getting DDoSed

If multiple router reboots and a factory reset doesn't allocate a new dynamic IP (I don't see why It shouldn't), purchase another router and start from scratch- with the Intention of assigning a new IP.

(08-05-2018, 11:31 AM)mothered Wrote:

[To see links please register here]

(08-05-2018, 11:17 AM)l33t Wrote:

[To see links please register here]

(07-06-2018, 11:44 AM)mothered Wrote:

[To see links please register here]

I haven't sifted through each and every post, but have you performed a factory reset on your router? Also, If your router has a built-In firewall, you can define security rules and filter Incoming traffic to block the attack.

If you're running a dynamic IP, It's strange that multiple reboots didn't assign a new one.

I have a modem with a built in router, so I have no idea how/if to reset that.

Generally speaking, there's a hole at the back of the unit and upon Inserting a paperclip for 5-10 seconds, It will reset the modem/router.

Once you see lights flashing, It will reboot & reset back to It's factory state.

Just gonna quote you head, before doing so, make sure you get the email details and password that is stored in the router as "PPP Setting".

I can't seem to find the log file Bish0pQ mentioned, I'm looking in my internet administration stuff and I see something "block fragmented ip packets", would this help block the attack possibly?

(08-05-2018, 11:31 AM)mothered Wrote:

[To see links please register here]

(08-05-2018, 11:17 AM)l33t Wrote:

[To see links please register here]

(07-06-2018, 11:44 AM)mothered Wrote:

[To see links please register here]

I haven't sifted through each and every post, but have you performed a factory reset on your router? Also, If your router has a built-In firewall, you can define security rules and filter Incoming traffic to block the attack.

If you're running a dynamic IP, It's strange that multiple reboots didn't assign a new one.

I have a modem with a built in router, so I have no idea how/if to reset that.

Generally speaking, there's a hole at the back of the unit and upon Inserting a paperclip for 5-10 seconds, It will reset the modem/router.

Once you see lights flashing, It will reboot & reset back to It's factory state.

Just did the reset and it didn't change my IP.

(08-05-2018, 11:47 AM)Mimiakira Wrote:

[To see links please register here]

Don't forget, people can "bullsh*t". Have you noticed your computer going slow, is it part of a botnet or...?

I would do a fucking clean wipe on all machine and router and, if you're still getting troubles, it's your ISP that you will need to contact. you need to eliminated options till you get your answer. being part of a tech, that's what we had to do to find the issue.

It's not a virus and I'm not part of a botnet, I'm getting ddosed and I'm sure of this. my ISP is of no help.

(08-05-2018, 11:49 AM)mothered Wrote:

[To see links please register here]

If multiple router reboots and a factory reset doesn't allocate a new dynamic IP (I don't see why It shouldn't), purchase another router and start from scratch- with the Intention of assigning a new IP.

I cannot just purchase a router, I'd have to purchase an entire new modem which would set me back €200, something I'd rather avoid.

(08-05-2018, 12:06 PM)l33t Wrote:

[To see links please register here]

I cannot just purchase a router, I'd have to purchase an entire new modem which would set me back €200, something I'd rather avoid.

That's what I meant, your AP- modem/router whatever gateway you access the net.

I'm at a loss as to why your ISP cannot handle It on their end. The traffic (DDoS) Is obviously going through them, yet they're refusing to take responsibility and provide you the service that you signed up for. I'm sure you didn't agree to a DDoS as part of your monthly quota. I'd be speaking to senior management and "demand" they wake up to themselves and get their act together.

@"l33t" Download Wireshark, look for packets coming in at an unrealistic rate, SOMETIMES they will have a message including but not limited to "A cat is fine too", click one of the packets and look for the IP it's coming from. Then report it to the Cable Company or something.

Also, if you can put a linux system (DD-WRT or similar, maybe?) as your router (just behind your modem, nothing in between) you can either set all inbound connections to DROP or limit them to 3 connections per 60 second interval. UFW if good for this if you can get it on your router. Set all outbound connections with UFW to LIMIT (or plain DENY, not REJECT since REJECT rules still send a response), and you should be pretty well off. I did this on my home network and withstood a 40 Gbit/s DDoS attack.

(08-05-2018, 03:51 PM)mothered Wrote:

[To see links please register here]

(08-05-2018, 12:06 PM)l33t Wrote:

[To see links please register here]

I cannot just purchase a router, I'd have to purchase an entire new modem which would set me back €200, something I'd rather avoid.

That's what I meant, your AP- modem/router whatever gateway you access the net.

I'm at a loss as to why your ISP cannot handle It on their end. The traffic (DDoS) Is obviously going through them, yet they're refusing to take responsibility and provide you the service that you signed up for. I'm sure you didn't agree to a DDoS as part of your monthly quota. I'd be speaking to senior management and "demand" they wake up to themselves and get their act together.

