Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
ForumsGamingDDos problem


8 posts

Wannabe Geek


Topic # 199225 9-Aug-2016 11:36
Send private message

Hi all, need some advice. After many years of very slack internet connection, I started looking around for an alternative, turns out I didn't  have many options as I live rurally. The option I went for was Uber based in Whangarei, it has been great to have decent speeds after all these years but a couple of weeks ago, went to get on my laptop and could only access Youtube and Trademe.

 

After ringing Uber it appeared that my youngest had been playing Black- ops online with his mates and they had a run in with someone else and they had DDossed us so Uber had pulled the pin on us. They reset us and we were away again, unfortunately it has happened again on Sunday just past, my son swears there hadn't been any trouble that he was aware of, when I rang Uber to get them to reset us again the guy told me that if this keeps happening they will cut us off ( not sure how that is in a legal sense ) he mentioned  a 3 strikes ultimatum.

 

I asked what we can do to prevent it happening again, his suggestions were, don't play online, take headphone off my son. This makes me sad as my youngest has some physical special needs and he never asks for much in life so I was hoping some of you good people could give me some advice or thoughts on what we can do. Thank you in advance, Mark.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2

xpd

Chief Trash Bandit
8904 posts

Uber Geek
+1 received by user: 1318

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 1606880 9-Aug-2016 11:48
One person supports this post
Send private message

Unfortunately there probably isn't much you can do - it just comes down to what the other players interpret as a reason for attacking your connection - could be actual verbal abuse via chat, or could just be the fact your son is a better player than the other guy.

 

I get booted off CS:GO servers all the time, just because I have a rare moment of playing well and some players (on my own team!) dont appreciate it and vote me off.

 

 




XPD / Gavin / DemiseNZ

 

For Free Games, Geekiness and Reviews, visit :

 

Home Of The Overrated Raccoons

 

Battlenet : XPD#11535    Origin/Steam/Epic/Uplay : xpdnz

3001 posts

Uber Geek
+1 received by user: 754

Trusted
Lifetime subscriber

  Reply # 1606884 9-Aug-2016 11:52
2 people support this post
Send private message

Well easy way is to stop child playing black ops online for a few weeks to see if the issue happens again. otherwise VPN your traffic and let him play :P

3343 posts

Uber Geek
+1 received by user: 1089

Trusted
Vocus

  Reply # 1606889 9-Aug-2016 11:57
3 people support this post
Send private message

A VPN service is probably the best way, in order to hide your IP.

3658 posts

Uber Geek
+1 received by user: 2178

Trusted
Spark NZ

  Reply # 1606891 9-Aug-2016 12:00
2 people support this post
Send private message

Supervise your son while playing? You wouldn't believe what the most angelic respectable kids say in the heat of the CS:Go moment.

 

Cheers - N

3721 posts

Uber Geek
+1 received by user: 1209


  Reply # 1606930 9-Aug-2016 12:48
Send private message

Marksman33:

 

Hi all, need some advice. After many years of very slack internet connection, I started looking around for an alternative, turns out I didn't  have many options as I live rurally. The option I went for was Uber based in Whangarei, it has been great to have decent speeds after all these years but a couple of weeks ago, went to get on my laptop and could only access Youtube and Trademe. After ringing Uber it appeared that my youngest had been playing Black- ops online with his mates and they had a run in with someone else and they had DDossed us so Uber had pulled the pin on us. They reset us and we were away again, unfortunately it has happened again on Sunday just past, my son swears there hadn't been any trouble that he was aware of, when I rang Uber to get them to reset us again the guy told me that if this keeps happening they will cut us off ( not sure how that is in a legal sense ) he mentioned  a 3 strikes ultimatum. I asked what we can do to prevent it happening again, his suggestions were, don't play online, take headphone off my son. This makes me sad as my youngest has some physical special needs and he never asks for much in life so I was hoping some of you good people could give me some advice or thoughts on what we can do. Thank you in advance, Mark.

 

 

 

 

The ISP's suck in this respect (me not being an expert on this though).

 

I was getting DDOSSED with snap -- and they made very agressive phone calls threatening service disconnection etc. 

 

Happened a few times a couple of years ago, then, once in feb and maybe april last year.... then they just stopped.   No reason. . . I thought it was minecraft but the kids say they play nicely and I don't see how an attacker can get my ip address through using our minecraft user name. 

 

Anyway, one day they just stopped. No idea why. 

 

Snap were awful and of no help. 

 

Surely their management systems should just issue a new ip to any attack target automatically. Is it that hard?

 

 

 

 

 

 

 

 

Meow
7771 posts

Uber Geek
+1 received by user: 3831

Moderator
Trusted
Lifetime subscriber

  Reply # 1606969 9-Aug-2016 13:33
2 people support this post
Send private message

@surfisup1000 incorrect. Also, Snap! were great.

