Before talking about how to prevent DDOS'ing, I think that we should all understand what this is.
What is DDOSing?
"A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely."
How easy is it to DDoS?
While there are various ways to actually conduct a DDoS attack, the TL;DR of everything is that DDoSing is as simple as getting an individual's IP address and "paying" a botnet/service to flood that individual's IP with packets hence flooding up the bandwidth.
Easier way to understand DDoSing: Picture a logging company which transports logs down-stream in a river. A DDoSer basically floods the stream with his own "logs" hence preventing river access to the actual logging company for their logs. The more money / resources that the DDoSer has access to, the harder will it be for the logging company to send the "useful" logs down stream.
This directly equates to the fact that larger the river (faster the internet), harder will it be to fill the river with logs (flood an individual's internet with trash packets). This was seen during NAO 2 - I was the victim of an apparent DDoS attack, however my internet speed (100 down / 8 up), and my firewall was resilient enough to allow me to still function in WoW. On the other hand, Snutz was not so lucky with having a good internet / firewall.
How are WoW players being DDoSed?
Nowadays, 99% of the WoW arena community has shifted towards using Skype for communication needs. Turns out, that it is quite simple to get an IP address from Skype, simply by knowing the individual's Skype username. So, basically, the DDoS victim cannot realistically prevent himself from exposing his IP address to DDoSers, since obtaining a Skype username is easy.
What the hell should we do then?
I fully believe that most of the "DDoS'ers" who are trying to harass the WoW streaming community are actually complete amateurs who do not know a single thing about how an attack actually can be done. They are using publicly available techniques to flood a victim's IP address with traffic.
So... what does this mean? If a user can change his IP address, and then "protect" his IP address from being leaked out again, then he or she is good to go.
How can I change my IP address then?
First of all, you should know what your current IP is. An easy way to figure that out is to go to: http://www.whatsmyip.us/
Write the IP address down, and each time you attempt a process, go back to the website to see if your IP address changed.
Depending on your ISP, and if you are connected to a router or not can immensely change the amount of effort that you have to put into changing your IP. Below is a concise summary of steps that SHOULD work:
1. Before trying any other methods to change your IP address, try turning off (or unplugging the power of) your Cable/DSL modem for five minutes.
2. If 1. does not work, repeat the process for 8 hours (overnight works well) instead of 5 minutes. Hopefully this will result in an IP change.
If the above two steps do not work, try these:
Computer directly connected to a modem:
1. Get to a command prompt (Start -> run -> cmd)
2. Type "ipconfig /release" (without the quotes, on the command line by itself).
3. Type "ipconfig /renew" (without the quotes, on the command line by itself).
4. Check your IP address.
If the above does not work, try:
1. Get to a command prompt. (Start -> run -> cmd)
2. Type "ipconfig /release" (without the quotes).
3. Shut down computer.
4. Turn off cable/DSL modem.
5. Leave off overnight.
6. Turn everything back on.
Computer connected to a network via a router:
1. Log into the router's admin console. (Often http://192.168.1.1/)
2. Release the IP address. (Method varies by router manufacturer)
3. Turn off router, ethernet hubs/switches, and the cable/DSL modem.
4. Leave off overnight.
5. Turn everything back on.
Hopefully the above steps helped! If not, then:
- If you are using a cable/DSL modem and a router, you may wish to connect your computer directly to the cable/DSL modem. This allows your ISP's DHCP to issue you a new (hopefully changed) IP address based of the (hardware) MAC address of your computer's ethernet card.
- If all the above has not worked to change your IP address and you have a router, check and see if there is a "Clone MAC Address" option. Using it should change your IP address; however, you'll only be able to do it once
Still dont have a new IP? Maybe changing the MAC address of your NIC card will help:
1. Click Start->Run-> type "regedit"
2. Navigate to:
3. Under this key, you should see numbers in sequence as “0000″, “0001″ and so on. Click on one at a time to check the description of the device to match it with that of your Network Card. In this example (0001):
4. Once found, in the right-pane, look for “NetworkAddress” key value. If you find it, right-click and select modify. Enter the desired MAC-Address as a 12 digit number (all in one, no “space” “.” or “-”). Note that you can enter any arbitrary MAC-address as long as it is hexadecimal (a 12 digit string containing numbers 0-9 and letters A-F).
5. If you don’t find the key, right-click in the rightpane, select “New” – “String Value”. Enter the name as “NetworkAddress”. Now modify and set the desired value.
6. Now, disable and enable the Network card from the ControlPanel – Network Connections.
7. This should reflect the new MAC-Address on your NIC. Should you choose to go back to the original manufacturer set MAC-Address simply delete the key you just created/modified in the Windows Registry.
8. Power-cycle/attempt to reset your IP again using the various methods that I previously listed in this post.
If all of these fail, and you are not able to change your IP address, contact your internet service provider and ask them if they are able to change your IP address or how long your connection needs to be off for your IP address to change.
I changed my IP address, now what!
Now that you have changed your IP address, the next step will be to protect your IP address from leaking out. The first obvious question is - do you have to create a new skype ID? Nope, not really!
Perform the following steps:
1. In Skype, Go to Tools -> Options -> Advanced -> Connection
2. Check the box that says "User port 80 and 443 as alternatives for incoming connections"
3. Click this drop-down and change it to "SOCKS5"
4. Go to http://www.xroxy.com/proxy-country.htm
5. Select the Country that you live in, pick any "SOCK5" IP from the list, and enter it in the Skype settings.
What this does is basically run your Skype off of a proxy. If you pick an IP in your country, and proxy off of it, chances are that your call quality will not degrade. If in any case it does, pick a different IP and mess around with it till you optimize the connection.
Nothing! If the amateur average-joe WoW DDoSer is trying to get your IP, chances are that he will get the proxy'ed IP from your Skype and waste his time and money DDoSing a proxy server somewhere in a random location. As long as he doesnt have a bazillion dollar botnet set up, he should not be able to take the proxy-server down. There are obviously other ways to get IPs, but I am fairly confident that this will fend off the annoying little no-lifers for quite some time.
Other prevention techniques via Skype:
1. In Skype, go to Tools -> Options -> Calls -> Call Settings -> Show advanced options
2. Change to:
3. In Skype, go to Tools -> Options -> IM & SMS -> IM Settings
4. Change to:
What else can I do?
1. Invest money in a good software firewall. I personally use Norton 360, and configured well, it can do wonders.
2. Buy a good router. Many routers have DDoS prevention built into the firmware.
Other fun facts:
In the US, there can be a serious federal crime under the Computer Fraud and Abuse Act with penalties that include years of imprisonment. Many other countries have similar laws.