dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
14
share rss forum feed

xtachx

join:2005-11-19
canada
Reviews:
·voip.ms
reply to kevinds

Re: ddos attack

said by kevinds:

If whatever device is connecting online that they are 'mad' at you for, website, game-name, ect, it can/will update them with your new IP when you sign back in, could this be it?

But yeah, ddos attacks are annoying (couple days ago was getting around 1,000+ login attempts on one of my servers each minute) its annoying, but a good router is key.

I have a question with such DDOS attacks. If no ports are forwarded on the router side, wouldnt the packets just be ignored?

Also, in case of a bridged connection, if I have a script like fail2ban, does it just ignore the packets once a host has got a ban, or does it still cause the computer to slow down etc.?
--
Bell Canada: It is “Preposterous" that consumers should get content they want on their cellphones.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw

1 edit
Its usually the router that gets hammered, the router can't handle it, and crashes.

Sometimes the connection, It doesn't take that much to send 10 mbps of garbage traffic to an IP with ddos.

--
Yes, I am not employed and looking for IT work. Have passport, will travel.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
reply to xtachx
said by dasman09 :

A normal internet user is highly unlikely to get DoS'ed. The best recommendation in this case is to avoid doing douchie things that invite DoS attacks.


--
Yes, I am not employed and looking for IT work. Have passport, will travel.


18286719

join:2013-02-02
Whistler, BC
define a normal internet user, here in the world of competitive call of duty ddos is a daily routine for many players just to get there wins, i even watched a pro team loose a tournament qualifier on livestream the other day cause 2 of them were getting ddos, so yes a normal internet user probably isnt likely to incur a ddos attack, but when ur beating someone in a game and then can just hit u off for the win, the douchy people r usually the ones attacking, usually the people getting hit are innocent. as far as my connection goes the mac adress thing worked to change my ip but i dont know how i was still getting hit of originally, maybe the modem was just overwealmed, either way my connection is working now so hopefully i dont get another attack for a while

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Then get a better router... Dual-Core 1.5 GHz with 1GB ram should be overkill...

-Posted from my phone


pfak
Premium
join:2002-12-29
Vancouver, BC
reply to xtachx
said by xtachx:

I have a question with such DDOS attacks. If no ports are forwarded on the router side, wouldnt the packets just be ignored?

DDoS will cause your downstream or upstream to be saturated, thus preventing legitimate traffic from reaching the intended destination.

Replacing your router is not going to resolve the problem. Having cooperation from your ISP to filter traffic, or stop pissing off people is the best result
--
The more I C, the less I see.

xtachx

join:2005-11-19
canada
Reviews:
·voip.ms
said by pfak:

said by xtachx:

I have a question with such DDOS attacks. If no ports are forwarded on the router side, wouldnt the packets just be ignored?

DDoS will cause your downstream or upstream to be saturated, thus preventing legitimate traffic from reaching the intended destination.

Replacing your router is not going to resolve the problem. Having cooperation from your ISP to filter traffic, or stop pissing off people is the best result

So I guess in this case, we would need cooperation from the host ISP. Its funny how someone can be DDOSed and he/she will go over their bandwidth caps for no fault of his/ hers.
--
Bell Canada: It is “Preposterous" that consumers should get content they want on their cellphones.


pfak
Premium
join:2002-12-29
Vancouver, BC
said by xtachx:

Its funny how someone can be DDOSed and he/she will go over their bandwidth caps for no fault of his/ hers.

Doubtful that it's unwarranted. The original poster is not a business, and therefore there is no benefit of DDoSing them for extortion or otherwise ..
--
The more I C, the less I see.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
reply to pfak
Upstream no, because your router should simply drop the traffic, and not respond to it.

Downstream, possible, but unlikely with faster internet speeds. 10 mbps wouldn't be hard to saturate with ddos, 25 and up, significantly harder...
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


pfak
Premium
join:2002-12-29
Vancouver, BC
said by kevinds:

Upstream no, because your router should simply drop the traffic, and not respond to it.

Downstream, possible, but unlikely with faster internet speeds. 10 mbps wouldn't be hard to saturate with ddos, 25 and up, significantly harder...

Upstream can be saturated by causing the router to respond to requests, via ICMP Ping or other services (eg. UPnP).

25Mbps is a ridiculously small DDoS attack. I suggest you do some reading
--
The more I C, the less I see.


18286719

join:2013-02-02
Whistler, BC
reply to kevinds
so a better router would stop the ddos because if could accually handle the attack? if kevinds or anyone else could link me with a suggestion router to look at, and im assuming this would all go through the cisco in bridge mode and still work?

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
Wouldn't stop it, but should handle it... Unless it is that much traffic that your download is being saturated.

What do you have for old computers 'laying' around?
--
Yes, I am not employed and looking for IT work. Have passport, will travel.

tlhIngan

join:2002-07-08
Richmond, BC
kudos:1
No need old PCs - modern routers are more than fast enough - the very latest 802.11n dual bands can easily handle 750Mbps (yes, 750) routing packets. Handling a DDoS is even easier since it just involves discarding packets and they get tossed lower down in the network stack.

Even an older top end router can handle 25Mbps without a sweat.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
Depends on your budget, high-end consumer router, or low-end PC Both will accompish the same, I will stand by the statement that a computer can do a lot more then a router can, but most people don't need the features.

