Jump to content

  • Curse Sites
Help

A guide to preventing DDOS'ing


  • Please log in to reply
39 replies to this topic

#1 mukuld50

mukuld50
  • Junkies
  • Dwarfclass_name
  • US-Magtheridon
  • Ruin
  • Posts: 720
  • Talents: Elemental ./././././.
  • RBG: 2666

Posted 19 March 2012 - 06:32 AM

*
POPULAR

Hey guys! Since the NAO staff is about to launch information about Tournament 3 soon, I figured that it would be a good idea to have a consolidated guide of how to deter the so-called "DDOS'ers" from ruining your gaming experience.  I am not expert on network security, and collected much of this information from various places on the internet.  Also, thanks to Shouri and Thorrior for mentioning some excellent ideas that will make it much harder for amateur ddos'ers to circumvent around.

Before talking about how to prevent DDOS'ing, I think that we should all understand what this is.


What is DDOSing?


"A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely."

How easy is it to DDoS?

While there are various ways to actually conduct a DDoS attack, the TL;DR of everything is that DDoSing is as simple as getting an individual's IP address and "paying" a botnet/service to flood that individual's IP with packets hence flooding up the bandwidth.  

Easier way to understand DDoSing: Picture a logging company which transports logs down-stream in a river.  A DDoSer basically floods the stream with his own "logs" hence preventing river access to the actual logging company for their logs.  The more money / resources that the DDoSer has access to, the harder will it be for the logging company to send the "useful" logs down stream.

This directly equates to the fact that larger the river (faster the internet), harder will it be to fill the river with logs (flood an individual's internet with trash packets).  This was seen during NAO 2 - I was the victim of an apparent DDoS attack, however my internet speed (100 down / 8 up), and my firewall was resilient enough to allow me to still function in WoW.  On the other hand, Snutz was not so lucky with having a good internet / firewall.

How are WoW players being DDoSed?

Nowadays, 99% of the WoW arena community has shifted towards using Skype for communication needs.  Turns out, that it is quite simple to get an IP address from Skype, simply by knowing the individual's Skype username.  So, basically, the DDoS victim cannot realistically prevent himself from exposing his IP address to DDoSers, since obtaining a Skype username is easy.

What the hell should we do then?


I fully believe that most of the "DDoS'ers" who are trying to harass the WoW streaming community are actually complete amateurs who do not know a single thing about how an attack actually can be done.  They are using publicly available techniques to flood a victim's IP address with traffic.

So... what does this mean? If a user can change his IP address, and then "protect" his IP address from being leaked out again, then he or she is good to go.

How can I change my IP address then?


First of all, you should know what your current IP is.  An easy way to figure that out is to go to: http://www.whatsmyip.us/

Write the IP address down, and each time you attempt a process, go back to the website to see if your IP address changed.

Depending on your ISP, and if you are connected to a router or not can immensely change the amount of effort that you have to put into changing your IP.  Below is a concise summary of steps that SHOULD work:

1. Before trying any other methods to change your IP address, try turning off (or unplugging the power of) your Cable/DSL modem for five minutes.

2. If 1. does not work, repeat the process for 8 hours (overnight works well) instead of 5 minutes. Hopefully this will result in an IP change.

If the above two steps do not work, try these:

Computer directly connected to a modem:

1. Get to a command prompt (Start -> run -> cmd)
2. Type "ipconfig /release" (without the quotes, on the command line by itself).
3. Type "ipconfig /renew" (without the quotes, on the command line by itself).
4. Check your IP address.

If the above does not work, try:

1. Get to a command prompt. (Start -> run -> cmd)
2. Type "ipconfig /release" (without the quotes).
3. Shut down computer.
4. Turn off cable/DSL modem.
5. Leave off overnight.
6. Turn everything back on.

Computer connected to a network via a router:

1. Log into the router's admin console. (Often http://192.168.1.1/)
2. Release the IP address. (Method varies by router manufacturer)
3. Turn off router, ethernet hubs/switches, and the cable/DSL modem.
4. Leave off overnight.
5. Turn everything back on.

