21 replies to this topic

[hoodrych]

I know there are several of these with some of the same information, but it seems that people are either lazy or uninformed.

If you're playing in a tournament or streaming, you will need to prepare for and prevent DDOS attacks.

It's incredibly frustrating for the people being DDOS'd, especially when it effects their streams or tournaments. However, I feel some people are not using the internet and available information to protect themselves. The process of changing IP's and Skypes has been documented, but still, the same people have the same Skypes and continuously fall back on "I've rebooted my router" or "I called and my ISP and they said I can't".

Understanding DDOS/DOS:

One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable.

Essentially, your internet becomes overwhelmed with incoming requests and you eventually just go offline. This is why your Skype will usually become robotoic or some services will be available/slow while others aren't.

How it happens:

The attacker get's your IP address. The most common method is Skype. The WoW community is kind of shit so people who you may think are your friend will share your Skype username, or someone without "Stream Privacy" will accidently leak your username. That is all the attacker needs to find it, it doesn't matter how it happens - the bottom line is once your Skype is available, you are compromised. There are methods of using a proxy server to connect to Skype, but honestly once it's compromised I'd just make a new one to be sure.

Prevention:

Static IP and Dynamic IP's

The most common misconception is that people think they have static IP's and it cannot be changed. Unless you actually have this information specified in your network/router properties:



Then you most likely have a Dynamic IP address. Most people will keep the same Dynamic IP for an extended period of time (could last years, and this is where the confusion lies). This is due to the MAC Address of their router (and DHCP leases) This is why simple /release and /renew from command prompt does not work.

To prevent further DOS attacks, it is very important to understand how obtaining a new IP is possible, and how your internet/router functions in the way of just getting your last IP address.

DHCP - Dynamic Host Configuration Protocol (aka the server that gives you an IP Address)
Media Access Control address (MAC address) is a unique identifier assigned to network interfaces
Local IP Address - ex. 192.168.0.1, 10.0.0.1
Public IP Adddress - http://www.whatismyip.com/ (aka will never be in the local format)

1. Your router has a MAC Address of 1:2:3:4:5. This is a physical address assigned in the hardware/software.
2. It establishes connection to the DHCP server, and will be assigned an IP Address. The DHCP server records the MAC Address of the router, so that it can hand it the same IP if it becomes disconnected.
3. The DHCP server says Ok, here is your IP Address. (75.75.75.2)
4. Your internet is active and your public IP is (75.75.75.2)

DDOS Happens

1. You go to command prompt and /release /renew, a common practice for changing your IP.
2. You come back online, go to http://www.whatismyip.com/ and have the same address (75.75.75.2)
3. You turn off your router/modem for 10 minutes. You come back online and have the same public IP (75.75.75.2)

THIS IS BECAUSE YOUR ROUTERS MAC ADDRESS IS SAVED IN THE DHCP SERVER. When the DHCP server see's your MAC address (1:2:3:4:5) it just assigns it the same IP it has in it's records (75.75.75.2).

(Obviously there are exceptions to this, some people get new IP's from just resetting or /release /renew, but often times that will only work on a random or first time basis, as the DHCP Lease was probably very old.)

Understanding MAC Address cloning:

Most routers have the functionality to clone your MAC Address. Essentially, you are able to put a disguise on your routers physical MAC address (1:2:3:4:5). Let's say it disguises it as (5:2:3:4:1) so that when it connects to the DHCP server, the DHCP server says "hey, I don't remember this MAC address"... therefore treats it as a new guest and assigns it a new IP Address.




Once you understand the process, it becomes fairly simple to continuously clone your MAC Address (can change just one or two numbers, randomize it, etc.) and obtain a new IP almost on-demand. It is EXTREMELY important that you make a new Skype, as if you change your IP and use your old Skype, the attacker can just obtain your new IP Address again.

I recommend anyone who is having DDOS issues to firstly figure out how to connect to your routers web interface (like the image above). It is a fairly simple process and requires you to login as an Administrator (default credentials can be found by googling)

http://www.techspot....r-ip-addresses/

Follow the steps below to successfully release your DHCP Lease, Clone your MAC Address, Renew your DHCP lease and obtain a new IP.

