DDos problem

Forums › Gaming › DDos problem

Marksman33

8 posts

Wannabe Geek

#199225 9-Aug-2016 11:36

Hi all, need some advice. After many years of very slack internet connection, I started looking around for an alternative, turns out I didn't have many options as I live rurally. The option I went for was Uber based in Whangarei, it has been great to have decent speeds after all these years but a couple of weeks ago, went to get on my laptop and could only access Youtube and Trademe.

After ringing Uber it appeared that my youngest had been playing Black- ops online with his mates and they had a run in with someone else and they had DDossed us so Uber had pulled the pin on us. They reset us and we were away again, unfortunately it has happened again on Sunday just past, my son swears there hadn't been any trouble that he was aware of, when I rang Uber to get them to reset us again the guy told me that if this keeps happening they will cut us off ( not sure how that is in a legal sense ) he mentioned a 3 strikes ultimatum.

I asked what we can do to prevent it happening again, his suggestions were, don't play online, take headphone off my son. This makes me sad as my youngest has some physical special needs and he never asks for much in life so I was hoping some of you good people could give me some advice or thoughts on what we can do. Thank you in advance, Mark.

1 | 2

Geek @ Coastguard NZ
13765 posts

Uber Geek

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#1606880 9-Aug-2016 11:48

Unfortunately there probably isn't much you can do - it just comes down to what the other players interpret as a reason for attacking your connection - could be actual verbal abuse via chat, or could just be the fact your son is a better player than the other guy.

I get booted off CS:GO servers all the time, just because I have a rare moment of playing well and some players (on my own team!) dont appreciate it and vote me off.

Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

LinkTree

tripp

3848 posts

Uber Geek

Trusted

Lifetime subscriber

#1606884 9-Aug-2016 11:52

Well easy way is to stop child playing black ops online for a few weeks to see if the issue happens again. otherwise VPN your traffic and let him play :P

ubergeeknz

3344 posts

Uber Geek

Trusted

Vocus

#1606889 9-Aug-2016 11:57

A VPN service is probably the best way, in order to hide your IP.

Talkiet

4792 posts

Uber Geek

Trusted

#1606891 9-Aug-2016 12:00

Supervise your son while playing? You wouldn't believe what the most angelic respectable kids say in the heat of the CS:Go moment.

Cheers - N

Please note all comments are from my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.

surfisup1000

5288 posts

Uber Geek

#1606930 9-Aug-2016 12:48

Marksman33:

Hi all, need some advice. After many years of very slack internet connection, I started looking around for an alternative, turns out I didn't have many options as I live rurally. The option I went for was Uber based in Whangarei, it has been great to have decent speeds after all these years but a couple of weeks ago, went to get on my laptop and could only access Youtube and Trademe. After ringing Uber it appeared that my youngest had been playing Black- ops online with his mates and they had a run in with someone else and they had DDossed us so Uber had pulled the pin on us. They reset us and we were away again, unfortunately it has happened again on Sunday just past, my son swears there hadn't been any trouble that he was aware of, when I rang Uber to get them to reset us again the guy told me that if this keeps happening they will cut us off ( not sure how that is in a legal sense ) he mentioned a 3 strikes ultimatum. I asked what we can do to prevent it happening again, his suggestions were, don't play online, take headphone off my son. This makes me sad as my youngest has some physical special needs and he never asks for much in life so I was hoping some of you good people could give me some advice or thoughts on what we can do. Thank you in advance, Mark.

The ISP's suck in this respect (me not being an expert on this though).

I was getting DDOSSED with snap -- and they made very agressive phone calls threatening service disconnection etc.

Happened a few times a couple of years ago, then, once in feb and maybe april last year.... then they just stopped. No reason. . . I thought it was minecraft but the kids say they play nicely and I don't see how an attacker can get my ip address through using our minecraft user name.

Anyway, one day they just stopped. No idea why.

Snap were awful and of no help.

Surely their management systems should just issue a new ip to any attack target automatically. Is it that hard?

michaelmurfy

meow
13240 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1606969 9-Aug-2016 13:33

@surfisup1000 incorrect. Also, Snap! were great.