Hopefully the above steps helped! If not, then:

  • If you are using a cable/DSL modem and a router, you may wish to connect your computer directly to the cable/DSL modem. This allows your ISP's DHCP to issue you a new (hopefully changed) IP address based of the (hardware) MAC address of your computer's ethernet card.
  • If all the above has not worked to change your IP address and you have a router, check and see if there is a "Clone MAC Address" option. Using it should change your IP address; however, you'll only be able to do it once

Still dont have a new IP?  Maybe changing the MAC address of your NIC card will help:

1. Click Start->Run-> type "regedit"

2. Navigate to:
Posted Image

3. Under this key, you should see numbers in sequence as “0000″, “0001″ and so on. Click on one at a time to check the description of the device to match it with that of your Network Card. In this example (0001):
Posted Image

4. Once found, in the right-pane, look for “NetworkAddress” key value. If you find it, right-click and select modify. Enter the desired MAC-Address as a 12 digit number (all in one, no “space” “.” or “-”). Note that you can enter any arbitrary MAC-address as long as it is hexadecimal (a 12 digit string containing numbers 0-9 and letters A-F).

5. If you don’t find the key, right-click in the rightpane, select “New” – “String Value”. Enter the name as “NetworkAddress”. Now modify and set the desired value.

6. Now, disable and enable the Network card from the ControlPanel – Network Connections.

7. This should reflect the new MAC-Address on your NIC. Should you choose to go back to the original manufacturer set MAC-Address simply delete the key you just created/modified in the Windows Registry.

8. Power-cycle/attempt to reset your IP again using the various methods that I previously listed in this post.

If all of these fail, and you are not able to change your IP address, contact your internet service provider and ask them if they are able to change your IP address or how long your connection needs to be off for your IP address to change.


I changed my IP address, now what!

Now that you have changed your IP address, the next step will be to protect your IP address from leaking out.  The first obvious question is - do you have to create a new skype ID?  Nope, not really!

Perform the following steps:

1. In Skype, Go to Tools -> Options -> Advanced -> Connection
2. Check the box that says "User port 80 and 443 as alternatives for incoming connections"
3. Click this drop-down and change it to "SOCKS5"
Posted Image
4. Go to http://www.xroxy.com/proxy-country.htm
5. Select the Country that you live in, pick any "SOCK5" IP from the list, and enter it in the Skype settings.

What this does is basically run your Skype off of a proxy.  If you pick an IP in your country, and proxy off of it, chances are that your call quality will not degrade.  If in any case it does, pick a different IP and mess around with it till you optimize the connection.

Now what?

Nothing! If the amateur average-joe WoW DDoSer is trying to get your IP, chances are that he will get the proxy'ed IP from your Skype and waste his time and money DDoSing a proxy server somewhere in a random location.  As long as he doesnt have a bazillion dollar botnet set up, he should not be able to take the proxy-server down.  There are obviously other ways to get IPs, but I am fairly confident that this will fend off the annoying little no-lifers for quite some time.

Other prevention techniques via Skype:

1. In Skype, go to Tools -> Options -> Calls -> Call Settings -> Show advanced options
2. Change to:
Posted Image

3. In Skype, go to Tools -> Options -> IM & SMS -> IM Settings
4. Change to:
Posted Image

What else can I do?

1. Invest money in a good software firewall.  I personally use Norton 360, and configured well, it can do wonders.
2. Buy a good router.  Many routers have DDoS prevention built into the firmware.

Other fun facts:

In the US, there can be a serious federal crime under the Computer Fraud and Abuse Act with penalties that include years of imprisonment. Many other countries have similar laws.