• Type 192.168.1.1 in your Internet address bar.
  
• Enter the password. If you have not chosen a password, use the factory default password of "admin." No username is required.
  
• Go to status.
  
• Click DHCP Release.
  
• Under Setup in the grey bar go to Mac Address clone on the blue bar.
  
• Click enable, then click clone pcs Mac address. Save settings.
  
• Unplug the modem, but keep the router plugged in. (aka unpluged the Coax if you have 1 device)
  
• With the modem (internet/coax) unplugged, go to status.
  
• Click DHCP renew.
  
• Plug in modem.
  
• Wait 1 minute and press refresh. Your new IP address should be there.

Make a new Skype, educate yourself about the process of DHCP and MAC Address cloning, get a new IP.

tldr; avoid getting disconnected by 14year olds on foreign shells by changing your ip address through MAC address cloning and getting a new skype even though it's a fuckin hassle to re-add your friends, follow my fuckin stream

http://www.twitch.tv/hoodrychx

- hr

Edited by hoodrych, 10 August 2012 - 11:18 PM.

[Minpojke]

first xx

[Shawir]

ta connerie est encore plus grosse que tes narines

[piptip]

whos nose are you talking about so confused^^^

[acushi]

You should give this information to bailamosx

[Oldog]

Cheers, most of that I did not know.

Can some mod sticky this

[Bam112004_6764907]

Everything this post tells me to do, ive done, and i didnt do em wrong either, i even payed a guy to come look at everything and see if there was a way he could find to be able to change my IP address from home, there is no way. Only way to change my IP address is take my modem/router to TWC and exchange it. Im 60% sure why i know my IP never changes, but theres nothing i can do about it, anyways im sure this post will help a lot of other streamers out there, but it isnt gonna help me. Thank Hood for all the help. Really appreciate you trying to do this for others.

[Blackrat5521]

fuck the police

[Hotted]

Blackrat5521, on 11 August 2012 - 03:43 AM, said:

fuck the police

yeah specially since you got one on your team :]

[Tosan]

Good post, although it hurts my brain to try to follow all that (since I am far from techie enough to know any of this stuff), this is all great information.  It's good to know that you can reset your own IP relatively easily, whereas most people gave me the impression that if your ISP wouldn't do it for you, you were screwed.

[Draedx]

Bump. Good post and very informative.  A proxy server is another alternative.

I have never had a problem with DDOS attacks(in WoW) until recently.  The cross realm RBGs may give us better queues, but overall skype sharing and growth of DDOS attackers is going to ruin high rated RBGs.  I have been in a few RBGs already where my teammates were victims of DDOS and last night after joining a group that I've run with a few times, I was shocked to hear some of them get excited about the prospect of a DDOS attacker joining the group.  It's very sad that the community would perpetuate this kind of action.

Maybe another approach to limiting DDOS attackers is dropping Skype as a mainstream way to communicate.  Or teaching everyone you play with to set up a proxy on Skype.

• In Skype, Go to Tools -> Options -> Advanced -> Connection
  
  
• Check the box that says "User port 80 and 443 as alternatives for incoming connections"
  
  
• Click this drop-down and change it to "SOCKS5"
  
  
• Go to http://www.xroxy.com/proxy-country.htm
  
• Select the Country that you reside, pick any “SOCK5” IP Address from the list and enter it as the host.
  Note: What you are doing is running Skype via a proxy. As long as you pick an IP that is in the same country as you reside then you shouldn’t see much, if any degradation in call quality. If you do, just select a new IP until you find the best setup.

Say no mas to DDOS
President Draedz
Gladiator, Grand Marshal, and Last of the Mohicans

[hurrdurr]

Draedx, on 09 November 2012 - 06:14 PM, said:

Bump. Good post and very informative.  A proxy server is another alternative.

I have never had a problem with DDOS attacks(in WoW) until recently.  The cross realm RBGs may give us better queues, but overall skype sharing and growth of DDOS attackers is going to ruin high rated RBGs.  I have been in a few RBGs already where my teammates were victims of DDOS and last night after joining a group that I've run with a few times, I was shocked to hear some of them get excited about the prospect of a DDOS attacker joining the group.  It's very sad that the community would perpetuate this kind of action.

