Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




12 posts

Geek


# 257175 19-Sep-2019 11:58
Send private message quote this post

Recently had a flatmate get DDOSed when he was gaming.  Made our internet terrible until I spoke to our ISP who said we were DDOSed and they blocked my IP.  They said it affects other customers and their whole network and if it happened again they would close our account.  When asked how to stop it happening again they said there was no way apart from "be careful" and their only protection against it was closing my account if it happens again.

 

Firstly, what can I do on my end to ensure it doesn't happen again.

 

Secondly, why can an ISP in 2019 not have some form of protection against something that they said I can't stop happening and threaten to close my account?


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2

xpd

Chief Trash Bandit
10037 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 2320265 19-Sep-2019 12:05
2 people support this post
Send private message quote this post

I'm taking a guess he was playing CoD......

 

 

 

Unfortunately, not much you can do apart from don't get into arguments online with people with more bandwidth than you.

 

Its too much admin and infrastructure changes needed to be able to protect each user.

 

 

 

Ask for a new IP, and just hope it dosent happen again but they are within their rights to ask you to leave if your activities degrade their systems.

 

 





XPD / Gavin / DemiseNZ

 

Server : i5-3470s @ 3.50GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  20GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, emulation, geekery, and my attempts at photography.     Now on BigPipe 100/100 and 2Talk

 

Emulation - The art of getting your $4000 PC to run an 80's system - and still fails.

 

Add me on Steam


2132 posts

Uber Geek

Trusted

  # 2320270 19-Sep-2019 12:14
2 people support this post
Send private message quote this post

Because putting in DDoS mitigation into an ISP environment usually carries with it a degree of difficulty, plus DDoS solutions on the market are usually quite expensive and can sometimes not even be that effective (It's been ~15 years since I was last in knee deep in ISP world, so this has probably changed somewhat, someone I'm sure will correct me)

 

Either way, I'd suggest it's a lot cheaper to cut loose a customer who keeps getting DDoS'd than it is to spend a lot of money on a DDoS solution.

 

If I badly crashed my car 10 times in a single year, I suspect that regardless of my "no claims bonus for life!" I'd not be allowed to renew my policy.  A business is allowed to choose who it does business with (or not), annoying as that may be.


 
 
 
 




12 posts

Geek


  # 2320274 19-Sep-2019 12:19
One person supports this post
Send private message quote this post

If I badly crashed my car 10 times in a single year, I suspect that regardless of my "no claims bonus for life!" I'd not be allowed to renew my policy.  A business is allowed to choose who it does business with (or not), annoying as that may be.

 

 

 

 

But if someone crashed into my car 10 times in a year and I wasn't at fault surely they'd renew my policy.  Agree with your second part, but without any way to stop being DDOSed it seems odd the fault is put on me.

 

Can an ISP even track who did the DDOS?  From what I've read it's very illegal to do so why punish the victim?


xpd

Chief Trash Bandit
10037 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 2320277 19-Sep-2019 12:25
Send private message quote this post

They can trace it to a degree, but most DDOS is via botnets, so lots of PCs scattered around the planet.......  so you may think you've got their IP, only to find its someone innocent whose PC has been assimilated into a botnet at some point.

 

The car example isn't the best, as its only you vs them, whereas the DDOS against an ISP can affect thousands of others at once. 





XPD / Gavin / DemiseNZ

 

Server : i5-3470s @ 3.50GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  20GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, emulation, geekery, and my attempts at photography.     Now on BigPipe 100/100 and 2Talk

 

Emulation - The art of getting your $4000 PC to run an 80's system - and still fails.

 

Add me on Steam


876 posts

Ultimate Geek

Lifetime subscriber

  # 2320281 19-Sep-2019 12:35
Send private message quote this post

Have you done a Google search on DDOS?

 

ie ddos controls for gamers

 

Here a a couple of interestings reads...

