Go Back   English Forum Switzerland > Help & tips > TV/internet/telephone  
Reply
 
Thread Tools Display Modes
  #1  
Old 13.07.2017, 14:47
Tom1234's Avatar
Forum Legend
 
Join Date: Jan 2007
Location: Kanton Luzern
Posts: 13,943
Groaned at 439 Times in 346 Posts
Thanked 19,042 Times in 7,983 Posts
Tom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond repute
Reducing DDOS attacks?

To all you cyber-security gurus:

It's the school holidays. I'm at home today and one of my kids is playing minecraft (far too much).

One of his playing buddies got annoyed with him, said he was going to mount a DDOS attack and soon afterwards, our internet went down for an hour or so.

This chap then proceeded to message my son, taunting him about the attack (I told him not to reply).

So, are there any ways to reduce these attacks?

Both me and my wife work from home a lot and it's a bit of an inconvenience, to say the least.
Reply With Quote
  #2  
Old 13.07.2017, 15:00
Forum Legend
 
Join Date: Aug 2009
Location: Vaud
Posts: 4,569
Groaned at 492 Times in 321 Posts
Thanked 4,100 Times in 1,953 Posts
CorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond repute
Re: Reducing DDOS attacks?

Quote:
View Post
To all you cyber-security gurus:

It's the school holidays. I'm at home today and one of my kids is playing minecraft (far too much).

One of his playing buddies got annoyed with him, said he was going to mount a DDOS attack and soon afterwards, our internet went down for an hour or so.

This chap then proceeded to message my son, taunting him about the attack (I told him not to reply).

So, are there any ways to reduce these attacks?

Both me and my wife work from home a lot and it's a bit of an inconvenience, to say the least.
Hm...
Yes definitely.
What is your router? I think the easiest and quickest way would be to configure it to drop incoming packets from the attacker... Which would require identifying its IP, which should be ok from router interface.

But then, I dont know the details, maybe something else was going on.
Could mask your IP too, proxy or other, so that it's skipped.

With a cool tool i'm currently assembling, you could eventually identify what is going on in your network and block that..

Don't you have a skilled friend who can help?

PS: tbf, I'd be worried about that, even if the alleged attacker could be using a basic tool to run the DDOS, it seems to mean attackers know your real ip and were able to take your router down temporarily... Which means they could definitely do much worse. And doing the bad action could make them angry and incite them to do worse.

Can't your son surrender, or admit he lost at Minecraft? lol
Reply With Quote
This user would like to thank CorsebouTheReturn for this useful post:
  #3  
Old 13.07.2017, 15:03
me.anon's Avatar
Forum Veteran
 
Join Date: Jan 2012
Location: thun
Posts: 1,884
Groaned at 36 Times in 25 Posts
Thanked 2,424 Times in 1,173 Posts
me.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond repute
Re: Reducing DDOS attacks?

One thing you could try is to switch off your router, wait, and hope you get a new IP address. That means the problem moves to someone else. You'd also have to make sure that junior is not doing anything to publish the IP address, and thus exposing you to such attacks.
You could also threaten to report the culprit here: https://www.melani.admin.ch/melani/en/home.html
Reply With Quote
This user would like to thank me.anon for this useful post:
  #4  
Old 13.07.2017, 15:05
Forum Legend
 
Join Date: Aug 2009
Location: Vaud
Posts: 4,569
Groaned at 492 Times in 321 Posts
Thanked 4,100 Times in 1,953 Posts
CorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond repute
Re: Reducing DDOS attacks?

Quote:
View Post
One thing you could try is to switch off your router, wait, and hope you get a new IP address. That means the problem moves to someone else. You'd also have to make sure that junior is not doing anything to publish the IP address, and thus exposing you to such attacks.
You could also threaten to report the culprit here: https://www.melani.admin.ch/melani/en/home.html
LOL
you don't need to switch your router for that, you can simply release the address from the router interface...
Probably the IP is clearly visible in minecraft, so it would only delay the issue.
Avoidance is not prevention nor protection...
Reply With Quote
  #5  
Old 13.07.2017, 15:05
Tom1234's Avatar
Forum Legend
 
Join Date: Jan 2007
Location: Kanton Luzern
Posts: 13,943
Groaned at 439 Times in 346 Posts
Thanked 19,042 Times in 7,983 Posts
Tom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond repute
Re: Reducing DDOS attacks?

Quote:
View Post
One thing you could try is to switch off your router, wait, and hope you get a new IP address. That means the problem moves to someone else. You'd also have to make sure that junior is not doing anything to publish the IP address, and thus exposing you to such attacks.
You could also threaten to report the culprit here: https://www.melani.admin.ch/melani/en/home.html
I had to reboot the router anyway.

