To create and edit articles in the Wiki, please kindly register and login to your forum account here

Ddos Mitigation & Protection

From Sharkbrew Clanning Wiki
Jump to navigation Jump to search

Losing your internet connection as a result of a Ddos causes loss of time, loss of in-game wealth, and inconvenience to yourself and everyone who shares your internet connection. Being a victim also only empowers the attack and validates his or her actions, and the result of such actions may encourage such individuals to seek other other victims to exert their authority. I hope this guide prevent you becoming a victim of such crimes.

What is Ddosing?[edit | edit source]

"Ddosing"/"dos"/"Ddos" stands for (Distributed) denial of service, and they are used interchangeably in the community to indicate an attack on an internet endpoint such as and not limited to home IP address, a teamspeak server, your clan's website. Generally, such attacks aim to degrade the connectivity of the internet endpoint to a point it cannot receive or transmit data. Attack methods vary from application to application that I would not discuss here as it is outside of the scope of this guide, nevertheless if you wish to learn more, please do visit this link

In this guide, I will only be talking about Ddos mitigation and protection of your home internet connection.

How are attacks are conducted[edit | edit source]

Most attacks against home internet connections are the type that exhaust your download bandwidth limit by sending you more data than your download limit can handle. A bandwidth limit is a cap that is imposed by your internet service provider on how much data you can transmit or receive. If you check the sales page of your internet service provider, you might come across plans that indicated your download speed, say 20Mbp/s or 1Gb/s. While you might be thinking that 20 megabits or 1 Gigabits is a lot, bear in mind that nearly all attack tools have ability to send you data many orders of magnitude greater than those stated.

I will be listing some of the popular tools used

Stressers/Booters[edit | edit source]

Stressers/Booters are 3rd party service providers that sell you the ability to overload a particular IP address using a simple web form, or even through a mobile application. Just like internet service plans, they even offer plans on how much data their services can even send.

Such services generally rented off a botnet or they might even have their own cluster of off-shore servers.

Botnet[edit | edit source]

Botnets are made of zombie endpoints that are connected to the internet. While botnets are popularized in the media as infected home computers, zombie endpoints can come in all shapes and sizes such as compromised dedicated servers, internet routers or IoT devices. Botnet analogous to stressers/booters except that they are typically more powerful in terms on how much data they can send, and the flexibility in customization in their attack patterns.

Off shore servers[edit | edit source]

If you want the flexibility of a botnet, but don't have access to said bot network, offshore servers can provide the same level flexibility. Such servers are located in countries where internet crime(Ddosing is an internet crime) are lax.

Prerequisite for an attack[edit | edit source]

All internet endpoints are assigned a unique IP address, not to be confused with your local IP assigned by your LAN, that either comes under the IPv4 or IPv6 notation. IP addresses are usually written and displayed in human-readable notations, such as 172.16.254.1 in IPv4, and 2001:db8:0:1234:0:567:8:1 in IPv6.

The goal for any attacker is to obtain your IP addresses, and this can be accomplished in a surprisingly number of creative ways.

Social engineered IP grabbing[edit | edit source]

If you connect to any service resource, such as a website, the web resource is able to log your IP addresses. Taking advantage of this, attackers can create a variety of web resource to entice victims to click on them, and thus exposing his/her IP address for attackers to take advantage of. Tricking users to click on such links is fairly non-trivial and most methods often take advantage of ingrained user behavior, such as clicking fake gif image play buttons. In this age of social media, users should be very cautious when clicking links on social media platforms.

Passive IP grabbing[edit | edit source]

Another form is passive IP grabbing where this web resource is an image which is embedded in another web resource, like a website. When victims visits the website, their web browser automatically loads the image, thus betraying their IP address to the attacker. This is not restricted to websites and can come in all forms, such as images within emails.

Application exploits[edit | edit source]

If you are old enough, you may have heard of Skype IP resolver. These sort of exploits are however quite rare and most are often patched very quickly. As a rule of thumb, applications that allow direct connections between 2 computers could be vulnerable like game matching sessions, VOIP, or direct file transfer between users.

Computer malware[edit | edit source]

If your computer has been infected, worrying about Ddos is the least of your concerns, but for the sake of pedantic, yes the attack will have access to your IP address.

Self hosted services providers[edit | edit source]

Self hosted service providers of forums, teamspeaks, mumble, etc, all log your IP addresses. These tend to be fairly secure unless such services are hacked or the administrators are unscrupulous and sell your address data to 3rd party members.

Dynamic DNS[edit | edit source]

As many homes are equipped with Smart IoT devices, such devices may require your provider to assign a (generally) non changeable domain name that points to your IP address. Such setup is not conducive to privacy and security, and you should migrate to other services that do not require such a setup.

IP address assignment types[edit | edit source]

"Not all animals are equal on the farm", and this saying is no different for internet home users, who could be classified into two categories.

Dynamic IP address[edit | edit source]

For users with dynamic IP addresses, thank the heavens because you are able to change your IP address at will, but remember that this does not render immune to ddosing. If your IP address has been leaked, you will still lose your internet connection. Therefore it is best you take a look at our best practices and protection section later in this guide.

