To create and edit articles in the Wiki, please kindly create and login to your forum account here

Ddos Mitigation & Protection

From Sharkbrew Clanning Wiki
Jump to navigation Jump to search

Losing your internet connection as a result of a Ddos causes loss of time, loss of in-game wealth, and inconvenience to yourself and everyone who shares your internet connection. Being a victim also only empowers the attack and validates his or her actions, and the result of such actions may encourage such individuals to seek other other victims to exert their authority. I hope this guide prevent you becoming a victim of such crimes.

What is Ddosing?

"Ddosing"/"dos"/"Ddos" stands for (Distributed) denial of service, and they are used interchangeably in the community to indicate an attack on an internet endpoint such as and not limited to home IP address, a teamspeak server, your clan's website. Generally, such attacks aim to degrade the connectivity of the internet endpoint to a point it cannot receive or transmit data. Attack methods vary from application to application that I would not discuss here as it is outside of the scope of this guide, nevertheless if you wish to learn more, please do visit this link

In this guide, I will only be talking about Ddos mitigation and protection of your home internet connection.

How are attacks are conducted

Most attacks against home internet connections are the type that exhaust your download bandwidth limit by sending you more data than your download limit can handle. A bandwidth limit is a cap that is imposed by your internet service provider on how much data you can transmit or receive. If you check the sales page of your internet service provider, you might come across plans that indicated your download speed, say 20Mbp/s or 1Gb/s. While you might be thinking that 20 megabits or 1 Gigabits is a lot, bear in mind that nearly all attack tools have ability to send you data many orders of magnitude greater than those stated.

I will be listing some of the popular tools used

Stressers/Booters

Stressers/Booters are 3rd party service providers that sell you the ability to overload a particular IP address using a simple web form, or even through a mobile application. Just like internet service plans, they even offer plans on how much data their services can even send.

Such services generally rented off a botnet or they might even have their own cluster of off-shore servers.

Botnet

Botnets are made of zombie endpoints that are connected to the internet. While botnets are popularized in the media as infected home computers, zombie endpoints can come in all shapes and sizes such as compromised dedicated servers, internet routers or IoT devices. Botnet analogous to stressers/booters except that they are typically more powerful in terms on how much data they can send, and the flexibility in customization in their attack patterns.

Off shore servers

If you want the flexibility of a botnet, but don't have access to said bot network, offshore servers can provide the same level flexibility. Such servers are located in countries where internet crime(Ddosing is an internet crime) are lax.

Prerequisite for an attack

All internet endpoints are assigned a unique IP address, not to be confused with your local IP assigned by your LAN, that either comes under the IPv4 or IPv6 notation. IP addresses are usually written and displayed in human-readable notations, such as 172.16.254.1 in IPv4, and 2001:db8:0:1234:0:567:8:1 in IPv6.

The goal for any attacker is to obtain your IP addresses, and this can be accomplished in a surprisingly number of creative ways.

Social engineered IP grabbing

If you connect to any service resource, such as a website, the web resource is able to log your IP addresses. Taking advantage of this, attackers can create a variety of web resource to entice victims to click on them, and thus exposing his/her IP address for attackers to take advantage of. Tricking users to click on such links is fairly non-trivial and most methods often take advantage of ingrained user behavior, such as clicking fake gif image play buttons. In this age of social media, users should be very cautious when clicking links on social media platforms.

Passive IP grabbing

Another form is passive IP grabbing where this web resource is an image which is embedded in another web resource, like a website. When victims visits the website, their web browser automatically loads the image, thus betraying their IP address to the attacker. This is not restricted to websites and can come in all forms, such as images within emails.

Application exploits

If you are old enough, you may have heard of Skype IP resolver. These sort of exploits are however quite rare and most are often patched very quickly. As a rule of thumb, applications that allow direct connections between 2 computers could be vulnerable like game matching sessions, VOIP, or direct file transfer between users.

Self hosted services providers

Self hosted service providers of forums, teamspeaks, mumble, etc, all log your IP addresses. These tend to be fairly secure unless such services are hacked or the administrators are unscrupulous and sell your address data to 3rd party members.

Dynamic DNS

As many homes are equipped with Smart IoT devices, such devices may require your provider to assign a (generally) non changeable domain name that points to your IP address. Such setup is not conducive to privacy and security, and you should migrate to other services that do not require such a setup.

Ddos mitigation

"Not all animals are equal on the farm", and this saying is no different for internet home users, who could be classified into two categories.

Dynamic IP address

For users with dynamic IP addresses, thank the heavens because you are able to change your IP address at will, but remember that this does not render immune to ddosing. If your IP address has been leaked, you will still lose your internet connection. Therefore it is best you take a look at our best practices and protection section later in this guide.

Dynamic IP's are often mistaken for static IP's because they aren't easy to change, when in reality the dynamic IP has a very long lease time. If this is the case you can usually call your ISP and ask them to change your IP.

Static IP address