The culprit is in Germany so I'm not sure you reporting link is much help.
Reply With Quote
  #6  
Old 13.07.2017, 15:10
Forum Legend
 
Join Date: Aug 2009
Location: Vaud
Posts: 4,569
Groaned at 492 Times in 321 Posts
Thanked 4,100 Times in 1,953 Posts
CorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond repute
Re: Reducing DDOS attacks?

Quote:
View Post
I had to reboot the router anyway.

The culprit is in Germany so I'm not sure you reporting link is much help.
Culprit could easy use a proxy or whatever and run any tools from anywhere.
Definitely no point looking into that.

If you'd use a great firmware for your router, you could use this firewall feature: "outside2inside", and drop the packets from the alleged flooder.
http://www.dd-wrt.com/wiki/index.php/Firewall
I realize it's pointless for you, but you get an idea.

Bottom line check what your router can do...
If it's so bad, consider changing firmware (if possible) or buying a better one (if you want to actually do that, there are surely other ways to solve your issue).
Reply With Quote
This user would like to thank CorsebouTheReturn for this useful post:
  #7  
Old 13.07.2017, 15:15
Forum Legend
 
Join Date: Mar 2009
Location: Zurich
Posts: 11,860
Groaned at 687 Times in 504 Posts
Thanked 15,844 Times in 6,223 Posts
Chuff has a reputation beyond reputeChuff has a reputation beyond reputeChuff has a reputation beyond reputeChuff has a reputation beyond reputeChuff has a reputation beyond reputeChuff has a reputation beyond repute
Re: Reducing DDOS attacks?

Getting a new I.P should solve it temporarily (until the next time) as DDOS attacks usually last as long as the same I.P address is maintained.

Just tell your son to block this kid and have nothing more to do with him.
Reply With Quote
  #8  
Old 13.07.2017, 15:16
Tom1234's Avatar
Forum Legend
 
Join Date: Jan 2007
Location: Kanton Luzern
Posts: 13,943
Groaned at 439 Times in 346 Posts
Thanked 19,042 Times in 7,983 Posts
Tom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond repute
Re: Reducing DDOS attacks?

Quote:
View Post
Bottom line check what your router can do...
If it's so bad, consider changing firmware (if possible) or buying a better one (if you want to actually do that, there are surely other ways to solve your issue).
I've a NETGEAR router. I've got all the settings set correctly to reduce these attacks.

The best way to solve the issue is to stop my son playing the big-waste-of-time that minecraft is - at least for a week or so.
Reply With Quote
  #9  
Old 13.07.2017, 15:18
JagWaugh's Avatar
RIP
 
Join Date: Apr 2009
Location: Eglisau
Posts: 7,481
Groaned at 47 Times in 46 Posts
Thanked 14,131 Times in 5,506 Posts
JagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond repute
Re: Reducing DDOS attacks?

Quote:
View Post
To all you cyber-security gurus:

It's the school holidays. I'm at home today and one of my kids is playing minecraft (far too much).

One of his playing buddies got annoyed with him, said he was going to mount a DDOS attack and soon afterwards, our internet went down for an hour or so.

This chap then proceeded to message my son, taunting him about the attack (I told him not to reply).

So, are there any ways to reduce these attacks?

Both me and my wife work from home a lot and it's a bit of an inconvenience, to say the least.
Basically, reboot your router, or release your WAN connection and hope to come up on a different ip.

The firewall on the SC routers is reasonably good as a barrier, but with a DDOS it ends up spending so much time rejecting packets that it is effectively the same thing as not being connected.

You could try calling Swisscom/your provider and having them block the source ip upstream from your router, but the attacker can just as easily change his address as well.

Either live with rebooting your router every now and then, or get a second internet connection and run two separate networks with only your business comms on one of them.

Or beat your child more regularly.
__________________
If everyone you know agrees with you consistently, they are either not listening, or not capable of critical thought.
Reply With Quote
  #10  
Old 13.07.2017, 15:23
Forum Legend
 
Join Date: Aug 2009
Location: Vaud
Posts: 4,569
Groaned at 492 Times in 321 Posts
Thanked 4,100 Times in 1,953 Posts
CorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond repute
Re: Reducing DDOS attacks?

Quote:
View Post
1) I've a NETGEAR router. I've got all the settings set correctly to reduce these attacks.

2)The best way to solve the issue is to stop my son playing the big-waste-of-time that minecraft is - at least for a week or so.
1) It's a bit vague, isn't?
What model exactly? As for the "correct settings"; are you actively dropping incoming packets from that source, in the firewall (if possible?)