 

https://www.imperva.com/blog/protecting-gamers-from-dos-ddos-attacks/

 

https://www.vocus.co.nz/business/security?gclid=EAIaIQobChMI9eHM7NDb5AIVxiMrCh10MQuVEAAYAyAAEgLPRPD_BwE

 

 





Gordy


1791 posts

Uber Geek


  # 2320286 19-Sep-2019 12:50
Send private message quote this post

Gordy7:

Have you done a Google search on DDOS?


ie ddos controls for gamers


Here a a couple of interestings reads...


https://www.imperva.com/blog/protecting-gamers-from-dos-ddos-attacks/


https://www.vocus.co.nz/business/security?gclid=EAIaIQobChMI9eHM7NDb5AIVxiMrCh10MQuVEAAYAyAAEgLPRPD_BwE


 



There’s nothing in those links about an ISP dropping a customer, because someone else is doing an illegal activity. The first one mentions about just changing your IP number, which seems to be not a solution for the ISP.

The second link with Vocus suggests they can protect a business customer from DDOS , no threat of dropping a business customer.

Edit: from second link:

We can filter out known DDoS attacks before they even reach your network and with attack alerting and reporting, you always know what's going on.

'That VDSL Cat'
11032 posts

Uber Geek

Trusted
Spark
Subscriber

  # 2320319 19-Sep-2019 13:25
Send private message quote this post

so DDoS protection is actually quite expensive.

 

 

 

Most provided have pretty blanket rules, be it a simple null of your traffic or as far as hey customer change things to stop causing this from happening...

 

There is no perfect way to deal with it, and as long as providers are clear and have it in their terms etc, power to them?

 

 

 

 

 

You have to remember, if you as a customer are regularly being hit with say a 100gbit ddos attack, that data has to go somewhere.

 

If it's all going down the pipe right through to your connection, Your performance is going to suck. not only that, it's also going to affect everything along that path.

 

But it's also going to heavily hurt all the other users. Providers need to seriously balance that.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


 
 
 
 


22524 posts

Uber Geek

Trusted
Subscriber

  # 2320323 19-Sep-2019 13:29
6 people support this post
Send private message quote this post

Tell the flatmate to get their own connection if they are going to keep attracting trouble when online.





Richard rich.ms

876 posts

Ultimate Geek

Lifetime subscriber

  # 2320338 19-Sep-2019 13:49
Send private message quote this post

OP does not say who his ISP is or their T&C with respect to DDOS and heavy traffic usage...

 

 





Gordy


xpd

Chief Trash Bandit
10037 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 2320353 19-Sep-2019 14:18
Send private message quote this post

Gordy7:

 

OP does not say who his ISP is or their T&C with respect to DDOS and heavy traffic usage...

 

 

Spark do have this under their general residential terms which they could use. I'd say most ISP's have something similar.

 

Use our Services without annoying anyone else, and without interfering with anyone else's use of our Services.

 

 

 

 





XPD / Gavin / DemiseNZ

 

Server : i5-3470s @ 3.50GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  20GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, emulation, geekery, and my attempts at photography.     Now on BigPipe 100/100 and 2Talk

 

Emulation - The art of getting your $4000 PC to run an 80's system - and still fails.

 

Add me on Steam


28269 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 2320423 19-Sep-2019 14:54
One person supports this post
Send private message quote this post

Wolf555:

 

But if someone crashed into my car 10 times in a year and I wasn't at fault surely they'd renew my policy. 

 

 

This really is a great comparison but not in the way you're thinking. I would not expect to get a policy renewed if I was hit 10 times in my car, regardless of who was at fault.

 

 


610 posts

Ultimate Geek


  # 2320435 19-Sep-2019 15:01
2 people support this post
Send private message quote this post

It's "unfair" for your ISP to drop you, but it's also the only reasonable response they can take.

 

There's no easy solution to DDoS attacks. You can't "block" them - the data simply has to go somewhere. Companies like Cloudflare who specialise in protecting against DDoS do it by having an overwhelming amount of bandwidth and routing capability available - enough to soak up the attack. No ISP can afford to do anything similar. As the attack stuffs things up for not just you but the ISP's other customers as well, they really have no choice but to drop customers for whom this is a persistent problem.

 

Being targeted by a DDoS attack should be an extremely rare event. It could happen to anyone once out of pure bad luck, but if it happens to your flatmate again any time soon, you'd have to conclude that he should probably lay off the trash talk while playing video games - or get his own dedicated connection and deal with the consequences.


