follow the pattern (6 groups of 2)
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


18286719

join:2013-02-02
Whistler, BC

1 edit
so i can type in absolutely any random numbers and letters

ex, if i type in 29.28.21.27.85 will this work, i highly doubt it, but according to your post above it would work, the mac adress needs to follow some sort of pattern rather then being RANDOM numbers and letters in RANDOM order, makes 0 sense at all, PLZ PLZ PLZ provide me with something to type in, rather then saying, anything will work

also im very confused why i would ever copy my pc's mac adress to the mac adress of the router, wouldnt this cause some problems as every device on my network has a different mac

ok i simply tried changing the number 1 to the number 8 (the very first digit of my mac) and rebooted my router, it grabbed a new ip, my question is why didnt shaw tell me about this on the phone


jtl999
CEO of Actiontec Dev Team

join:2012-11-24
In the GVRD
kudos:4
It would not cause problems as the Clone Mac Address function only changes as what Shaw sees. Not what your network sees.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw

1 edit
reply to 18286719
29.28.21.27.85 wouldn't work, because it is not long enough...

Why you would ever copy from your computer,

Telus for example, registers the MAC address, if you have just a computer connected to the modem, and you buy a router, you have to clone the MAC address of your computer to your router, so that it will work.

And yes, I ment any random characters, FE:ED:DE:AD:BE:EF would work...

As long as nobody else also uses it in your city.

Why wouldn't Shaw employees tell you, it is very possible they don't know, they aren't allowed to tell you (against what they support), it shouldn't be required...
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
reply to 18286719
If you want to avoid this crap, use an router IP like 10.0.5.100. That makes it a 'Private Network', and you won't have this problem. Done.
--
"I fear the day that technology will surpass our human interaction. The world will have a generation of idiots." ~ Albert Einstein

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
@Juggernaut I don't understand your post, set the LAN IP to 10.0.5.100? Or a static WAN IP to that?
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
Click for full size
The LAN IP, like so:

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
And what will that accomplish? I'm missing something?


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
You are.

Running a private network IP, most of this type of crap (DDoS) will never reach you. I get a few rare hits, but they bounce.
--
"I fear the day that technology will surpass our human interaction. The world will have a generation of idiots." ~ Albert Einstein


jtl999
CEO of Actiontec Dev Team

join:2012-11-24
In the GVRD
kudos:4
If you still have a WAN it still uses up your connection.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
Not really. You can't hit what you can't reach. Try it, and see.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
But the internet interface is what gets hit, with NAT, the LAN router IP isn't really accessable from the internet, so it doesn't matter.

Additionally, most consumer routers, are you not able to enter anything but the 192.168.0.0/16 network.

--
Yes, I am not employed and looking for IT work. Have passport, will travel.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
If that were true, the OP wouldn't have a problem, as Shaw would take the hit, not him.

Some do slide past the WAN.

Not true. You can change most router LAN's easily.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
Change most router LAN addresses easily, yes, but many will only allow the 192.168.0.0/16 network, and won't let you enter the 172.16.0.0/16 network nor the 10.0.0.0/8 network...

If you are getting ddos attacked, it is your external IP address getting hit, not your internal LAN address.

If your router is powerful enough, then your router will handle it, if it isn't, then you are going to be wanting to change your IP address.

Shaw passes along the traffic as an ISP should. Changing your LAN addresses are not going to help.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
All of my routers have allowed me to change LAN IP's.

quote:
If you are getting ddos attacked, it is your external IP address getting hit, not your internal LAN address.
That's precisely what I've previously stated.

Changing LAN addies can indeed help with online gaming attacks.
--
"I fear the day that technology will surpass our human interaction. The world will have a generation of idiots." ~ Albert Einstein

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
I didn't say not allowed, many I have used/configured will only allow 192.168.0.0-192.168.255.254 for LAN IP, not 10.0.0.0 addresses.

If your external IP 24.76.55.84 (for example) is getting DDOS attacked, how is changing your LAN IP from 192.168.1.1 to 10.0.5.200 going to help?
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
From what I've experienced, the 192.x.x.x LAN IP seems to be a common attack vector regardless of the WAN IP. Perhaps it's because it's common? I'm not sure to be truthful.

I have noticed these hits are far less common on the 10.x.x.x internal IP's though.
--
"I fear the day that technology will surpass our human interaction. The world will have a generation of idiots." ~ Albert Einstein

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Or maybe you're just behaving yourself more online? haha


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
Heh! Not really, but I like that theory.


18286719

join:2013-02-02
Whistler, BC
reply to 18286719
just to be clear, a ddos attack attacks the modem through the ip address, and it will either temporarily flood the ip with all the data it has or will continually flood the ip untill the booter is turned off (seems to be my situation) earlier i had my network up and running regardless of the fix, i was asking questions so if it happens again i can quickly grab a new ip, and u guys did a good job of helping me with this, the mac adress method did work as when i checked ipchicken it was giving me a dif ip after changing the mac and rebooting the router, however, even after i thought i had changed ip's, i was still getting hit off from the same guy booting the same ip he pulled from me last night, wich means that the mac adress wasnt accually changing the ip somewhere, even tho it said it was, i think in one of the first posts in this thread someone said, when u change the mac it tricks shaw into thinking the ip is different even tho its accually not, or they said something like that