|
Moderator note: The instructions in this thread will do nothing to protect you from a DDoS attack. The only way to prevent an attack is to avoid your IP address becoming public. |
It probably wouldn't take much bandwith to take down the proxy and with it dies his Skype connection. The only thing it shows is that the attacks are most likely tiny (if they are still happening).
Through means of elimination i could also most likely obtain his IP address, the only thing i would need is the city he resides in plus which sites/threads he visits, you could upload an image to a thread on site-x/thread-y he visits and collect all IP's matching a certain vicinity. If he is really stupid you could just send him a pm. The attacker already knows the ISP he uses (from the last attack), so the list of possibles i assume would be quite small. Plus you will be able to see on his stream which IP belongs to him, or rather not see i suppose.
What i am trying to say is that there are always ways if you are determined and i believe Destiny angered motivated quite a lot of people.
|
LunaSea helps for two possible bottlenecks: - Router CPU capacity - Network traffic between router and your PC
However, it does nothing to help against this problem:
|
^
That is an amazing illustration.
I should try to clarify the arguments of both parties..
From what I understand, there are two bottlenecks. The first is from your ISP to your router, and the second is the ability of your router to process incoming packets. The OP is arguing that bottleneck 1 is large enough to allow small-scale DDoS attacks through but the attack jams up bottleneck 2. The other party is arguing that the attack clogs up bottleneck 1. But which is true? How large are the DDoS attacks made by little kids with their parents' credit cards? How much data do these attacks send? Anyone knows the details of these attacks?
I hope you guys understand what I'm saying.
|
On September 04 2012 09:16 icydergosu wrote:It probably wouldn't take much bandwith to take down the proxy and with it dies his Skype connection. The only thing it shows is that the attacks are most likely tiny (if they are still happening). Through means of elimination i could also most likely obtain his IP address, the only thing i would need is the city he resides in plus which sites/threads he visits, you could upload an image to a thread on site-x/thread-y he visits and collect all IP's matching a certain vicinity. If he is really stupid you could just send him a pm. The attacker already knows the ISP he uses (from the last attack), so the list of possibles i assume would be quite small. Plus you will be able to see on his stream which IP belongs to him, or rather not see i suppose. What i am trying to say is that there are always ways if you are determined and i believe Destiny angered motivated quite a lot of people.
The people who pay for bots to DDOS people don't know how to do what you mentioned above. And even if they do/did and wanted to spend the time to do so, they would only obtain his proxy and not his actual IP, in which case he would change the proxy. My guess is that he also uses whitecap or SocksProx for his browser as well, so again you're only getting his proxy. I don't think you could tell based off his stream his IP or proxy. Either way this is just a deterrent and an effective one at that.
|
Wow you people. OP, try actually justifying why you think you are right instead of being so cocky and militantly wrong. Especially when you don't recognize that the origin of a packet has no relevance. When we say "sent by your ISP", it means "forwarded by your ISP", there is no difference. The internet works by packet forwarding from one address to the next until the packet gets to its destination. Also I must say "lol" at the people saying "go test it!". Yeah go commit a serious crime just so you can test something that you can easily figure out otherwise. Personally I never really thought about where the bottleneck would be in a DDoS, but just thinking about it for 5 seconds it seems obvious the bottleneck would be BEFORE the packets even got to your router. If a DDoS was done by exploiting a bottleneck at your home router, then that means your ISP would have to be sending you data at a bitrate far higher than is typically allotted for a home internet connection. This is obviously not true, so you can deduce pretty easily that nothing you can do to your home router will likely be able to help you avoid a DDoS.
edit: Also I forgot to mention that you people who actually understand this stuff shouldn't put the "wrong" people down so much. Just because they've made some incorrect inferences doesn't warrant an "OMG you obviously know NOTHING ABOUT NETWORKING GARRRRRR". A lot of people in the thread obviously know something, but some are lacking some understanding somewhere that makes them not see why they wrong. The fact that OP is so cocky in his wrongness is annoying though.
|
|
The OP is clueless about networking, Pumplekin has his facts straight. There isn't really much that you can do.
The typical solo player on a limited budget should just reboot their router to hopefully get a new IP from their ISP, close every non-essential networking app on their PC so that they don't leak the new IP, and prey that the attack isn't big enough to affect the whole ISP (it most likely isn't).
EG house already took the first step that any team house should do by having multiple internet connections but afaict they haven't made it easy to switch between the connections when one is hammered.