 

Basically it comes down to this. Lets say if you really pissed somebody off and they sent you a DDOS and you're on a 20Mbit ADSL connection. Now, the attacker doesn't know that so he floods you with 2Gbit. Since you're on a 20Mbit connection yes, your connection goes down but what about the other (excess) BW? Well, it gets dropped at the ISP's end.

 

So during this time they're dealing with 2Gbit of traffic they really shouldn't be dealing with - the easiest way to deal with it is to null-route the traffic and block the IP it was getting sent to.

 

I've likely pissed off some people online (unintentionally) and it is easy to figure out my home IP (always had services hosted from it) but have never got a DDOS. If you want to prevent them then go to a VPN provider.

 

@darylblake can likely comment further since he is in the ISP scene.




Michael Murphy | https://murfy.nz
A quick guide to picking the right ISP | The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial



8 posts

Wannabe Geek


  Reply # 1607105 9-Aug-2016 16:36
Send private message

Ok, thanks everyone. Could you give me some recommendations for whatever VPNs you guys use. Thanks again. Mark.

'That VDSL Cat'
8411 posts

Uber Geek
+1 received by user: 1808

Trusted
Spark
Subscriber

  Reply # 1607117 9-Aug-2016 16:52
Send private message

its rather unfortunate that the world of gaming is so interlinked with ddos attacks now days.

 

 

 

One thing i personally have noted from my own experience, tends to be a larger problem on consoles and the P2P based games. Consoles seem to be around the community you tend to get on there, while P2P based games, well... thats easy to find an IP.

 

All it takes is for someone to google ddos service or anything along those lines to have whoever they do not want cleared out..

 

 

 

I've personally ran a few communities, i do recall one in particular where i laughed off a well known members threats to ddos the service in spite.

 

End of the day, said person was reported through the correct authorities, our hosting company moved us to a datacenter with better mitigation services and after a month it forgotten about.

 

 

 

Best advice i can give is, Try to encourage your kids not to bait/taunt those who they are playing with. - we are only human, being competitive can be rather grey in what is acceptable in the heat of the moment.

 

In the event an attack does happen, be proactive with your provider rather than hoping it will just 'go away' or rebooting your modem for a new dynamic ip.

 

Last of all, and somewhat of a dim approach is, be careful with the selection of games. be aware of the methods used to obtain your IP (Steam calls, reverse IP resolving through skype are often popular options) when a P2P gameserver is not at play and official servers will save you from a scriptkiddie overlord who decides your 'too good'

 

 

 

unlike other advice here, i would say VPN is not the correct solution, Your simply handing off the issue to another service provider to deal with.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

582 posts

Ultimate Geek
+1 received by user: 174


  Reply # 1607127 9-Aug-2016 17:03
One person supports this post
Send private message

I don't know how old your son is, but just remember the game is R16. Make sure you monitor and restrict how much he is playing. Trust me, it's very easy as a teenager to get sucked into the COD world and become very addicted.

xpd

Chief Trash Bandit
8904 posts

Uber Geek
+1 received by user: 1318

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 1607391 10-Aug-2016 08:53
One person supports this post
Send private message

Marksman33:

 

Ok, thanks everyone. Could you give me some recommendations for whatever VPNs you guys use. Thanks again. Mark.

 

 

VPN may not be the solution you're after, especially for games like COD - lower the ping, the better - adding a VPN into the mix will add to the ping. By how much, I don't know, some maybe better than others.

 

COD players are well known for being verbally aggressive in game, the few times Ive played COD online I've been abused for being a lousy player altho it was obvious I was a new player (no XP/levels). Put me off it, stuck with the light abuse/banter from CS players instead ;) (Who actually have a sense of humor)

 

 

 

 




XPD / Gavin / DemiseNZ

 

For Free Games, Geekiness and Reviews, visit :

 

Home Of The Overrated Raccoons

 

Battlenet : XPD#11535    Origin/Steam/Epic/Uplay : xpdnz

3721 posts

Uber Geek
+1 received by user: 1209


  Reply # 1607450 10-Aug-2016 10:30
Send private message

michaelmurfy:

 

@surfisup1000 incorrect. Also, Snap! were great.

 

Basically it comes down to this. Lets say if you really pissed somebody off and they sent you a DDOS and you're on a 20Mbit ADSL connection. Now, the attacker doesn't know that so he floods you with 2Gbit. Since you're on a 20Mbit connection yes, your connection goes down but what about the other (excess) BW? Well, it gets dropped at the ISP's end.

 

So during this time they're dealing with 2Gbit of traffic they really shouldn't be dealing with - the easiest way to deal with it is to null-route the traffic and block the IP it was getting sent to.

