Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Wolf555

90 posts

Master Geek
Inactive user


#257175 19-Sep-2019 11:58
Send private message

Recently had a flatmate get DDOSed when he was gaming.  Made our internet terrible until I spoke to our ISP who said we were DDOSed and they blocked my IP.  They said it affects other customers and their whole network and if it happened again they would close our account.  When asked how to stop it happening again they said there was no way apart from "be careful" and their only protection against it was closing my account if it happens again.

 

Firstly, what can I do on my end to ensure it doesn't happen again.

 

Secondly, why can an ISP in 2019 not have some form of protection against something that they said I can't stop happening and threaten to close my account?


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2

xpd

xpd
Geek @ Coastguard NZ
13765 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #2320265 19-Sep-2019 12:05
Send private message

I'm taking a guess he was playing CoD......

 

 

 

Unfortunately, not much you can do apart from don't get into arguments online with people with more bandwidth than you.

 

Its too much admin and infrastructure changes needed to be able to protect each user.

 

 

 

Ask for a new IP, and just hope it dosent happen again but they are within their rights to ask you to leave if your activities degrade their systems.

 

 





       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 




muppet
2566 posts

Uber Geek

Trusted

  #2320270 19-Sep-2019 12:14
Send private message

Because putting in DDoS mitigation into an ISP environment usually carries with it a degree of difficulty, plus DDoS solutions on the market are usually quite expensive and can sometimes not even be that effective (It's been ~15 years since I was last in knee deep in ISP world, so this has probably changed somewhat, someone I'm sure will correct me)

 

Either way, I'd suggest it's a lot cheaper to cut loose a customer who keeps getting DDoS'd than it is to spend a lot of money on a DDoS solution.

 

If I badly crashed my car 10 times in a single year, I suspect that regardless of my "no claims bonus for life!" I'd not be allowed to renew my policy.  A business is allowed to choose who it does business with (or not), annoying as that may be.


Wolf555

90 posts

Master Geek
Inactive user


  #2320274 19-Sep-2019 12:19
Send private message

If I badly crashed my car 10 times in a single year, I suspect that regardless of my "no claims bonus for life!" I'd not be allowed to renew my policy.  A business is allowed to choose who it does business with (or not), annoying as that may be.

 

 

 

 

But if someone crashed into my car 10 times in a year and I wasn't at fault surely they'd renew my policy.  Agree with your second part, but without any way to stop being DDOSed it seems odd the fault is put on me.

 

Can an ISP even track who did the DDOS?  From what I've read it's very illegal to do so why punish the victim?




xpd

xpd
Geek @ Coastguard NZ
13765 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #2320277 19-Sep-2019 12:25
Send private message

They can trace it to a degree, but most DDOS is via botnets, so lots of PCs scattered around the planet.......  so you may think you've got their IP, only to find its someone innocent whose PC has been assimilated into a botnet at some point.

 

The car example isn't the best, as its only you vs them, whereas the DDOS against an ISP can affect thousands of others at once. 





       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 


  #2320281 19-Sep-2019 12:35
Send private message

Have you done a Google search on DDOS?

 

ie ddos controls for gamers

 

Here a a couple of interestings reads...

 

https://www.imperva.com/blog/protecting-gamers-from-dos-ddos-attacks/

 

https://www.vocus.co.nz/business/security?gclid=EAIaIQobChMI9eHM7NDb5AIVxiMrCh10MQuVEAAYAyAAEgLPRPD_BwE

 

 





Gordy

 

My first ever AM radio network connection was with a 1MHz AM crystal(OA91) radio receiver.


rugrat
3106 posts

Uber Geek

Lifetime subscriber

  #2320286 19-Sep-2019 12:50
Send private message

Gordy7:

Have you done a Google search on DDOS?


ie ddos controls for gamers


Here a a couple of interestings reads...


https://www.imperva.com/blog/protecting-gamers-from-dos-ddos-attacks/


https://www.vocus.co.nz/business/security?gclid=EAIaIQobChMI9eHM7NDb5AIVxiMrCh10MQuVEAAYAyAAEgLPRPD_BwE


 



There’s nothing in those links about an ISP dropping a customer, because someone else is doing an illegal activity. The first one mentions about just changing your IP number, which seems to be not a solution for the ISP.

The second link with Vocus suggests they can protect a business customer from DDOS , no threat of dropping a business customer.

Edit: from second link:

We can filter out known DDoS attacks before they even reach your network and with attack alerting and reporting, you always know what's going on.

hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #2320319 19-Sep-2019 13:25
Send private message

so DDoS protection is actually quite expensive.

 

 

 

Most provided have pretty blanket rules, be it a simple null of your traffic or as far as hey customer change things to stop causing this from happening...

 

There is no perfect way to deal with it, and as long as providers are clear and have it in their terms etc, power to them?

 

 

 

 

 

You have to remember, if you as a customer are regularly being hit with say a 100gbit ddos attack, that data has to go somewhere.

 

If it's all going down the pipe right through to your connection, Your performance is going to suck. not only that, it's also going to affect everything along that path.

 

But it's also going to heavily hurt all the other users. Providers need to seriously balance that.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 


 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
richms
28168 posts

Uber Geek

Trusted
Lifetime subscriber

  #2320323 19-Sep-2019 13:29
Send private message

Tell the flatmate to get their own connection if they are going to keep attracting trouble when online.





Richard rich.ms

  #2320338 19-Sep-2019 13:49
Send private message

OP does not say who his ISP is or their T&C with respect to DDOS and heavy traffic usage...

