Jump to content

  • Curse Sites
Help

Prevention of DDoS Through Common Sense


  • Please log in to reply
19 replies to this topic

#1 Zerstiren

Zerstiren
  • Junkies
  • Humanclass_name
  • US-Darkspear
  • Cyclone
  • Posts: 166
  • Talents: Holy 2/1/1/2/2/0
  • LocationNew Jersey

Posted 14 January 2013 - 08:55 AM

The whole DDoS thing is plaguing the WoW PvP community at the moment, and it is my understanding that it is negatively affecting tournaments, which is a shame.  I wanted to provide a little insight, and some solutions that should be rather fool-proof.

As a note: I have read through Mugem's guide, and I think it is a great starting point, but there are a few things that I don't like that I am going to touch on here.

READ CAREFULLY AND THOROUGHLY.

1. Stop trying to change your IP.

Guys, if someone wants your IP, they are getting it.  Fuck, if you post on this forum once, your IP can be obtained.  If you stream, play WoW, go on Skype, watch a stream, someone can get your IP.  It isn't really something that is SUPPOSED to be secret.  You need to thwart DDoSing at the heart of the issue, which I will explain in the next header.

2. Basics on DDoS.

A basic DDoS attack, which you guys already know, is pretty much connection flooding on some port(s) on some IP(s).  It is really very easy to stop this.
  • Buffer the amount of connection requests and responses in a short period of time.
  • Prevent that traffic from even making a request.
It is as simple as that.

3. Buy a router made in the last 5 years, and actually take time to set it up.

Routers don't want to deal with the kind of flooding that is DDoS.  They stop it.  They manage it.  Turn on the router's firewall, don't forward ports you don't have a reason for forwarding.  Enable IPv4 and IPv6 SPI firewall protection, if it isn't already.

4. Get a free firewall, and prevent incoming traffic from EVERYTHING.  Then enable it where needed.

Do that ^.

5. Skype Shit

For the love of fuck, turn off:
"Use port 80 and 443 as alternatives for incoming connections".

Port 80 is the HTTP port, and that is the first port ANYONE is going to try DDoSing you on.

Disabling it won't negatively affect ANYTHING.

Set-up a Skype proxy.  Mugem's guide has good resources for doing so.  Pick a high rated proxy in your region with a low MS, and you can screen share with the same quality as not having the proxy.

That's really it guys.  A basic DDoS is easily preventable through controlling traffic, and not making yourself vulnerable.  If you are having problems beyond that, you really need to contact the appropriate authority for your nation.  It isn't a bunch of nerds on WoW, it is terrorism.

"Denial-of-service attacks are considered violations of the IAB's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations."

Was motivated to write this after reading a thread.  Probably has typos and grammar errors, but read through it, think about shit, and do some research.  Take the time to set up your router, firewall etc. thoroughly.  If you don't know what an option does, look it up.

http://www.arenajunk...20#entry3834935

http://en.wikipedia....-service_attack

Drunkbaby's post quoted, has good information.
Spoiler

Edited by Zerstiren, 14 January 2013 - 06:18 PM.


#2 Minpojke

Minpojke
  • Minpojke
  • Junkies
  • Night Elfclass_name
  • EU-Outland
  • Misery
  • Posts: 1244
  • Talents: Restoration 1/2/2/0/0/0
  • 2v2: 2403
  • 3v3: 2652
  • 5v5: 957
  • RBG: 2210

Posted 14 January 2013 - 02:29 PM

Good guide i guess but i hope you realise its 12 year old kids ddosing and they dont know any other way except getting ur skype and then nuking you so the easy thing to do if you got dynamic is to just switch it and make a new skype
www.twitch.tv/Minpojke

#3 Paxxar

Paxxar
  • Junkies
  • Humanclass_name
  • EU-The Sha'tar
  • Vindication
  • Posts: 106
  • Talents: Mistweaver 1/0/1/1/1/2
  • 2v2: 1490
  • 5v5: 384
  • RBG: 1694

Posted 14 January 2013 - 02:58 PM

View PostMinpojke, on 14 January 2013 - 02:29 PM, said:

Good guide i guess but i hope you realise its 12 year old kids ddosing and they dont know any other way except getting ur skype and then nuking you so the easy thing to do if you got dynamic is to just switch it and make a new skype

If that was true, then just reset ip and never use Skype again?