 

 

I'm not sure which bit I said is incorrect? Certainly snap were quite aggressive on this, and no help at all. 

 

So, why can't ISP's detect DDOS attacks, 'null-route' the traffic, and change the ip address of the target (which is an effective block right)? This can be done without human intervention. 

 

And, with me, it was not like you were saying.  I was being targeted by a robot army which nearly caused snaps whole network to crash. 

 

And, I still have no idea why. . . 

 

Using a VPN is impractical ... given we have about 7 windows machines plus a variety of iOS devices. 

 

And, given it was impossible to determine the cause what do you do? The attacks would still occur after I blocked the kids from online games. 

 

 

 

 

370 posts

Ultimate Geek
+1 received by user: 203

Trusted

  Reply # 1607453 10-Aug-2016 10:35
2 people support this post
Send private message

This is quite an issue, and one Ive had to deal with for years and there is no easy answers. As someone that has built and run an ISP using CGNAT the "easy" option of rewarding the attacker and black-holing my own customers IP was not an option (the IP pool gets DDOSed, not the customer IP) so we had to develop a better alternative. That better alternative is upstream scrubbing, and it actually allowed me to get some sleep and no longer penalized my customers for someone else's illegal behavior. Upstream scrubbing redirects the IP being attacked through a scrubbing service overseas, so this means the latency increases but good packets still flow. It may or may not be an option for you where you live, but asking your potential ISP's to explain their DDOS policies, and picking one that has scrubbing might be useful.

 

 

 

Note, scrubbing is not always successful, I recently had a VM in LAX knocked out for 1/2 a day as the provider was being attacked by a group trying to extort them. 300Gb/s DDOS, and they attacked every POP and IP the company owned.

3721 posts

Uber Geek
+1 received by user: 1209


  Reply # 1607486 10-Aug-2016 10:52
Send private message

noroad:

 

This is quite an issue, and one Ive had to deal with for years and there is no easy answers. As someone that has built and run an ISP using CGNAT the "easy" option of rewarding the attacker and black-holing my own customers IP was not an option (the IP pool gets DDOSed, not the customer IP) so we had to develop a better alternative. That better alternative is upstream scrubbing, and it actually allowed me to get some sleep and no longer penalized my customers for someone else's illegal behavior. Upstream scrubbing redirects the IP being attacked through a scrubbing service overseas, so this means the latency increases but good packets still flow. It may or may not be an option for you where you live, but asking your potential ISP's to explain their DDOS policies, and picking one that has scrubbing might be useful.

 

 

 

Note, scrubbing is not always successful, I recently had a VM in LAX knocked out for 1/2 a day as the provider was being attacked by a group trying to extort them. 300Gb/s DDOS, and they attacked every POP and IP the company owned.

 

 

So, you're saying the entire ISP IP address range gets attacked, not just the single IP? 

 

Then how do you identify the original target IP?

 

This must happen all the time to our bigger ISP's such as spark. I wonder how they deal with it. 

 

 

 

Anyway, thankfully I seem to have escaped from being a target now.  I did reinstall the OS on all of our windows machines, and no attacks since then.   I was wondering if one of my machines was sending out spam and someone didn't like it.   Wild guess though, it could have been anything. 

370 posts

Ultimate Geek
+1 received by user: 203

Trusted

  Reply # 1607502 10-Aug-2016 11:10
Send private message

surfisup1000:

 

 

 

So, you're saying the entire ISP IP address range gets attacked, not just the single IP? 

 

Then how do you identify the original target IP?

 

This must happen all the time to our bigger ISP's such as spark. I wonder how they deal with it. 

 

 

 

Anyway, thankfully I seem to have escaped from being a target now.  I did reinstall the OS on all of our windows machines, and no attacks since then.   I was wondering if one of my machines was sending out spam and someone didn't like it.   Wild guess though, it could have been anything. 

 

 

 

 

That's the thing, a seemingly random IP in the pool will get attacked, so the ISP has no way to determine who the target was. So, the old black-hole the target (which was always a really bad way to deal with the issue, it rewards the attacker) is not an option unless you remove the target from the pool before black-holing. Scrubbing is a much better solution.

Meow
7771 posts

Uber Geek
+1 received by user: 3831

Moderator
Trusted
Lifetime subscriber

  Reply # 1608518 10-Aug-2016 12:48
One person supports this post
Send private message

@surfisup1000 my servers have been through DDOS attacks - not quite as simple as forcing an IP refresh in the server (or static IP world). Also the ISP still wears the DDOS until it is successfully mitigated (depending on how complex the DDOS is, can be a while).




Michael Murphy | https://murfy.nz
A quick guide to picking the right ISP | The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.