Maybe another approach to limiting DDOS attackers is dropping Skype as a mainstream way to communicate.  Or teaching everyone you play with to set up a proxy on Skype.

• In Skype, Go to Tools -> Options -> Advanced -> Connection
  
  
• Check the box that says "User port 80 and 443 as alternatives for incoming connections"
  
  
• Click this drop-down and change it to "SOCKS5"
  
  
• Go to http://www.xroxy.com/proxy-country.htm
  
• Select the Country that you reside, pick any “SOCK5” IP Address from the list and enter it as the host.
  Note: What you are doing is running Skype via a proxy. As long as you pick an IP that is in the same country as you reside then you shouldn’t see much, if any degradation in call quality. If you do, just select a new IP until you find the best setup.

Say no mas to DDOS
President Draedz
Gladiator, Grand Marshal, and Last of the Mohicans

Too bad the proxy settings in skype do not work at all.  You need to use putty or something similar to force a proxy through skype.

[zaeya]

Tosan, on 11 August 2012 - 07:14 AM, said:

Good post, although it hurts my brain to try to follow all that (since I am far from techie enough to know any of this stuff), this is all great information.  It's good to know that you can reset your own IP relatively easily, whereas most people gave me the impression that if your ISP wouldn't do it for you, you were screwed.

I've been explaining this repeatedly for months. This is a great post.

Though, it is worth mentioning that a lot of free proxies are not very reliable and you can have communication issues if the server gets overloaded or goes down.

With a bit of technical work you can set up your own proxy (or get someone to do it for you) on an Amazon Web Services EC2 instance (free tier). You can also set up an entirely free VPN using OpenVPN (what I have done) on AWS.

This is a great tutorial:
http://n00dlestheind...h-your-own.html

Edited by zaeya, 09 November 2012 - 07:11 PM.

[ejg12345@gmail.com]

Finally a way for me to stop being ddosd. all hail hoodrych. ddos queen azura must be stopped now... bailamos 2012 cease and decist

[Draedx]

hurrdurr, on 09 November 2012 - 06:19 PM, said:

Too bad the proxy settings in skype do not work at all.  You need to use putty or something similar to force a proxy through skype.

PuTTY is definitely a great way to set up a proxy server but it is much more complicated and probably not possible for an average WoW player.  For PuTTY to work I believe you have to set up a VPN on another computer.

You can't create a proxy server using Skype, you need to find one to connect to (hence the link to the lists).   A proxy server acts as an intermediate for communication between two computers (or IPs), behind a proxy you are anonymous.  The goal is, if someone thinks they have obtained your IP address over Skype, they are actually obtaining the proxy address which will cause no harm to you or your computer.

[Draedx]

zaeya, on 09 November 2012 - 07:05 PM, said:

Though, it is worth mentioning that a lot of free proxies are not very reliable and you can have communication issues if the server gets overloaded or goes down.

Very true.  Worst case scenario you are disconnected from Skype, but you will be able to continue playing WoW normally.

[gangstalicious]

thank god now people will not scream "Im getting DDoS'd the second they lag

[GrieverZ]

Shawir, on 10 August 2012 - 11:21 PM, said:

ta connerie est encore plus grosse que tes narines

Sympa le taunt en français sur un forum anglo h3h3h3h. En quoi une façon de reset sont IP est de la connerie? .

Otherwise, good post Hoodrych ^^, never had DDOS issues since i'm a nobody (and happy as one) but some of my RBG teamates were getting DDOS'd the other night (after playing with Shiftyx, coincidence?), i'll pass him the info.

[Fawxfighter2013]

Over on Illidan we "thought" we actually had gotten someone banned for ddossing

There is a player that has ddossed about everyone on the realm. We gave blizzard a screenshot of the idiot admitting in game that he had ddossed us......a bunch of people reported him and he did not log on for about 2 weeks (He used to no life this game). A gm stated to one of us that "They had taken appropriate action with this player" but could not give us any info.....he is back now so we think he got a 2 week ban or something

[Shadowtiger]

Hmm, don't seem to get it to work, can i add you on skype or something and you help me?












SEE WHAT I DID THER?! HUEHUE