Dynamic IP's are often mistaken for static IP's because they aren't easy to change, when in reality the dynamic IP has a very long lease time. If this is the case you can usually call your ISP and ask them to change your IP.

Static IP address[edit | edit source]

You are in a complete world of sh** if you are assigned this address as it becomes a single point of failure in your whole network and mitigation strategy. The most straight forward way to determine whether you have a static IP address is to visit this website: https://www.whatismyip.com/, take note of the IPv6 and IPv4, kill power to modem, of if you don't know what a modem is, kill power to the entire house using circuit breakers for 30 minutes before visiting the site again. If your IP is the same as before, there is a high probability you are on a static IP address

Ddos mitigation tools[edit | edit source]

The goal is to prevent your IP address from being leaked out in the first place. In subsequent section, I shall discuss potential strategies you may use if your IP address is already out in the wind.

Software Virtual private networks(VPNs)[edit | edit source]

Using a VPN is a surefire way of masking your real IP address. However it does not protect you if your real IP address is known to the attacker. Additionally, while using a software VPN would be able to negate majority of the attempts at grabbing your IP addresses as mentioned in the prerequisite section, there are still exploits methods to obtaining your IP address even with VPN enabled using P2P javascript technologies in your typical browser like Chrome or Firefox.

As we are more reliant on our smartphones, and especially with the advent of Discord, a software VPN would result in you making sure you install said software on every device on your network- which can be a challenging proposition if you have more than 2 devices.

VPN routers[edit | edit source]

VPN routers are one step above software VPNs where it protects all devices on your network by hosting the VPN software within the router itself. The caveats are that is still doesn't protect you if your IP address is known, but it comes with the additional benefit of not being susceptible to P2P browser exploits, and the ease of securing all your devices at once.

Dynamic IP address[edit | edit source]

Having a dynamic IP address is a mitigation tool within itself as you can change your IP address anytime, and attackers have to expense time and effort to obtaining your new address.

Mobile hotspot or Mobile/Roving router[edit | edit source]

Using a mobile hotspot allows you to change your IP, and simply reconnecting to the mobile network may assign your mobile device a new address. This effectively allows you to have a separate IP address.

Ddos mitigation strategy[edit | edit source]

Dynamic IP Addresses[edit | edit source]

  • Ensure that your computer is free of any malware
  • Make sure you change your address regularly by turning off and turning on the modem
  • Make sure you change your address and close all unnecessary applications on your PC before doing high risk activity
  • Make sure you avoid P2P applications that expose your IP addresses to other computers/networks
  • Avoid clicking links on social platforms
  • Using a VPN is an optional step but it can simplify the process of changing your IP address

Static IP addresses[edit | edit source]

  1. Remove all wired and wireless devices from the network
  2. Make sure your computer is free of malware
  3. Make sure you close all applications on your computer except for 1 browser tab that is used to setting up the VPN software or the VPN router
  4. Make sure dynamic DNS is turned off
  5. *Optional* If you believe your static address isn't known, continue to the next step, else read the section later on how to renew your static address
  6. Purchase either a VPN router(safest) or install software VPN on all your devices
  7. Make sure your DNS server is pointed to either google(8.8.8.8,8.8.4.4) or cloudflare(1.1.1.1)
  8. Confirm that you are on your VPN server by checking the IP address https://www.whatismyip.com/
  9. Make sure you follow all the internet safety steps as described in the Dynamic IP address section just above

Renewing your static IP address[edit | edit source]

If you have reason to believe your IP address has been compromised, there are various methods to achieving this goal and I have listed them in order of priority

Call up the ISP and complain about intermittent network issues[edit | edit source]

Some ISPs may be willing to change it for you if you simply drop them a phone call.

Disconnect the modem overnight[edit | edit source]

Sometimes, static IPs have a really long lease time, if you disconnect your modem before heading to bed, you may receive a new address in the morning.

Change your ISP[edit | edit source]

If your area has multiple ISPs, feel free to request a change to a new one with dynamic IP addressing.

Obtaining a new modem[edit | edit source]

If the above methods doesn't work and you are stuck with one bloody provider, then the below(more extreme methods are available to you)

In some cases, ISP modems are tied to a fixed IP address. Changing the modem would change the address and there are ways you could compel your provider into doing it for you:

Tampering with the modem electronics[edit | edit source]

The idea is to render the electronics non functional while preserving the exterior outside casing. The easiest way of doing this is to connect the modem to higher voltage source like 24v. Leaving it plugged in for a while would render the modem non functional and have it replaced by the ISP. This can also be blamed on power surges. Alternatively placing the modem in the microwave for very short period of time(2-5 seconds) will render the device inoperable(but don't let it catch fire!).

Stress testing the network(Illegal in many parts of the world)[edit | edit source]

Have a friend purchase a stress test tool, and request for the ISP to send a technician down to repair the network. During the repair have your friend stresstest the network. By law, the ISP have to ensure you have a connectivity at least XX% of the time. The simplest way they would do this is to issue you a new IP address.

Conclusions[edit | edit source]

The ease of Ddos tools and the emotionally fraught aspect of many online games has led to people trying to undermine the enjoyment of your game. While we can wish that people stop using said tools, it is a unrealistic option- thus the only sensible methods is to protect ourselves and deter attackers by being a much harder target.