LAN tournaments can't do much about it unless they want to block everything except the games being played to try to prevent their public IP from being found out.
Any of them could also use a linux router (even consumer grade wifi routers with a 3rd party firmware) to do policy based routing so that only approved services that won't leak the public IP would be sent over one connection and everything else would be sent over another connection (could be a VPN or another real connection). However, this is complicated to set up and maintain so I don't actually expect anyone to really do it, not even LAN's.
|
On September 04 2012 09:36 NoobSkills wrote:Show nested quote +On September 04 2012 09:16 icydergosu wrote:It probably wouldn't take much bandwith to take down the proxy and with it dies his Skype connection. The only thing it shows is that the attacks are most likely tiny (if they are still happening). Through means of elimination i could also most likely obtain his IP address, the only thing i would need is the city he resides in plus which sites/threads he visits, you could upload an image to a thread on site-x/thread-y he visits and collect all IP's matching a certain vicinity. If he is really stupid you could just send him a pm. The attacker already knows the ISP he uses (from the last attack), so the list of possibles i assume would be quite small. Plus you will be able to see on his stream which IP belongs to him, or rather not see i suppose. What i am trying to say is that there are always ways if you are determined and i believe Destiny angered motivated quite a lot of people. The people who pay for bots to DDOS people don't know how to do what you mentioned above. And even if they do/did and wanted to spend the time to do so, they would only obtain his proxy and not his actual IP, in which case he would change the proxy. My guess is that he also uses whitecap or SocksProx for his browser as well, so again you're only getting his proxy. I don't think you could tell based off his stream his IP or proxy. Either way this is just a deterrent and an effective one at that.
Assume we got his proxy's IP from Skype. Then we take down his 5$ server from a shitty reseller. At this point he is already annoyed and can't use Skype anymore. If he gets another proxy (which would be pointless if he doesn't spend a lot of money) you could just repeat the procedure. Regarding seeing his IP (at this point i assume he doesnt use his cheap server anymore because it's pointless), i will see the effect the attack has on the list of possible Destiny IP's on his stream (=no stream).
What phuzi0n describes could be easily setup using zeroshell. http://www.zeroshell.net/
|
On September 04 2012 09:24 CheeseSucker wrote:LunaSea helps for two possible bottlenecks: - Router CPU capacity - Network traffic between router and your PC However, it does nothing to help against this problem: Even though it appears to lack car anologies I like the illustration. Did you make it in mspaint?
|
Yep, no need to use anything more advanced than mspaint =) If it makes you feel better, you can think of the drops as very small cars.
I prefer to see it as a sewage system.
|
On September 04 2012 09:16 icydergosu wrote:It probably wouldn't take much bandwith to take down the proxy and with it dies his Skype connection. The only thing it shows is that the attacks are most likely tiny (if they are still happening). Through means of elimination i could also most likely obtain his IP address, the only thing i would need is the city he resides in plus which sites/threads he visits, you could upload an image to a thread on site-x/thread-y he visits and collect all IP's matching a certain vicinity. If he is really stupid you could just send him a pm. The attacker already knows the ISP he uses (from the last attack), so the list of possibles i assume would be quite small. Plus you will be able to see on his stream which IP belongs to him, or rather not see i suppose. What i am trying to say is that there are always ways if you are determined and i believe Destiny angered motivated quite a lot of people.
Well I don't know if he's right or not, just adding his input for whatever it's worth.
I have no idea what the fuck anyone is actually talking about in this thread. I just happened to remember this blog Destiny posted.
|
On September 04 2012 10:01 icydergosu wrote:What phuzi0n describes could be easily setup using zeroshell. http://www.zeroshell.net/ If you're referring to what I said about EG house then I would not recommend using automatic failover because then the attacker will just get all your IP's before you shut down the apps that are leaking them.