On topic, good guide. +rep

Edited by Paxxar, 14 January 2013 - 02:59 PM.

Posted Image

#4 hekumzx

hekumzx
  • Junkies
  • Dwarfclass_name
  • US-Moon Guard
  • Emberstorm
  • Posts: 513
  • Talents: Restoration 0/2/0/1/0/0/.
  • 2v2: 2048
  • 3v3: 2776

Posted 14 January 2013 - 03:03 PM

nice camera skills

A comprehensive look at resto shaman, from the inside out - http://i.imgur.com/icr36xO.png

Posted Image

Official Blizzard Quote:

11/18/10
Balance isn't as easy as some seem to think and often balance is in the eye of the beholder.. We believe priests will be in good shape if not great..

#5 Bamflol

Bamflol
  • Junkies
  • Humanclass_name
  • US-Bleeding Hollow
  • Ruin
  • Posts: 273
  • Talents: Holy 2/1/1/2/0/0
  • RBG: 2493
  • LocationCanada

Posted 14 January 2013 - 04:00 PM

View PostZerstiren, on 14 January 2013 - 08:55 AM, said:

You need to thwart DDoSing at the heart of the issue, which I will explain in the next header.
Find said ddoser and punch him repeatedly in the shirt until he faints?

Edited by Bamflol, 14 January 2013 - 04:01 PM.


#6 Hyrmine

Hyrmine
  • Junkies
  • Humanclass_name
  • EU-Sylvanas
  • Rampage / Saccage
  • Posts: 3168
  • Talents: Arms 2/1/1/1/1/0

Posted 14 January 2013 - 04:09 PM

View PostMinpojke, on 14 January 2013 - 02:29 PM, said:

Good guide i guess but i hope you realise its 12 year old kids ddosing and they dont know any other way except getting ur skype and then nuking you so the easy thing to do if you got dynamic is to just switch it and make a new skype
That's not entirely true. Many kids start to learn weird shit at a young age already. Most hackers are teens, not 40 year old PC world employees.

#7 kannetixx

kannetixx
  • Junkies
  • Humanclass_name
  • US-Kel'Thuzad
  • Nightfall
  • Posts: 2953
  • Talents: Fire
  • RBG: 768
  • LocationFlorida yee

Posted 14 January 2013 - 04:12 PM

it really is just so sad that we cant even play video games anymore without some one trying to ruin it in such a malicious way.
US-Kel'Thuzad - Kannetix


http://www.anook.com/kannetix

www.twitch.tv/kannetix - Gladiator Mage Stream follow me and see when i go live!

#8 drunkbaby

drunkbaby
  • Junkies
  • Blood Elfclass_name
  • US-Illidan
  • Rampage
  • Posts: 31
  • Talents: Holy 0/1/2/2/2/0
  • RBG: 768

Posted 14 January 2013 - 04:36 PM

Is it even known if these attacks are actually distributed? Has anyone actually logged their network traffic to see what is going on? Are all the attacks made of cheaply made chinese packets?

But seriously, assuming that they're actually dealing with a distributed botnet attack, you can have the most bulletproof configuration and that won't stop a sheer bandwidth mismatch. Your home network just doesn't have the horsepower, redundancy, or bandwidth/load balancing to handle a heavy distributed attack properly. And unless you spend a lot of money and time, it never will.

Most of the suggestions are ok, but you'd probably be better off talking to your ISP to see where the attacks are coming from, and what they can do for you to filter them before they ever get to your network. China is notorious for having plenty of compromised systems, primarily because of the proliferation of pirated Windows XP SP1, which are still in use. Maybe they have ACLs to filter out traffic from certain regions? Just a thought.

