Jump to content

Block Skype Resolvers From Capturing Your IP Address (Protection from DDOS)

ddos skype

  • Please log in to reply
67 replies to this topic

#1 zaeya

zaeya
  • Junkies
  • Undeadclass_name
  • US-Tichondrius
  • Bloodlust
  • Posts: 164
  • Talents: Discipline 1/0/1/1/2/1

Posted 21 January 2013 - 08:06 PM

Poppychulo posted a thread covering how to protect yourself from DDOS without using a proxy. This actually works, despite the fact that you may or may not trust him. He didn't write the VBS script and I remembered seeing it on a few forums during the summer and can confirm that this does work.

The reason people are so easily able to pull your IP right now is because of an exploit in the way Skype is programmed. By making use of this exploit, your IP is exposed as long as Skype is sending/receiving data with your username as long as you are connected to the internet and Skype is on your computer. This is why, despite numerous Skype username and IP changes, you could still be instantly DDOS'd again. The only way to combat this, other than removing Skype or never connecting to the internet without an intermediate connection, is to patch Skype to fix the exploit, effectively blocking Skype resolvers from capturing your IP address.

This works for Windows XP and up, I will work on writing one for Macs. You need to have TOR installed. (https://www.torproject.org/)

I personally just downloaded the TOR Expert Bundle and ran TOR.exe with elevated privileges. The default configuration (torrc) works with this script as it is. You could also download the Vidalia bundle and change the configurations. There are several YouTube video Tutorials on setting it up with various applications.

Make sure to change your IP AFTER patching Skype. You will need to do this because resolvers return the last known good IP if they are unable to find the current one.

Quit Skype.

Open notepad and copy and paste this VBS script :


Script:


Set objShell = WScript.CreateObject("WScript.Shell")
ss= objShell.RegRead ("HKEY_CURRENT_USER\Software\Skype\Phone\SkypePath")
ss= """" + ss + """"
'Add Block rule
objShell.run "netsh advfirewall firewall add rule name=""SkypeBlockTCP"" dir=out action=block program=" + ss + " enable=yes protocol=any profile=any"
'Add Allow rule
objShell.run "netsh advfirewall firewall add rule name=""SkypeAllowToProxy"" dir=out action=allow program=" + ss + " enable=yes remoteip=127.0.0.1"
'Turn On firewall
objShell.run "Netsh advfirewall set allprofiles state on"
msgbox "Skype Is Patched Successfully."

If you get an error (the box will pop up and disappear, you may not be able to read it).

Posted Image

Use this script instead:

If WScript.Arguments.length =0 Then
  Set objShell = CreateObject("Shell.Application")
  'Pass a bogus argument with leading blank space, say [ uac]
  objShell.ShellExecute "wscript.exe", Chr(34) & _
  WScript.ScriptFullName & Chr(34) & " uac", "", "runas", 1
Else
  Set objShell = WScript.CreateObject("WScript.Shell")
  ss= objShell.RegRead ("HKEY_CURRENT_USER\Software\Skype\Phone\SkypePath")
  ss= """" + ss + """"
  'Add Block rule
  objShell.run "netsh advfirewall firewall add rule name=""SkypeBlockTCP"" dir=out action=block program=" + ss + " enable=yes protocol=any profile=any"
  'Add Allow rule
  objShell.run "netsh advfirewall firewall add rule name=""SkypeAllowToProxy"" dir=out action=allow program=" + ss + " enable=yes remoteip=127.0.0.1"
  'Turn On firewall
  objShell.run "Netsh advfirewall set allprofiles state on"
  msgbox "Skype Is Tored"
End If

Save this as dafaq.vbs, make note of the location you saved it in.

Hold the Windows key and type r. Use the Browse button to find the VBS file you saved. Select it, and click run.

If it was successful you should see a message box indicating it was Patched successfully.

DISCONNECT FROM THE INTERNET. I would recommend disconnecting your modem from its power source.

Open Skype and navigate to Connection options.
Posted Image

Use the following settings (make sure it matches perfectly, otherwise it will not work):

Posted Image

Reconnect your internet connection. Change your IP. Connect to Skype. Congrats, you can't be resolved!

Edited by zaeya, 22 January 2013 - 03:22 AM.


#2 Saru93

Saru93
  • Junkies
  • Night Elfclass_name
  • EU-Outland
  • Misery
  • Posts: 929
  • Talents: Holy 1/1/0/1/1/1

Posted 21 January 2013 - 08:32 PM

ok x

#3 Mik._.