If you're referring to policy based routing then it is a completely different beast from failover or other simple forms of load balancing. First you would have to determine what is safe to let through on the clean line that won't advertise your IP to an attacker (which is not an easy task), then you need to configure the router to send those protocols/ports over the clean line (usually using CLI commands, haven't ever seen any GUI do it), then when an attack happens the services on the clean line won't be affected but everything on the dirty line will still go down.
|
Actually something I'm not sure about with regards to the DDoS is if the DoS is actually due to buffers at the ISP's routers being overwhelmed and therefore just flushed of packets, or is it because the ISP can handle the traffic fine but is conciously dropping random packets at some rate in order to throttle the bandwidth only to the destination (the streamer's IP in this case). I'm not sure of the details of how this works. If the second suggestion is true, I can see a scenario where I could see OP's solution being helpful. That is a scenario where the streamer's upstream traffic is unimpeded, there is little downstream traffic required to stream to twitch, and twitch is able to function even with having to resend data to the streamer with significant delay in response. A lot of "if"s. Would appreciate it if someone can educate me where I indicated I was unsure
edit: in case people didn't get it from my post, I still think it is very unlikely the OP's solution would help at all
|
On September 04 2012 10:23 phuzi0n wrote:If you're referring to what I said about EG house then I would not recommend using automatic failover because then the attacker will just get all your IP's before you shut down the apps that are leaking them. If you're referring to policy based routing then it is a completely different beast from failover or other simple forms of load balancing. First you would have to determine what is safe to let through on the clean line that won't advertise your IP to an attacker (which is not an easy task), then you need to configure the router to send those protocols/ports over the clean line (usually using CLI commands, haven't ever seen any GUI do it), then when an attack happens the services on the clean line won't be affected but everything on the dirty line will still go down.
Yeah if you have routing rules in place doing automatic failover would be pointless.
I think its an easy enough task to work out the (critical) routing rules, we could even provide a collective Zeroshell profile for everybody. I assume SC2 + Twitch being the most important ones?
You can do policy based routing through the GUI in zeroshell, very quickly.
|
On September 04 2012 08:50 Tayar wrote: i know nothing about DDoS, but pumplekin's posts have the best grammar, so i guess he's right. -_-
you made me laugh
|
The number of scriptkiddies in this thread is overwhelming
|
I did a lot of research on the subject these last hours. And I'm sorry guys, you were right and I was wrong ... !
On the same subject, what could help streamers, players and tournaments besides zeroshell configs ?
On September 04 2012 10:48 bakarin wrote: The number of scriptkiddies in this thread is overwhelming
Why do you say this ?
|
there's really nothing you can do except vigorously defend your ip.
|
I did a lot of research on the subject these last hours. And I'm sorry guys, you were right and I was wrong ... !
that's impressive, good on you.
|
On September 04 2012 10:01 icydergosu wrote:Show nested quote +On September 04 2012 09:36 NoobSkills wrote:On September 04 2012 09:16 icydergosu wrote:It probably wouldn't take much bandwith to take down the proxy and with it dies his Skype connection. The only thing it shows is that the attacks are most likely tiny (if they are still happening). Through means of elimination i could also most likely obtain his IP address, the only thing i would need is the city he resides in plus which sites/threads he visits, you could upload an image to a thread on site-x/thread-y he visits and collect all IP's matching a certain vicinity. If he is really stupid you could just send him a pm. The attacker already knows the ISP he uses (from the last attack), so the list of possibles i assume would be quite small. Plus you will be able to see on his stream which IP belongs to him, or rather not see i suppose. What i am trying to say is that there are always ways if you are determined and i believe Destiny angered motivated quite a lot of people. The people who pay for bots to DDOS people don't know how to do what you mentioned above. And even if they do/did and wanted to spend the time to do so, they would only obtain his proxy and not his actual IP, in which case he would change the proxy. My guess is that he also uses whitecap or SocksProx for his browser as well, so again you're only getting his proxy. I don't think you could tell based off his stream his IP or proxy. Either way this is just a deterrent and an effective one at that. Assume we got his proxy's IP from Skype. Then we take down his 5$ server from a shitty reseller. At this point he is already annoyed and can't use Skype anymore. If he gets another proxy (which would be pointless if he doesn't spend a lot of money) you could just repeat the procedure. Regarding seeing his IP (at this point i assume he doesnt use his cheap server anymore because it's pointless), i will see the effect the attack has on the list of possible Destiny IP's on his stream (=no stream). What phuzi0n describes could be easily setup using zeroshell. http://www.zeroshell.net/
Each attempt would take a bunch of time by the one attempting to obtain the proxy's IP. Then they would have to ask the bot service(which most use) to attack that proxy. Proxy dies, so all connections does. Then you change your connections to the next proxy. Either way I think even 2 proxies would be enough to sufficiently deter most people, but then there are those try hards (which I don't really understand), so you should have a steady backup list. Though imo it would be best to get with your ISP to attempt to get them to block these types of attacks if they even can.
|
|
|
|