If you're playing in a tournament or streaming, you will need to prepare for and prevent DDOS attacks.
It's incredibly frustrating for the people being DDOS'd, especially when it effects their streams or tournaments. However, I feel some people are not using the internet and available information to protect themselves. The process of changing IP's and Skypes has been documented, but still, the same people have the same Skypes and continuously fall back on "I've rebooted my router" or "I called and my ISP and they said I can't".
One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable.
Essentially, your internet becomes overwhelmed with incoming requests and you eventually just go offline. This is why your Skype will usually become robotoic or some services will be available/slow while others aren't.
How it happens:
The attacker get's your IP address. The most common method is Skype. The WoW community is kind of shit so people who you may think are your friend will share your Skype username, or someone without "Stream Privacy" will accidently leak your username. That is all the attacker needs to find it, it doesn't matter how it happens - the bottom line is once your Skype is available, you are compromised. There are methods of using a proxy server to connect to Skype, but honestly once it's compromised I'd just make a new one to be sure.
Static IP and Dynamic IP's
The most common misconception is that people think they have static IP's and it cannot be changed. Unless you actually have this information specified in your network/router properties:
Then you most likely have a Dynamic IP address. Most people will keep the same Dynamic IP for an extended period of time (could last years, and this is where the confusion lies). This is due to the MAC Address of their router (and DHCP leases) This is why simple /release and /renew from command prompt does not work.
To prevent further DOS attacks, it is very important to understand how obtaining a new IP is possible, and how your internet/router functions in the way of just getting your last IP address.
DHCP - Dynamic Host Configuration Protocol (aka the server that gives you an IP Address)
Media Access Control address (MAC address) is a unique identifier assigned to network interfaces
Local IP Address - ex. 192.168.0.1, 10.0.0.1
Public IP Adddress - http://www.whatismyip.com/ (aka will never be in the local format)
1. Your router has a MAC Address of 1:2:3:4:5. This is a physical address assigned in the hardware/software.
2. It establishes connection to the DHCP server, and will be assigned an IP Address. The DHCP server records the MAC Address of the router, so that it can hand it the same IP if it becomes disconnected.
3. The DHCP server says Ok, here is your IP Address. (18.104.22.168)
4. Your internet is active and your public IP is (22.214.171.124)
1. You go to command prompt and /release /renew, a common practice for changing your IP.
2. You come back online, go to http://www.whatismyip.com/ and have the same address (126.96.36.199)
3. You turn off your router/modem for 10 minutes. You come back online and have the same public IP (188.8.131.52)
THIS IS BECAUSE YOUR ROUTERS MAC ADDRESS IS SAVED IN THE DHCP SERVER. When the DHCP server see's your MAC address (1:2:3:4:5) it just assigns it the same IP it has in it's records (184.108.40.206).
(Obviously there are exceptions to this, some people get new IP's from just resetting or /release /renew, but often times that will only work on a random or first time basis, as the DHCP Lease was probably very old.)
Understanding MAC Address cloning:
Most routers have the functionality to clone your MAC Address. Essentially, you are able to put a disguise on your routers physical MAC address (1:2:3:4:5). Let's say it disguises it as (5:2:3:4:1) so that when it connects to the DHCP server, the DHCP server says "hey, I don't remember this MAC address"... therefore treats it as a new guest and assigns it a new IP Address.
Once you understand the process, it becomes fairly simple to continuously clone your MAC Address (can change just one or two numbers, randomize it, etc.) and obtain a new IP almost on-demand. It is EXTREMELY important that you make a new Skype, as if you change your IP and use your old Skype, the attacker can just obtain your new IP Address again.
I recommend anyone who is having DDOS issues to firstly figure out how to connect to your routers web interface (like the image above). It is a fairly simple process and requires you to login as an Administrator (default credentials can be found by googling)
Follow the steps below to successfully release your DHCP Lease, Clone your MAC Address, Renew your DHCP lease and obtain a new IP.
- Type 192.168.1.1 in your Internet address bar.
- Enter the password. If you have not chosen a password, use the factory default password of "admin." No username is required.
- Go to status.
- Click DHCP Release.
- Under Setup in the grey bar go to Mac Address clone on the blue bar.
- Click enable, then click clone pcs Mac address. Save settings.
- Unplug the modem, but keep the router plugged in. (aka unpluged the Coax if you have 1 device)
- With the modem (internet/coax) unplugged, go to status.
- Click DHCP renew.
- Plug in modem.
- Wait 1 minute and press refresh. Your new IP address should be there.
Make a new Skype, educate yourself about the process of DHCP and MAC Address cloning, get a new IP.
tldr; avoid getting disconnected by 14year olds on foreign shells by changing your ip address through MAC address cloning and getting a new skype even though it's a fuckin hassle to re-add your friends, follow my fuckin stream
Edited by hoodrych, 10 August 2012 - 11:18 PM.