#2 hearthadinlol

hearthadinlol
  • Kaska
  • Junkies
  • Dwarfclass_name
  • US-Sargeras
  • Shadowburn
  • Posts: 363
  • Talents: Restoration 0/2/1/1/0/0
  • RBG: 192

Posted 19 March 2012 - 06:34 AM

FIRST

good post ^>^

Edited by hearthadinlol, 19 March 2012 - 06:41 AM.

Posted Image

#3 Conradical

Conradical
  • Junkies
  • Humanclass_name
  • US-Garona
  • Rampage
  • Posts: 1586
  • Talents: Affliction 0/2/2/0/2/.

Posted 19 March 2012 - 06:36 AM

View Posthearthadinlol, on 19 March 2012 - 06:34 AM, said:

FIRST

i will fucking slay you.

#4 hearthadinlol

hearthadinlol
  • Kaska
  • Junkies
  • Dwarfclass_name
  • US-Sargeras
  • Shadowburn
  • Posts: 363
  • Talents: Restoration 0/2/1/1/0/0
  • RBG: 192

Posted 19 March 2012 - 06:41 AM

View PostConradical, on 19 March 2012 - 06:36 AM, said:

i will fucking slay you.

yeah raped nooooooooooooooooooooooooooooooooooooooooooooooooooooob
Posted Image

#5 fearlol

fearlol
  • Junkies
  • Humanclass_name
  • EU-Sylvanas
  • Rampage / Saccage
  • Posts: 256
  • Talents: Destruction 0/1/2/0/2/2
  • RBG: 1531

Posted 19 March 2012 - 08:13 AM

Nice post, ty

#6 Starcookie

Starcookie
  • Premium Junkies
  • Curse Premium
  • Humanclass_name
  • EU-Naxxramas
  • Sturmangriff / Charge
  • Posts: 2558
  • Talents: Discipline

Posted 19 March 2012 - 08:28 AM

The Skype part about blocking calls/messages doesn't solve anything btw.

#7 Zigenz

Zigenz
  • Zigenxo
  • Junkies
  • Humanclass_name
  • US-Sargeras
  • Shadowburn
  • Posts: 1080
  • Talents: Marksmanship
  • LocationAustralia

Posted 19 March 2012 - 08:35 AM

View PostStarcookie, on 19 March 2012 - 08:28 AM, said:

The Skype part about blocking calls/messages doesn't solve anything btw.


you'd know ;)
[10:18:48] [W From] [85:Mythíc]: who sits a multiglad?
[10:18:58] [W From] [85:Mythíc]: you dont sit multi glads, you suck their balls and thank them after

#8 Jeffylol

Jeffylol
  • Junkies
  • Humanclass_name
  • EU-Outland
  • Misery
  • Posts: 275
  • Talents: Subtlety 1/2/2/0/0/1
  • 2v2: 1719
  • 3v3: 1605

Posted 19 March 2012 - 09:04 AM

View PostZigenz, on 19 March 2012 - 08:35 AM, said:

you'd know ;)

I lol'd
Legendariska dolkar.

#9 Starcookie

Starcookie
  • Premium Junkies
  • Curse Premium
  • Humanclass_name
  • EU-Naxxramas
  • Sturmangriff / Charge
  • Posts: 2558
  • Talents: Discipline

Posted 19 March 2012 - 09:15 AM

View PostZigenz, on 19 March 2012 - 08:35 AM, said:

you'd know ;)

Correct; I would. That is why I am telling you. I would have thought that was obvious.

#10 misios

misios
  • Junkies
  • Humanclass_name
  • EU-Outland
  • Misery
  • Posts: 1419
  • Talents: Destruction
  • LocationNorway

Posted 19 March 2012 - 09:19 AM

well written post :)
Posted Image

#11 Xsv

Xsv
  • Junkies
  • Dwarfclass_name
  • US-Magtheridon
  • Ruin
  • Posts: 114
  • Talents: Restoration 0/2/1/1/0/0
  • RBG: 2298

Posted 19 March 2012 - 09:41 AM

looks like the tables have turned DDoSers

#12 Conradical

Conradical
  • Junkies
  • Humanclass_name
  • US-Garona
  • Rampage
  • Posts: 1586
  • Talents: Affliction 0/2/2/0/2/.