And also consider power usage over time.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


18286719

join:2013-02-02
Whistler, BC
reply to kevinds
i have alot of old computers, probly 5-7 around, the one in the best condition would probly be my little compaq cq50, could i really use something like this in some type of way to stop ddos? and also would a router like this be strong enough to stop attacks »amplifi.dlink.com/products/DIR-857

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
Any older computer with two network cards (one for internet and one for your LAN/network) combined with the right software (DD-WRT is simple to use) usually work very well...

The searches I did on the CQ50 show it as a laptop, but no expansion ports. I checked two different CQ50 laptops and neither of them had the expansion port to add the 2nd network card. But I have had good successes with using laptops for routers in the past (good use for a broken screen laptop) and they generally consume small amounts of power.

Using a spare computer takes a bit more work to setup to be honest as well.

That D-Link should do the job as well.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


pfak
Premium
join:2002-12-29
Vancouver, BC
This post makes me want to cry. You guys realise that 25Mbps isn't really concerned a DDoS? I have more upstream at home. Things like DNS amplification bring DDoS to the gigabit/s range -- and even a small DoS is able to take your internet offline.

This has nothing to do with the hardware on your router, absolutely nothing. No amount of hardware is going to stop a DoS or DDoS with your slow DOCSIS modem speeds.
--
The more I C, the less I see.


18286719

join:2013-02-02
Whistler, BC
hmm, im confused now, would a router like that stop an attack or no, it kinda makes sense it wouldnt since it would be going through my cisco anyway, and also, would this be any better then the d link router »www.smallnetbuilder.com/lanwan/l···ter-lite

they both got 512mb ram but the ubiquiti has about 125 times the flash capacity, but i dont know if it even has wifi

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
ddos is sending garbage traffic to your router.

Enough packets, it can't handle it and it crashes.

Better router handles the traffic better.
Can't stop the attack, but can manage/deal with it a lot better.

Your Cisco modem in bridge mode, passes all the traffic to your router without touching it.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


18286719

join:2013-02-02
Whistler, BC
ok cool, well in that case it looks like my 2 choices for router would be the D Link DIR 857, or the Ubiquiti EdgeRouter Lite, dont know if the ubiquiti would be a feasable option without wireless tho, could someone verify if it does or does not have wifi? and also what do u have to say about pfaks comment above yours kevinds? is he incorrect?

ruiner

join:2012-03-10
Canada
First, I doubt you have the technical knowledge required to set that router up. If you did you could use your current router as a WiFi AP only.

Second, see here: »blog.cloudflare.com/deep-inside-···s-attack

Your downlink can easily be flooded which fills out the buffers in your equipment and causes massive latency. Dropping the packets will do nothing at this point.


18286719

join:2013-02-02
Whistler, BC
so basically i could use the ubiquiti but it would be complicated for me to setup and then i could connect it to my d link to provide wireless to the people that use it and keep the 2 wired connections for my pc and my xbox, also i didnt understand the second bit of that last post to much, were u implying the router might not even stop a weaker ddos? also will the ubiquiti do a better job dealing with attacks then the d link? if so how much better, they both got 512 ram ubiquiti has much larger flash tho (125 times more), id rather go with the d link for simplicity, but the ubiquiti seems like a tank, even tho its all a dream at this point i cant afford either right now

ruiner

join:2012-03-10
Canada
Since dropping the packets will do nothing at this point means nothing to you, I'll try again. Just leave it alone, there is nothing you can do about it short of complaining to Shaw to see if they can filter the traffic out before it gets to you.


pfak
Premium
join:2002-12-29
Vancouver, BC
reply to 18286719
At the organization I work for, we have multiple 10 GigE links to the Internet and still have to get our upstream ISP(s) involved if there is a DDoS attack launched against us.
--
The more I C, the less I see.


18286719

join:2013-02-02
Whistler, BC
i wish these answers were a bit more yes or no but its ok, will a that d link modem work to stop ddos? YES (Asuming its weak enough) or NO plain and simple, i dont want a guess, thanks

my next question, is there anything i can do about this like hiding my ip while causing 0 latency on my connection, yes or no answer plz, if the answer is yes and there is multiple options plz tell me options you know will work, thanks

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
No, you can't hide your IP while adding no latency.


spock

join:2012-07-08
Reviews:
·TekSavvy DSL

1 edit
reply to kevinds
said by kevinds:

ddos is sending garbage traffic to your router.

Enough packets, it can't handle it and it crashes.

Better router handles the traffic better.
Can't stop the attack, but can manage/deal with it a lot better.

Your Cisco modem in bridge mode, passes all the traffic to your router without touching it.

Your connection would be saturated before your router hits 100% CPU. Having better hardware is not going to make a diff. I have never crashed my ancient Cisco routers by running them at 100% CPU. Cisco 2621 can't handle PAT with a 25 meg connection.

Get a different IP or complain to shaw.

May I ask what you are doing on the intarwebs to deserve a ddos?


spock

join:2012-07-08
Reviews:
·TekSavvy DSL
reply to 18286719
said by 18286719:

ok cool, well in that case it looks like my 2 choices for router would be the D Link DIR 857, or the Ubiquiti EdgeRouter Lite, dont know if the ubiquiti would be a feasable option without wireless tho, could someone verify if it does or does not have wifi? and also what do u have to say about pfaks comment above yours kevinds? is he incorrect?

Dude save your money and ignore kevinds and juggerknots posts telling you getting a new router will help you. They obvious have no clue about ip networking. Call shaw and tell them the situation.

Pfak knows his networking, take his advice


18286719

join:2013-02-02
Whistler, BC
what could shaw help me with lol? what am i gonna call them and say?
Expand your moderator at work