 

 





Gordy

 

My first ever AM radio network connection was with a 1MHz AM crystal(OA91) radio receiver.


xpd

xpd
Geek @ Coastguard NZ
13765 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #2320353 19-Sep-2019 14:18
Send private message

Gordy7:

 

OP does not say who his ISP is or their T&C with respect to DDOS and heavy traffic usage...

 

 

Spark do have this under their general residential terms which they could use. I'd say most ISP's have something similar.

 

Use our Services without annoying anyone else, and without interfering with anyone else's use of our Services.

 

 

 

 





       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 


sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2320423 19-Sep-2019 14:54
Send private message

Wolf555:

 

But if someone crashed into my car 10 times in a year and I wasn't at fault surely they'd renew my policy. 

 

 

This really is a great comparison but not in the way you're thinking. I would not expect to get a policy renewed if I was hit 10 times in my car, regardless of who was at fault.

 

 


allio
885 posts

Ultimate Geek


  #2320435 19-Sep-2019 15:01
Send private message

It's "unfair" for your ISP to drop you, but it's also the only reasonable response they can take.

 

There's no easy solution to DDoS attacks. You can't "block" them - the data simply has to go somewhere. Companies like Cloudflare who specialise in protecting against DDoS do it by having an overwhelming amount of bandwidth and routing capability available - enough to soak up the attack. No ISP can afford to do anything similar. As the attack stuffs things up for not just you but the ISP's other customers as well, they really have no choice but to drop customers for whom this is a persistent problem.

 

Being targeted by a DDoS attack should be an extremely rare event. It could happen to anyone once out of pure bad luck, but if it happens to your flatmate again any time soon, you'd have to conclude that he should probably lay off the trash talk while playing video games - or get his own dedicated connection and deal with the consequences.


SpartanVXL
1306 posts

Uber Geek


  #2320445 19-Sep-2019 15:16
Send private message

It sucks but it is what it is. I mean what can you do aside from putting yourself behind a vpn or cloudflare or something.

rugrat
3106 posts

Uber Geek

Lifetime subscriber

  #2320474 19-Sep-2019 16:24
Send private message

If it doesn’t stuff up performance for gaming a VPN may solve it, at reasonable cost.
Looks like some VPN’s are geared toward  dealing with DDoS. 

 

Recent article:

 

 

 

https://www.techradar.com/au/vpn/best-gaming-vpn

 

 


raytaylor
4014 posts

Uber Geek

Trusted

  #2322184 21-Sep-2019 20:26
Send private message

There are several parts to this: 

 

1) The reasons and theory
So your playing a game and your a punk kid. Suddenly some other punk kid starts beating you. You tell them your going to DDOS them if they dont stop, but they carry on, or they get into an argument. 

 

The only way to solve your problem and win the game is to prevent the other player from taking part in the game. One way to do that is to flood their internet connection. 

 

2) NAT routers and pipes
Unexpected incoming packets generally hit the router and then because they are unexpected, get dropped rather than being delivered to a computer on the internal network. 

 

The various pipes that make up the internet along the path to a connected users router have differing capacities. Generally the last mile is the slowest - perhaps its a 30mbit DSL connection or maybe a 1gbit fiber connection. 
If enough packets were coming in and getting dropped by the router, the last mile pipe or even the router CPU could be flooded with useless packets meaning the wanted traffic (users behind the router surfing/gaming) wouldnt be able to get through. 

 

3) Botnets 
A botnet is a collection of computers, security cameras, IOT devices, other routers etc that have been hacked or infected with a virus and are under the control of a master controller / person. The owners of that hardware generally doesnt know their devices are part of a botnet. 

 

The master of the botnet can lease out control of the botnet. Its usually in 5 to 15 minute blocks. 

 

4) Rent a botnet, create a DDOS attack 
The player can go and open a new browser window, visit Jim's Rent-A-Botnet website and rent one for 15 minutes. They then issue a command "send random packets to 1.2.3.4"

 

All those packets from hundereds or thousands of computers can amount to several gigabits of traffic all suddenly targeted at a particular ip address. It flows from the many sources, through the pipes, and as it gets closer to the targeted end user's ISP and the end users router, the pipe capacity will get smaller. 

 

At some point the incoming traffic will overwhelm the pipes including the targets internet connection. If say a user in Levin was targeted, and the ISP only had 2gbit of capacity between auckland and levin, and more than 2gbit of traffic was being generated by the botnet and all decending down the auckland<>levin pipe, all the customers of that ISP in levin would be unable to get online, including the target whose 30mbit VDSL connection is also overwhelmed. 

5) What can the ISP do? 
A) Drop the traffic
The ISP could see the traffic is targetted at Johnny in Levin's ip address so they could cut all traffic to that IP address in auckland. Thats great but the botnet traffic is still flooding their incoming pipes including their upstreams from Australia or the USA meaning customers across their whole network are still affected. 

 

B) Botnet scrubbing 
A few anti-botnet commercial services place routers at major internet exchanges and rent them out as botnet scrubbing services. 
If Johnny in levin is being targeted, the scrubbing service can be instructed to advertise the customers ip address at all those internet exchanges around the world. This means the traffic destined for the NZ ip address gets sent to those routers at various points and dropped before the packets travel too far. This means most of the traffic is dropped before it even reaches the ISPs network in NZ. 
Botnet scrubbing is charged based on the amount of traffic that is scrubbed and is very expensive. Eg. A 1.5gbit scrub for 30 minutes would cost about $200 
So if a customer is going to keep gaming and antagonizing other people (maybe they are just a d*ck to other players) then this customer is going to become very unprofitable.  

 

C) Drop the customer
If through whatever the customer does (innocent or not) creates a botnet target then the ISP is not going to want to have that customer on their network. 





Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.