Posted 19 March 2012 - 10:19 AM

View PostXsv, on 19 March 2012 - 09:41 AM, said:

looks like the tables have turned DDoSers


#13 MonkeyDLuffy

MonkeyDLuffy
  • Members
  • Humanclass_name
  • US-Tichondrius
  • Bloodlust
  • Posts: 195
  • Talents: Subtlety
  • RBG: 2379
  • LocationSan Diego, California

Posted 19 March 2012 - 10:47 AM

good stuff +

#14 hirtqt

hirtqt
  • Junkies
  • Undeadclass_name
  • US-Bleeding Hollow
  • Ruin
  • Posts: 993
  • Talents: Discipline 2/0/1/1/1/1
  • RBG: 732

Posted 19 March 2012 - 01:04 PM

Purchasing VPN access would solve the problem.
Posted Image
Posted Image

#15 mukuld50

mukuld50
  • Junkies
  • Dwarfclass_name
  • US-Magtheridon
  • Ruin
  • Posts: 720
  • Talents: Elemental ./././././.
  • RBG: 2666

Posted 19 March 2012 - 03:36 PM

View PostStarcookie, on 19 March 2012 - 08:28 AM, said:

The Skype part about blocking calls/messages doesn't solve anything btw.

It does for some other stuff that can be done to inject a trojan, but yeah, IP-wise it does not.

#16 mukuld50

mukuld50
  • Junkies
  • Dwarfclass_name
  • US-Magtheridon
  • Ruin
  • Posts: 720
  • Talents: Elemental ./././././.
  • RBG: 2666

Posted 19 March 2012 - 03:37 PM

View Posthirtqt, on 19 March 2012 - 01:04 PM, said:

Purchasing VPN access would solve the problem.

Or you dont purchase anything, and not suffer bad latency due to VPNing your whole internet connection, and still solve the problem, right? :)

Edited by mukuld50, 19 March 2012 - 03:56 PM.


#17 Phillol

Phillol
  • Junkies
  • Orcclass_name
  • US-Mal'Ganis
  • Stormstrike
  • Posts: 862
  • Talents: Frost 2/0/1/0/0/0
  • RBG: 2278

Posted 19 March 2012 - 03:52 PM

you own pretty hard mugems. Keep up the good work master owner

Edited by Phillol, 19 March 2012 - 04:00 PM.


#18 Hotted

Hotted
  • Junkies
  • Night Elfclass_name
  • US-Kargath
  • Vindication
  • Posts: 1636
  • Talents: Restoration 1/0/2/1/2/2
  • RBG: 2295
  • LocationVenezuela

Posted 19 March 2012 - 04:01 PM

Posted Image

Edited by Hotted, 19 March 2012 - 04:04 PM.

Spoiler


Posted Image
Stream: http://www.twitch.tv/hotted89
YouTube: http://www.youtube.com/hotted89
Facebook: http://www.facebook.com/hotted89
Twitter: http://www.twitter.com/hotted89

#19 Twistedtoo

Twistedtoo
  • Junkies
  • Undeadclass_name
  • US-Tichondrius
  • Bloodlust
  • Posts: 24
  • Talents: Subtlety 2/2/2/1/0/1

Posted 16 June 2012 - 06:31 PM

Or here's an even better solution.... Check your firewall IP logs look for insane amounts of packets incoming via UDP.... type the IP address in at http://whatismyipaddress.com/ see where they live and pummel their face in... :)

#20 Dafang

Dafang
  • Junkies
  • Trollclass_name
  • US-Barthilas
  • Bloodlust
  • Posts: 33
  • Talents: Fire 0/2/0/2/1/.

Posted 28 July 2012 - 05:47 PM

have to bump this
Learning.
Once there was a Potti.
He died.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

<