I'm sure there's a lot going on behind the scenes, and good luck to them stopping these attacks on the tournament players. I guess one bonus of being bad is not having to worry about being attacked. :P

P.S, Wasn't this website just compromised a few months ago? It's curious to me that everyone thinks the attackers are getting their IP lists from skype, and not some from other commonly used service. If you had admin access to the web console for these forums, for example, you could easily see anyone's IP address, or any other host of logs tied to this webserver.

#9 Minpojke

Minpojke
  • Minpojke
  • Junkies
  • Night Elfclass_name
  • EU-Outland
  • Misery
  • Posts: 1244
  • Talents: Restoration 1/2/2/0/0/0
  • 2v2: 2403
  • 3v3: 2652
  • 5v5: 957
  • RBG: 2210

Posted 14 January 2013 - 04:45 PM

View PostPaxxar, on 14 January 2013 - 02:58 PM, said:

If that was true, then just reset ip and never use Skype again?

On topic, good guide. +rep

Yeah? everybody who got ddosed during yas was because they were retarded, didn't change skype or anything, once they reset their ip and made a new skype none got ddosed
www.twitch.tv/Minpojke

#10 WildeHilde

WildeHilde
  • Content Editors
  • Curse Premium
  • Gnomeclass_name
  • EU-Aegwynn
  • Blutdurst
  • Posts: 2045
  • Talents: Combat 1/1/2/1/1/0
  • RBG: 2215
  • LocationSouthern Germany

Posted 14 January 2013 - 05:10 PM

View PostMinpojke, on 14 January 2013 - 04:45 PM, said:

Yeah? everybody who got ddosed during yas was because they were retarded, didn't change skype or anything, once they reset their ip and made a new skype none got ddosed

Actually not entirely true. There are ways to track ip changes. Satisfy got attacked after switching IP, with a new Skype, a mail-adresss not connected to his character name. It stopped after a third reset and no more Skype usage.

#11 Enteyjin

Enteyjin
  • Junkies
  • Humanclass_name
  • EU-Aegwynn
  • Blutdurst
  • Posts: 134
  • Talents: Frost 0/1/2/2/0/0
  • RBG: 2572

Posted 14 January 2013 - 05:28 PM

i dont get how people can get ddosed. EVERYONE can change the ip even if you have a static ip. change mac address, reconnect-> new ip
new skype (only add the people you are playing with for the tournament)

/fixed

#12 Crawthz

Crawthz
  • Junkies
  • Humanclass_name
  • EU-Sylvanas
  • Rampage / Saccage
  • Posts: 704
  • Talents: Frost 0/0/0/2/1/0
  • 2v2: 576
  • LocationFinland

Posted 14 January 2013 - 05:34 PM

View PostEnteyjin, on 14 January 2013 - 05:28 PM, said:

i dont get how people can get ddosed. EVERYONE can change the ip even if you have a static ip. change mac address, reconnect-> new ip
new skype (only add the people you are playing with for the tournament)

/fixed

Some ISP's doesn't want to give customers a way to change IP's on-demand.
www.twitch.tv/crawthz - Gladiator Frostmage stream, please follow!

#13 WildeHilde

WildeHilde
  • Content Editors
  • Curse Premium
  • Gnomeclass_name
  • EU-Aegwynn
  • Blutdurst
  • Posts: 2045
  • Talents: Combat 1/1/2/1/1/0
  • RBG: 2215
  • LocationSouthern Germany

Posted 14 January 2013 - 05:42 PM

Changing the mac address is a really good idea.

#14 drunkbaby

drunkbaby
  • Junkies
  • Blood Elfclass_name
  • US-Illidan
  • Rampage
  • Posts: 31
  • Talents: Holy 0/1/2/2/2/0
  • RBG: 768

Posted 14 January 2013 - 06:50 PM

This stuff about changing your MAC address is pure madness. What you're doing is spoofing it.