Mik._.
  • Junkies
  • Orcclass_name
  • US-Tichondrius
  • Bloodlust
  • Posts: 535
  • Talents: Subtlety 2/2/2/1/0/2
  • LocationAUS

Posted 21 January 2013 - 08:42 PM

+1 confirmed


#4 Beckinsalelol

Beckinsalelol
  • Junkies
  • Orcclass_name
  • US-Tichondrius
  • Bloodlust
  • Posts: 17
  • Talents: Affliction 0/2/0/0/2/0
  • RBG: 2356

Posted 21 January 2013 - 10:22 PM

MARRY ME

#5 Hyrmine

Hyrmine
  • Junkies
  • Humanclass_name
  • EU-Sylvanas
  • Rampage / Saccage
  • Posts: 3168
  • Talents: Arms 2/1/1/1/1/0

Posted 21 January 2013 - 10:34 PM

Might as well put all those solutions into one thread and sticky it.

#6 andysc

andysc
  • Meepmop
  • Junkies
  • Orcclass_name
  • US-Destromath
  • Rampage
  • Posts: 408
  • Talents: ./././././.
  • RBG: 1753

Posted 21 January 2013 - 10:41 PM

damn eu scum bringing ddos to us

#7 bobjob1

bobjob1
  • Junkies
  • Undeadclass_name
  • US-Tichondrius
  • Bloodlust
  • Posts: 517
  • Talents: Frost 1/1/0/2/2/2
  • RBG: 2226

Posted 21 January 2013 - 10:41 PM

how do you get to the tor network without the dumb browser open?
Posted Image

#8 Capstone

Capstone
  • Junkies
  • Humanclass_name
  • US-Kel'Thuzad
  • Nightfall
  • Posts: 654
  • Talents: Frost 2/2/0/1/0/0/1
  • 3v3: 2259
  • RBG: 1973

Posted 21 January 2013 - 10:41 PM

ok i post to +1

#9 Phillol

Phillol
  • Junkies
  • Orcclass_name
  • US-Mal'Ganis
  • Stormstrike
  • Posts: 862
  • Talents: Frost 2/0/1/0/0/0
  • RBG: 2278

Posted 21 January 2013 - 10:49 PM

View Postzaeya, on 21 January 2013 - 08:06 PM, said:

Poppychulo

great guy poppy helping people what's next :duckers:

Edited by Phillol, 21 January 2013 - 10:50 PM.


#10 andysc

andysc
  • Meepmop
  • Junkies
  • Orcclass_name
  • US-Destromath
  • Rampage
  • Posts: 408
  • Talents: ./././././.
  • RBG: 1753

Posted 21 January 2013 - 10:52 PM

Didn't work for me, I can resolve my new IP from one of the hundreds of Skype resolvers out there. Just sayin'.

#11 Dakkrothy

Dakkrothy
  • Junkies
  • Humanclass_name
  • EU-Outland
  • Misery
  • Posts: 1118
  • Talents: Destruction 1/2/1/2/2/2
  • RBG: 2484

Posted 21 January 2013 - 11:12 PM

Download proxifier -> go to hidemyass.com -> find a working one with port 3128 & test it on proxifier(the lower ms the better) -> go to https://dl.dropbox.c...itch/skype.html - type in Proxy IP + port -> save to disk -> merge the file -> restart computer -> reset IP and you SHOULD be set, make sure u do it on your annoying ass brothers skype & computer too.... Or it'll end up just like Ondskan where they cant reach Erik so they torture poor Pierre instead




OP - I haven't tried this yet but I'll defo do it if my ddos problems persist ;(

Edited by Dakkrothy, 21 January 2013 - 11:13 PM.


#12 Snackumz

Snackumz
  • Junkies
  • Humanclass_name
  • US-Tichondrius
  • Bloodlust
  • Posts: 420
  • Talents: Destruction 2/1/2/2/2/0/.
  • 2v2: 2233
  • 3v3: 2970
  • 5v5: 1248
  • RBG: 2289

Posted 21 January 2013 - 11:40 PM

Poppychulo

#13 Kaylol

Kaylol
  • Junkies
  • Humanclass_name
  • US-Tichondrius
  • Bloodlust
  • Posts: 169
  • Talents: Fire 1/0/2/2/1/.

Posted 21 January 2013 - 11:48 PM

Problem is people can still sniff your IP, so it will go back to people just adding your skype before you get dosd. Same thing with Dolby.