Basically it comes down to this. Lets say if you really pissed somebody off and they sent you a DDOS and you're on a 20Mbit ADSL connection. Now, the attacker doesn't know that so he floods you with 2Gbit. Since you're on a 20Mbit connection yes, your connection goes down but what about the other (excess) BW? Well, it gets dropped at the ISP's end.

So during this time they're dealing with 2Gbit of traffic they really shouldn't be dealing with - the easiest way to deal with it is to null-route the traffic and block the IP it was getting sent to.

I've likely pissed off some people online (unintentionally) and it is easy to figure out my home IP (always had services hosted from it) but have never got a DDOS. If you want to prevent them then go to a VPN provider.

@darylblake can likely comment further since he is in the ISP scene.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

Marksman33

8 posts

Wannabe Geek

#1607105 9-Aug-2016 16:36

Ok, thanks everyone. Could you give me some recommendations for whatever VPNs you guys use. Thanks again. Mark.

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

hio77

12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

#1607117 9-Aug-2016 16:52

its rather unfortunate that the world of gaming is so interlinked with ddos attacks now days.

One thing i personally have noted from my own experience, tends to be a larger problem on consoles and the P2P based games. Consoles seem to be around the community you tend to get on there, while P2P based games, well... thats easy to find an IP.

All it takes is for someone to google ddos service or anything along those lines to have whoever they do not want cleared out..

I've personally ran a few communities, i do recall one in particular where i laughed off a well known members threats to ddos the service in spite.

End of the day, said person was reported through the correct authorities, our hosting company moved us to a datacenter with better mitigation services and after a month it forgotten about.

Best advice i can give is, Try to encourage your kids not to bait/taunt those who they are playing with. - we are only human, being competitive can be rather grey in what is acceptable in the heat of the moment.

In the event an attack does happen, be proactive with your provider rather than hoping it will just 'go away' or rebooting your modem for a new dynamic ip.

Last of all, and somewhat of a dim approach is, be careful with the selection of games. be aware of the methods used to obtain your IP (Steam calls, reverse IP resolving through skype are often popular options) when a P2P gameserver is not at play and official servers will save you from a scriptkiddie overlord who decides your 'too good'

unlike other advice here, i would say VPN is not the correct solution, Your simply handing off the issue to another service provider to deal with.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Sam91

620 posts

Ultimate Geek

#1607127 9-Aug-2016 17:03

I don't know how old your son is, but just remember the game is R16. Make sure you monitor and restrict how much he is playing. Trust me, it's very easy as a teenager to get sucked into the COD world and become very addicted.

xpd

Geek @ Coastguard NZ
13765 posts

Uber Geek

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#1607391 10-Aug-2016 08:53

Marksman33:

Ok, thanks everyone. Could you give me some recommendations for whatever VPNs you guys use. Thanks again. Mark.

VPN may not be the solution you're after, especially for games like COD - lower the ping, the better - adding a VPN into the mix will add to the ping. By how much, I don't know, some maybe better than others.

COD players are well known for being verbally aggressive in game, the few times Ive played COD online I've been abused for being a lousy player altho it was obvious I was a new player (no XP/levels). Put me off it, stuck with the light abuse/banter from CS players instead ;) (Who actually have a sense of humor)

Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

LinkTree

surfisup1000

5288 posts

Uber Geek

#1607450 10-Aug-2016 10:30

michaelmurfy:

@surfisup1000 incorrect. Also, Snap! were great.

Basically it comes down to this. Lets say if you really pissed somebody off and they sent you a DDOS and you're on a 20Mbit ADSL connection. Now, the attacker doesn't know that so he floods you with 2Gbit. Since you're on a 20Mbit connection yes, your connection goes down but what about the other (excess) BW? Well, it gets dropped at the ISP's end.

So during this time they're dealing with 2Gbit of traffic they really shouldn't be dealing with - the easiest way to deal with it is to null-route the traffic and block the IP it was getting sent to.

I'm not sure which bit I said is incorrect? Certainly snap were quite aggressive on this, and no help at all.