I will demand to speak to a manager the next time I call them, last time I asked to speak to a higher up the lady hung up on me so I hope it'll go better the next time around.

(08-05-2018, 05:21 PM)M00N66 Wrote:

[To see links please register here]

@"l33t" Download Wireshark, look for packets coming in at an unrealistic rate, SOMETIMES they will have a message including but not limited to "A cat is fine too", click one of the packets and look for the IP it's coming from. Then report it to the Cable Company or something.

Don't most booters have thousands of different bots that send packets, if 1 gets blocked I'm sure it won't achieve a lot.

(08-05-2018, 09:54 PM)l33t Wrote:

[To see links please register here]

(08-05-2018, 03:51 PM)mothered Wrote:

[To see links please register here]

(08-05-2018, 12:06 PM)l33t Wrote:

[To see links please register here]

I cannot just purchase a router, I'd have to purchase an entire new modem which would set me back €200, something I'd rather avoid.

That's what I meant, your AP- modem/router whatever gateway you access the net.

I'm at a loss as to why your ISP cannot handle It on their end. The traffic (DDoS) Is obviously going through them, yet they're refusing to take responsibility and provide you the service that you signed up for. I'm sure you didn't agree to a DDoS as part of your monthly quota. I'd be speaking to senior management and "demand" they wake up to themselves and get their act together.

I will demand to speak to a manager the next time I call them, last time I asked to speak to a higher up the lady hung up on me so I hope it'll go better the next time around.

(08-05-2018, 05:21 PM)M00N66 Wrote:

[To see links please register here]

@"l33t" Download Wireshark, look for packets coming in at an unrealistic rate, SOMETIMES they will have a message including but not limited to "A cat is fine too", click one of the packets and look for the IP it's coming from. Then report it to the Cable Company or something.

Don't most booters have thousands of different bots that send packets, if 1 gets blocked I'm sure it won't achieve a lot.

Yes, most use many different bots. That's actually the difference between DDoS and DoS (DDoS uses multiple bots, while DoS uses only one).
If, though, you limit them to 3 connections / munite (like I said above), you will notice an initial drop in network speed (assuming the bots come online at exactly the same time, but after a sizable amount of bots get blocked, all you need to do is hold off any new ones that come online to replace the old ones. No bot will send more than 3 connections worth of data, which isn't actually much even for a large botnet, since they get disconnected almost immediately. This basically reduces it from at any given moment a large DDoS attack to maybe a few DoS attacks. And DoS attacks are pretty easy to block.

(08-05-2018, 11:08 PM)l33t Wrote:

[To see links please register here]

(07-06-2018, 11:44 AM)mothered Wrote:

[To see links please register here]

I haven't sifted through each and every post, but have you performed a factory reset on your router? Also, If your router has a built-In firewall, you can define security rules and filter Incoming traffic to block the attack.

If you're running a dynamic IP, It's strange that multiple reboots didn't assign a new one.

(08-05-2018, 10:16 PM)Cryogenica Wrote:

[To see links please register here]

(08-05-2018, 09:54 PM)l33t Wrote:

[To see links please register here]

I will demand to speak to a manager the next time I call them, last time I asked to speak to a higher up the lady hung up on me so I hope it'll go better the next time around.


Don't most booters have thousands of different bots that send packets, if 1 gets blocked I'm sure it won't achieve a lot.

Yes, most use many different bots. That's actually the difference between DDoS and DoS (DDoS uses multiple bots, while DoS uses only one).
If, though, you limit them to 3 connections / munite (like I said above), you will notice an initial drop in network speed (assuming the bots come online at exactly the same time, but after a sizable amount of bots get blocked, all you need to do is hold off any new ones that come online to replace the old ones. No bot will send more than 3 connections worth of data, which isn't actually much even for a large botnet, since they get disconnected almost immediately. This basically reduces it from at any given moment a large DDoS attack to maybe a few DoS attacks. And DoS attacks are pretty easy to block.

Yes sadly my ISP doesn't allow for that much customisation with my modem.

It wouldn't be your modem you customize, it would be your router. Nevertheless, some modems do double as routers. Perhaps that's the case for you?
If you do have a separate router, you should install DD-WRT (or some WRT variant), assuming it's compatible, or if it's not compatible, I'd recommend getting a router that is.
But, of course, if your modem and router are the same unit, I have to agree with other comments that you're pretty much screwed until you get a new router.

But there is another way. Usually the ISP reserves your IP for either 24, 48, or 72 hours. If you can go with internet for that long (I'd add at least an hour padding, as well) you should be able to get a new IP address. If that doesn't work, you probably have a static IP so you would need to either get a new router, or if that doesn't work you might even have to get a new internet plan.