2)No, that's not even a workaround, if that person got your ip, and maybe if he already did something else which would not be useful in case your renew your lease and get a new public ip.
Plus anyway, it's internet, these things can happen, regardless of minecraft, or not. For example you could be pissing off someone in EF; and get the same result.
So if you want to prevent your son from playing, that's your concerns, but it's almost irrelevant here...

As for "time wasting", it depends how to consider it. There are surely many players who are richer than you would ever be, thanks to Minecraft. And maybe it's better that than roaming around and doing drugs or whatever kids do nowadays. Again, it's not my business, but I'm an old timer with wasted promising career in video games due to old farts who could not see its potential. As a dumb teenager, I did not see beyond that. Nowadays it's a reality, so maybe best to consider options prior to blindly "ban".
Reply With Quote
  #11  
Old 13.07.2017, 15:25
Forum Legend
 
Join Date: Aug 2009
Location: Vaud
Posts: 4,569
Groaned at 492 Times in 321 Posts
Thanked 4,100 Times in 1,953 Posts
CorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond repute
Re: Reducing DDOS attacks?

Quote:
View Post
Either live with rebooting your router every now and then, or get a second internet connection and run two separate networks with only your business comms on one of them.
Wonder if the OP could use a decent proxy, which should offer protection against DOS, no? due to better hardware and professional equipment on the
server side?
Reply With Quote
  #12  
Old 13.07.2017, 15:30
Tom1234's Avatar
Forum Legend
 
Join Date: Jan 2007
Location: Kanton Luzern
Posts: 13,943
Groaned at 439 Times in 346 Posts
Thanked 19,042 Times in 7,983 Posts
Tom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond repute
Re: Reducing DDOS attacks?

Quote:
View Post
1) it's a bit vague, isn't?
What model exactly?
r6250
Reply With Quote
  #13  
Old 13.07.2017, 15:30
arz arz is offline
Member
 
Join Date: Sep 2016
Location: Zurich Witikon
Posts: 159
Groaned at 13 Times in 13 Posts
Thanked 117 Times in 78 Posts
arz is considered a nuisancearz is considered a nuisancearz is considered a nuisance
Re: Reducing DDOS attacks?

Who is your Internet provider, if I may ask?
Have you tried to speak with them? Or open an incident ticket via their website?
DDOS stands for "Distributed DOS", i.e. attacker floods your router from multiple sources at once. This sort of attack is not particularly cheap, and I doubt teenagers can afford if just for this sort of conflict.
Do you have multiple devices behind the affected Internet router? Were all of them affected (lost Internet connectivity)?
How exactly have you detected that Internet was down?
Or was it just slow, have you tried speedtest.net at the time of incident?
Reply With Quote
  #14  
Old 13.07.2017, 15:31
gbn's Avatar
gbn gbn is offline
Forum Legend
 
Join Date: Dec 2005
Location: Zuri Oberland
Posts: 2,724
Groaned at 109 Times in 74 Posts
Thanked 2,349 Times in 1,103 Posts
gbn has a reputation beyond reputegbn has a reputation beyond reputegbn has a reputation beyond reputegbn has a reputation beyond reputegbn has a reputation beyond repute
Re: Reducing DDOS attacks?

I've worked as sysadmin for a small UK company that suffered DDOS attacks

You need a good router or a DDOS shield if the ISP isn't going to shield you

I suspect the DDOS was not intense enough to trigger any ISP protection
50-100 requests per second will shut you down, but it depends how deep the DDOS packets/requests are handled
e.g. At the same request frequency, http requests will cause more damage than ping if you have a website running

A standard NetGear router is not good for this: you'd need a high end Nighthawk or a commercial Draytek and even then they may not detect a DDOS pattern.

Several big CDN and network players offer DDOS protection (Akamai, Cloudflare, etc) but you need a free one unless you are running a business.
Knock your self out https://www.google.ch/search?q=free+ddos+protection

If you are running a business then I would recommend Incapsula
I've used then professionally, so it was paid for, and it was (still is) an essential part of the infrastructure
__________________
Don't let Sean Connery teach your dog to sit
Reply With Quote
This user would like to thank gbn for this useful post:
  #15  
Old 13.07.2017, 15:33
Forum Legend
 
Join Date: Aug 2009
Location: Vaud
Posts: 4,569
Groaned at 492 Times in 321 Posts
Thanked 4,100 Times in 1,953 Posts
CorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond repute
Re: Reducing DDOS attacks?

Quote:
View Post
This sort of attack is not particularly cheap, and I doubt teenagers can afford if just for this sort of conflict.
It's free, and easy to do.
And don't underestimate teenagers
Reply With Quote
This user would like to thank CorsebouTheReturn for this useful post:
  #16  
Old 13.07.2017, 15:34
Sandgrounder's Avatar
Forum Legend
 
Join Date: Jul 2007
Location: ZH
Posts: 13,952
Groaned at 128 Times in 119 Posts
Thanked 26,231 Times in 10,069 Posts
Sandgrounder has a reputation beyond reputeSandgrounder has a reputation beyond reputeSandgrounder has a reputation beyond reputeSandgrounder has a reputation beyond reputeSandgrounder has a reputation beyond reputeSandgrounder has a reputation beyond repute
Re: Reducing DDOS attacks?