So, why can't ISP's detect DDOS attacks, 'null-route' the traffic, and change the ip address of the target (which is an effective block right)? This can be done without human intervention.

And, with me, it was not like you were saying. I was being targeted by a robot army which nearly caused snaps whole network to crash.

And, I still have no idea why. . .

Using a VPN is impractical ... given we have about 7 windows machines plus a variety of iOS devices.

And, given it was impossible to determine the cause what do you do? The attacks would still occur after I blocked the kids from online games.

noroad

949 posts

Ultimate Geek

Trusted

#1607453 10-Aug-2016 10:35

This is quite an issue, and one Ive had to deal with for years and there is no easy answers. As someone that has built and run an ISP using CGNAT the "easy" option of rewarding the attacker and black-holing my own customers IP was not an option (the IP pool gets DDOSed, not the customer IP) so we had to develop a better alternative. That better alternative is upstream scrubbing, and it actually allowed me to get some sleep and no longer penalized my customers for someone else's illegal behavior. Upstream scrubbing redirects the IP being attacked through a scrubbing service overseas, so this means the latency increases but good packets still flow. It may or may not be an option for you where you live, but asking your potential ISP's to explain their DDOS policies, and picking one that has scrubbing might be useful.

Note, scrubbing is not always successful, I recently had a VM in LAX knocked out for 1/2 a day as the provider was being attacked by a group trying to extort them. 300Gb/s DDOS, and they attacked every POP and IP the company owned.

surfisup1000

5288 posts

Uber Geek

#1607486 10-Aug-2016 10:52

noroad:

This is quite an issue, and one Ive had to deal with for years and there is no easy answers. As someone that has built and run an ISP using CGNAT the "easy" option of rewarding the attacker and black-holing my own customers IP was not an option (the IP pool gets DDOSed, not the customer IP) so we had to develop a better alternative. That better alternative is upstream scrubbing, and it actually allowed me to get some sleep and no longer penalized my customers for someone else's illegal behavior. Upstream scrubbing redirects the IP being attacked through a scrubbing service overseas, so this means the latency increases but good packets still flow. It may or may not be an option for you where you live, but asking your potential ISP's to explain their DDOS policies, and picking one that has scrubbing might be useful.

Note, scrubbing is not always successful, I recently had a VM in LAX knocked out for 1/2 a day as the provider was being attacked by a group trying to extort them. 300Gb/s DDOS, and they attacked every POP and IP the company owned.

So, you're saying the entire ISP IP address range gets attacked, not just the single IP?

Then how do you identify the original target IP?

This must happen all the time to our bigger ISP's such as spark. I wonder how they deal with it.

Anyway, thankfully I seem to have escaped from being a target now. I did reinstall the OS on all of our windows machines, and no attacks since then. I was wondering if one of my machines was sending out spam and someone didn't like it. Wild guess though, it could have been anything.

noroad

949 posts

Ultimate Geek

Trusted

#1607502 10-Aug-2016 11:10

surfisup1000:

So, you're saying the entire ISP IP address range gets attacked, not just the single IP?

Then how do you identify the original target IP?

This must happen all the time to our bigger ISP's such as spark. I wonder how they deal with it.

Anyway, thankfully I seem to have escaped from being a target now. I did reinstall the OS on all of our windows machines, and no attacks since then. I was wondering if one of my machines was sending out spam and someone didn't like it. Wild guess though, it could have been anything.

That's the thing, a seemingly random IP in the pool will get attacked, so the ISP has no way to determine who the target was. So, the old black-hole the target (which was always a really bad way to deal with the issue, it rewards the attacker) is not an option unless you remove the target from the pool before black-holing. Scrubbing is a much better solution.

michaelmurfy

meow
13240 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1608518 10-Aug-2016 12:48

@surfisup1000 my servers have been through DDOS attacks - not quite as simple as forcing an IP refresh in the server (or static IP world). Also the ISP still wears the DDOS until it is successfully mitigated (depending on how complex the DDOS is, can be a while).

1 | 2