#14 zaeya

zaeya
  • Junkies
  • Undeadclass_name
  • US-Tichondrius
  • Bloodlust
  • Posts: 164
  • Talents: Discipline 1/0/1/1/2/1

Posted 21 January 2013 - 11:56 PM

View Postandysc, on 21 January 2013 - 10:52 PM, said:

Didn't work for me, I can resolve my new IP from one of the hundreds of Skype resolvers out there. Just sayin'.
You aren't doing something correctly then. Not a single person has been able to resolve my IP, with over 30 resolvers. They are all getting the IP I had right before I patched as the last known good IP. Have about 10 reports that it is also working for them since August. My Skype name is listed right there (cherp.cherp), try to pull my IP with one of the resolvers you are using. If it is 72.196.213.131 or 72.209.193.81, neither have been correct for 5-7 hours since I patched. If you get something else, let me know and I will go back to the drawing board.


View PostKaylol, on 21 January 2013 - 11:48 PM, said:

Problem is people can still sniff your IP, so it will go back to people just adding your skype before you get dosd. Same thing with Dolby.

Yes, people can still sniff your IP, but the resolver made it a lot easier for them. Without it, you can log onto another Skype name and play without them getting your IP address despite your efforts. Also, the sheer volume of people who have access to shell booters with skype resolvers is a lot larger than the number of people who know how to properly sniff your IP address with netstat. The reason DDOSing is so out of control right now is because anyone who knows how to log into a website can obtain your IP address and start an attack. This is definitely a huge roadblock for most of the people who are DDOSing us currently.

Edited by zaeya, 21 January 2013 - 11:57 PM.


#15 [email protected]

[email protected]
  • Junkies
  • Humanclass_name
  • US-Kel'Thuzad
  • Nightfall
  • Posts: 118
  • Talents: Retribution
  • RBG: 2326

Posted 22 January 2013 - 12:04 AM

delete thread plz ty
Posted Image

#16 Oakenwynd

Oakenwynd
  • Junkies
  • Humanclass_name
  • US-Cenarius
  • Whirlwind
  • Posts: 67
  • Talents: Protection 0/1/2/1/1/2

Posted 22 January 2013 - 12:05 AM

how do I unpatch skype? my calls keep dropping after doing this.

#17 Aekl

Aekl
  • Premium Junkies
  • Curse Premium
  • Night Elfclass_name
  • US-Lightbringer
  • Whirlwind
  • Posts: 160
  • Talents: Mistweaver 1/0/1/2/2/2
  • RBG: 2505

Posted 22 January 2013 - 12:18 AM

To unpatch:

Set objShell = WScript.CreateObject("WScript.Shell")
objShell.run "netsh advfirewall firewall delete rule name=""SkypeBlockTCP"""
objShell.run "netsh advfirewall firewall delete rule name=""SkypeAllowToProxy"""
msgbox "Skype Isn't Tored"

name it: undon.VBS
Posted Image

#18 Oakenwynd

Oakenwynd
  • Junkies
  • Humanclass_name
  • US-Cenarius
  • Whirlwind
  • Posts: 67
  • Talents: Protection 0/1/2/1/1/2

Posted 22 January 2013 - 12:21 AM

Thank you sir.

#19 Koshimo

Koshimo
  • Junkies
  • Humanclass_name
  • US-Tichondrius
  • Bloodlust
  • Posts: 609
  • Talents: Holy 0/0/1/2/2/0
  • 2v2: 1805
  • 3v3: 2099
  • RBG: 1706

Posted 22 January 2013 - 01:01 AM

Straight up doesn't work for me, you said you need to have TOR installed but what exactly do you have to do with it?

#20 zaeya

zaeya
  • Junkies
  • Undeadclass_name
  • US-Tichondrius
  • Bloodlust
  • Posts: 164
  • Talents: Discipline 1/0/1/1/2/1

Posted 22 January 2013 - 01:52 AM

View PostKoshimo, on 22 January 2013 - 01:01 AM, said:

Straight up doesn't work for me, you said you need to have TOR installed but what exactly do you have to do with it?

There is some configuration for TOR, but I never configured it. I don't use TOR Browser either. I have both TOR and TOR browsers installed, but like I said, I've never configured them. Are you certain you have these settings exactly? I've been safe for about 8 hours now with no one able to grab my new IP. Try changing your IP again and see if they are able to resolve it or if it still obtains your old IP address as the last known good IP.





Also tagged with one or more of these keywords: ddos, skype

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

<