Whatever happened to kids going out spray painting bus shelters and setting fire to bins..?


Reply With Quote
  #17  
Old 13.07.2017, 15:37
gbn's Avatar
gbn gbn is offline
Forum Legend
 
Join Date: Dec 2005
Location: Zuri Oberland
Posts: 2,724
Groaned at 109 Times in 74 Posts
Thanked 2,349 Times in 1,103 Posts
gbn has a reputation beyond reputegbn has a reputation beyond reputegbn has a reputation beyond reputegbn has a reputation beyond reputegbn has a reputation beyond repute
Re: Reducing DDOS attacks?

Quote:
View Post
...This sort of attack is not particularly cheap, and I doubt teenagers can afford if just for this sort of conflict.
...
Open an AWS account, launch a free tier instance, ping like crazy.
It'll cost a few cents to ping for a hour or 2.
Reply With Quote
This user would like to thank gbn for this useful post:
  #18  
Old 13.07.2017, 15:41
Forum Legend
 
Join Date: Aug 2009
Location: Vaud
Posts: 4,569
Groaned at 492 Times in 321 Posts
Thanked 4,100 Times in 1,953 Posts
CorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond repute
Re: Reducing DDOS attacks?

Quote:
View Post
r6250
You could try this: https://kb.netgear.com/8219/How-to-s...outer-gateways


Plus I notice something, your R6250 is a router without modem capability (either adsl or cable), so it means you have another device behind.

That's probably the device taken down by the DOS; since your R6250 has Denial-of-service (DoS) attack prevention (I dont know how efficient is it, though).

So I think it would work only with the right setup, which would be:
1) The ISP device set in bridge mode (if possible)
2) Your R6250 as router, and doing everything, including your DOS prevention
3) Eventually doing the firewall thing to drop packets from the identified source.

Usually ISP devices are rubbish anyway, you just want them for the "modem" feature, nothing else. If you use it for TV and additional things, it gets more complex.

Otherwise, there is usually an admin page on ISP devices and you might be able to do the same thing with FW.
Reply With Quote
  #19  
Old 13.07.2017, 15:41
Newbie 1st class
 
Join Date: May 2017
Location: Zurich
Posts: 19
Groaned at 0 Times in 0 Posts
Thanked 16 Times in 7 Posts
elliotj has no particular reputation at present
Re: Reducing DDOS attacks?

If the guy is performing a DDos (Distributed Denial of Service), then blocking his source IP will not be effective at all - as the attack is distributed and will not be coming from him directly.

If you have dynamically assigned IP addresses, then rebooting the router is probably the easiest, or you could release and renew from the router config. However as someone has previously stated, Minecraft probably exposes your IP to the attacker, so having your son connect via a VPN to play could be an option to prevent the attacker from discovering your IP.

Also check that the router is dropping all incoming packets - there probably isn't any good reason for you to be accepting incoming packets in a home network unless you are hosting some sort of service.

As a last resort you could buy a hardware firewall to put between a modem and the router, but do be sure you are being attacked and your son did not do something that knocked the internet offline. It is quite surprising to see someones home being DoS'd, not impossible but its one of the least likely scenarios for your internet going down.
Reply With Quote
  #20  
Old 13.07.2017, 15:44
Tom1234's Avatar
Forum Legend
 
Join Date: Jan 2007
Location: Kanton Luzern
Posts: 13,943
Groaned at 439 Times in 346 Posts
Thanked 19,042 Times in 7,983 Posts
Tom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond repute
Re: Reducing DDOS attacks?

Quote:
View Post

but do be sure you are being attacked and your son did not do something that knocked the internet offline. It is quite surprising to see someones home being DoS'd, not impossible but its one of the least likely scenarios for your internet going down.
The guy said he was going to do it just before it went down.

There's stuff all over the internet including Youtube videos on how to do it. It's not rocket science.
Reply With Quote
Reply




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Pressure reducing valve for outside tap? Tom1234 Housing in general 38 18.08.2017 17:16
Major outage Twitter,Paypal,Ebay-ddos attack omtatsat TV/internet/telephone 8 23.10.2016 22:34
Reducing risk of Prostate cancer! marton Family matters/health 21 31.10.2014 12:32
Reducing Taxable Income: 3a et al. backtoch Finance/banking/taxation 6 27.02.2012 11:07


All times are GMT +2. The time now is 15:23.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.1.0