470 posts

Ultimate Geek


  # 2320445 19-Sep-2019 15:16
Send private message quote this post

It sucks but it is what it is. I mean what can you do aside from putting yourself behind a vpn or cloudflare or something.

1791 posts

Uber Geek


  # 2320474 19-Sep-2019 16:24
One person supports this post
Send private message quote this post

If it doesn’t stuff up performance for gaming a VPN may solve it, at reasonable cost.
Looks like some VPN’s are geared toward  dealing with DDoS. 

 

Recent article:

 

 

 

https://www.techradar.com/au/vpn/best-gaming-vpn

 

 


3404 posts

Uber Geek

Trusted

  # 2322184 21-Sep-2019 20:26
Send private message quote this post

There are several parts to this: 

 

1) The reasons and theory
So your playing a game and your a punk kid. Suddenly some other punk kid starts beating you. You tell them your going to DDOS them if they dont stop, but they carry on, or they get into an argument. 

 

The only way to solve your problem and win the game is to prevent the other player from taking part in the game. One way to do that is to flood their internet connection. 

 

2) NAT routers and pipes
Unexpected incoming packets generally hit the router and then because they are unexpected, get dropped rather than being delivered to a computer on the internal network. 

 

The various pipes that make up the internet along the path to a connected users router have differing capacities. Generally the last mile is the slowest - perhaps its a 30mbit DSL connection or maybe a 1gbit fiber connection. 
If enough packets were coming in and getting dropped by the router, the last mile pipe or even the router CPU could be flooded with useless packets meaning the wanted traffic (users behind the router surfing/gaming) wouldnt be able to get through. 

 

3) Botnets 
A botnet is a collection of computers, security cameras, IOT devices, other routers etc that have been hacked or infected with a virus and are under the control of a master controller / person. The owners of that hardware generally doesnt know their devices are part of a botnet. 

 

The master of the botnet can lease out control of the botnet. Its usually in 5 to 15 minute blocks. 

 

4) Rent a botnet, create a DDOS attack 
The player can go and open a new browser window, visit Jim's Rent-A-Botnet website and rent one for 15 minutes. They then issue a command "send random packets to 1.2.3.4"

 

All those packets from hundereds or thousands of computers can amount to several gigabits of traffic all suddenly targeted at a particular ip address. It flows from the many sources, through the pipes, and as it gets closer to the targeted end user's ISP and the end users router, the pipe capacity will get smaller. 

 

At some point the incoming traffic will overwhelm the pipes including the targets internet connection. If say a user in Levin was targeted, and the ISP only had 2gbit of capacity between auckland and levin, and more than 2gbit of traffic was being generated by the botnet and all decending down the auckland<>levin pipe, all the customers of that ISP in levin would be unable to get online, including the target whose 30mbit VDSL connection is also overwhelmed. 

5) What can the ISP do? 
A) Drop the traffic
The ISP could see the traffic is targetted at Johnny in Levin's ip address so they could cut all traffic to that IP address in auckland. Thats great but the botnet traffic is still flooding their incoming pipes including their upstreams from Australia or the USA meaning customers across their whole network are still affected. 

 

B) Botnet scrubbing 
A few anti-botnet commercial services place routers at major internet exchanges and rent them out as botnet scrubbing services. 
If Johnny in levin is being targeted, the scrubbing service can be instructed to advertise the customers ip address at all those internet exchanges around the world. This means the traffic destined for the NZ ip address gets sent to those routers at various points and dropped before the packets travel too far. This means most of the traffic is dropped before it even reaches the ISPs network in NZ. 
Botnet scrubbing is charged based on the amount of traffic that is scrubbed and is very expensive. Eg. A 1.5gbit scrub for 30 minutes would cost about $200 
So if a customer is going to keep gaming and antagonizing other people (maybe they are just a d*ck to other players) then this customer is going to become very unprofitable.  

 

C) Drop the customer
If through whatever the customer does (innocent or not) creates a botnet target then the ISP is not going to want to have that customer on their network. 





Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Switch your broadband provider now - compare prices


Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Arlo unveils its first video doorbell
Posted 21-Oct-2019 08:27


New Zealand students shortlisted for James Dyson Award
Posted 21-Oct-2019 08:18


Norton LifeLock Launches Norton 360
Posted 21-Oct-2019 08:11


Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18


Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.