In the land when dinosaurs roamed and every home didn't have a router, your ISP's DHCP server bound your computer's MAC address to an IP from their pool. This is the basis for every ethernet switched network, it's called ARP (or RARP the other way around).

So when you changed NICs or computers, there was no information in the cache for your new MAC address until it was refreshed. I'm assuming this is what most of you are trying to accomplish by spoofing your MAC address, but I'm not even sure if this is how ISPs still operate or not.

If you use a router, it's pointless to spoof your computer's MAC address because the IP from your ISP is typically bound to the WAN port of your router (which has it's own MAC address). At best, you might negotiate a different local IP from your router.

Now, if you were to spoof your router's MAC address, then maybe it'll pull a new IP from the address pool, but I wouldn't guarantee it.

#15 Nightmonkey

Nightmonkey
  • Junkies
  • Humanclass_name
  • US-Darkspear
  • Cyclone
  • Posts: 499
  • Talents: Holy 0/0/1/2/0/0
  • RBG: 1999

Posted 15 January 2013 - 01:17 AM

I see a lot of people scream DDOS at the first sign of connection problems, but the people that cry about DDOS never seem to have any idea about what it means.

Did I miss something, or is it just a lot easier to get ahold of a botnet or a group of people willing to join in on a DDOS attack these days than it used to be?  Just one person spamming you with packets isn't going to do anything unless your connection/hardware is just really shitty.

#16 reizen

reizen
  • Junkies
  • Taurenclass_name
  • US-Bleeding Hollow
  • Ruin
  • Posts: 156
  • Talents: Elemental 1/2/2/1/0/0
  • 2v2: 1529
  • 3v3: 1734
  • RBG: 384

Posted 15 January 2013 - 06:07 AM

botnet is like really easy to get
Posted Image

Posted Image

#17 ROKMODE

ROKMODE

Posted 15 January 2013 - 06:38 AM

the solution is to ddos said person back
I want some DDOS gang wars
Expect bias in posts because
Wotlk is the best thing since sliced bread

#18 vaibs

vaibs
  • Wîzysmâlls
  • Junkies
  • Dwarfclass_name
  • EU-Ravencrest
  • Cyclone / Wirbelsturm
  • Posts: 37
  • Talents: Restoration 0/1/1/1/0/0
  • 2v2: 2046
  • 3v3: 2531
  • RBG: 2138

Posted 15 January 2013 - 11:17 PM

no, wrong very wrong sir.

Edited by rango, 15 August 2013 - 01:32 PM.


#19 Zerstiren

Zerstiren
  • Junkies
  • Humanclass_name
  • US-Darkspear
  • Cyclone
  • Posts: 166
  • Talents: Holy 2/1/1/2/2/0
  • LocationNew Jersey

Posted 15 January 2013 - 11:27 PM

Every single popular forum software stores your IP in some un-encrypted format.  Not only can you ascertain a person's IP from the sub-forums themselves, but you can make your job a lot easier by simply sending them a PM =].

Also, your IP address isn't supposed to be a secret.  I agree, if you change your IP, you can avoid a lot of the hassle, but read the post carefully (which I can tell you didn't).  It isn't about changing your IP, it is about managing connection flooding.

If your are being 100% bandwidth flooded (50-100 Mbps for the majority of users), you have a lot more to worry about.

#20 Caribou

Caribou
  • Junkies
  • Posts: 27

Posted 15 January 2013 - 11:33 PM

It is pretty much unavoidable for people in countries where their ISP won't dish out a new IP from a router restart and with some being too stubborn to manually assign a new IP. Those in countries with a dynamic IP can avoid it by just resetting their router and not accessing anything other than WoW and a new Skype or a different form of communication program on a fresh account you're just reducing connection with anything other than those you are playing with and WoW. A proxy again is useful however it is still inconvenient considering DDoSing such Skype proxies can result in Skype dcing and crashing which in turn hinders gameplay, people should look for an alternative method of communication (especially those participating in tournaments) after resetting their IP.

Edited by Caribou, 15 January 2013 - 11:40 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

<