d2jsp
Log InRegister
d2jsp Forums > Off-Topic > Computers & IT > Programming & Development > Been A Victim Of Ddos Attack > What To Do
12Next
Add Reply New Topic New Poll
Member
Posts: 8,010
Joined: Jan 21 2009
Gold: 17.00
Jan 20 2013 01:51pm
Hey all not sure if this is the right place to post this I am just looking for information.


Some kid on my nephew xbox has been disabling our internet for a while now yesterday he did it like 5 times. I called my ISP I think they said they noticed something and that this has been forwarded to the "escalation desk"
Wasnt until after this that I found the DOS attacks in my routers logs. DOS attack, fin scan, storm and ACK scan. My isp's security dpt is closed. My question is what can i do if i go my local police are they going to look at me like i am crazy? I have reason to belive this person is on my same ISP.

This post was edited by Historic on Jan 20 2013 01:53pm
Member
Posts: 10,812
Joined: Oct 15 2009
Gold: Locked
Warn: 20%
Jan 20 2013 02:21pm
DDoS and DoS are not the same thing. Port scanning itself not illegal but considered very rude and often signals the beginning of an attack. Report the IP to the ISP who owns the block (to their abuse account).
Change your IP address and that will stop the attack.

This post was edited by Azrad on Jan 20 2013 02:23pm
Member
Posts: 8,010
Joined: Jan 21 2009
Gold: 17.00
Jan 20 2013 05:28pm
Quote (Azrad @ Jan 20 2013 03:21pm)
DDoS and DoS are not the same thing. Port scanning itself not illegal but considered very rude and often signals the beginning of an attack. Report the IP to the ISP who owns the block (to their abuse account).
Change your IP address and that will stop the attack.


But this guy def 100% knocked out our internet more then a few times. I will do this. also every log said DOS attack.

This post was edited by Historic on Jan 20 2013 05:29pm
Member
Posts: 95
Joined: Nov 26 2012
Gold: 284.00
Jan 20 2013 06:15pm
Quote (Historic @ Jan 20 2013 03:28pm)
But this guy def 100% knocked out our internet more then a few times. I will do this. also every log said DOS attack.


router logs are very inaccurate (just sending a few pings to some routers is enough to make it start chirping that your being PoD (ping of deathed)). just change your ip and dont join any games with that person any more. he gained your ip via bridging his xbox into his computer and using packet sniffing software or rather just made life easy and used cain and able to find it once you joined his lobby. if you goto the local police they will most likely tell you to go away and laugh at you.

more so if it is a single ip address sending packets at you report that address to their ISP's abuse email (can be found by running whois on the ip address). if it is multiple ip addresses reporting is not really going to do much and simply ask your ISP for a ip change or do it yourself if you know how.

This post was edited by Alithea on Jan 20 2013 06:16pm
Member
Posts: 8,010
Joined: Jan 21 2009
Gold: 17.00
Jan 20 2013 07:20pm
Quote (Alithea @ Jan 20 2013 07:15pm)
router logs are very inaccurate (just sending a few pings to some routers is enough to make it start chirping that your being PoD (ping of deathed)). just change your ip and dont join any games with that person any more. he gained your ip via bridging his xbox into his computer and using packet sniffing software or rather just made life easy and used cain and able to find it once you joined his lobby. if you goto the local police they will most likely tell you to go away and laugh at you.

more so if it is a single ip address sending packets at you report that address to their ISP's abuse email (can be found by running whois on the ip address). if it is multiple ip addresses reporting is not really going to do much and simply ask your ISP for a ip change or do it yourself if you know how.


He just knocked out our internet and yah hes using multible IP's one from GA, CA and NY Im guessing this i going to prevent him from being caught?. My ISP told me many times to go to the local authorities. I printed out pictures of all the logs.
Is it really possible to be untraceable when doing these attacks?
Member
Posts: 20,464
Joined: Dec 31 2006
Gold: 131.00
Jan 20 2013 07:21pm
you/your nephew should try not to piss people off

This post was edited by WhyteLinux on Jan 20 2013 07:22pm
Member
Posts: 11,610
Joined: Oct 28 2008
Gold: 1,795.00
Jan 20 2013 07:24pm
Quote (Historic @ Jan 20 2013 08:20pm)
He just knocked out our internet and yah hes using multible IP's one from GA, CA and NY Im guessing this i going to prevent him from being caught?. My ISP told me many times to go to the local authorities. I printed out pictures of all the logs.
Is it really possible to be untraceable when doing these attacks?


If he's using a proxy to access the vps's (i assume vps's) then it'll take longer to find him, proxy inside a proxy then longer, and so on....

chances are the idiot didn't though, as that would take awhile to accomplish through a proxy
and he can be found by talking to the companies who own the vps's (what the police will do) and seeing what ip accessed the vps, or set up the vps

then find what house the ip is at
bust him

and there is your internet lesson of the day
Member
Posts: 95
Joined: Nov 26 2012
Gold: 284.00
Jan 20 2013 08:27pm
Quote (0n35 @ Jan 20 2013 05:24pm)
If he's using a proxy to access the vps's (i assume vps's) then it'll take longer to find him, proxy inside a proxy then longer, and so on....

chances are the idiot didn't though, as that would take awhile to accomplish through a proxy
and he can be found by talking to the companies who own the vps's (what the police will do) and seeing what ip accessed the vps, or set up the vps

then find what house the ip is at
bust him

and there is your internet lesson of the day


using tor to access ssh isnt that hard. just use usewithtor, torify, or proxychains and it will force all your traffic of the running application through tor. as for the vps thing the abuser most likely bought a "booter" in which the author of the application hosts a web application in which the purchaser may log into using bought credentials to issue commands to and then the web application will then issue commands to all related servers/botnets adding another layer of obscurity. these are also easily found and purchasable for as little as "10-20$ for lifetime use" through many websites and may reach as much as 4gigabits per second of bandwidth (which is realitivly little in terms of linux server botnets, but enough to crush any home users lines)

if you do get to file a police report without getting laughed at it will be on very low priority and the attacker may not even be caught. hell id be amazed if they even touch your case any sooner than a month after filing it because lets face it... there are more important crimes going on other then some teenager consuming your bandwidth to the point of failure because your nephew talked trash to some other teenager on a videogame.

as i said change your ip, live, learn, move on.

This post was edited by Alithea on Jan 20 2013 08:32pm
Member
Posts: 8,010
Joined: Jan 21 2009
Gold: 17.00
Jan 20 2013 10:03pm
Quote (Alithea @ Jan 20 2013 09:27pm)
using tor to access ssh isnt that hard. just use usewithtor, torify, or proxychains and it will force all your traffic of the running application through tor. as for the vps thing the abuser most likely bought a "booter" in which the author of the application hosts a web application in which the purchaser may log into using bought credentials to issue commands to and then the web application will then issue commands to all related servers/botnets adding another layer of obscurity. these are also easily found and purchasable for as little as "10-20$ for lifetime use" through many websites and may reach as much as 4gigabits per second of bandwidth (which is realitivly little in terms of linux server botnets, but enough to crush any home users lines)

if you do get to file a police report without getting laughed at it will be on very low priority and the attacker may not even be caught. hell id be amazed if they even touch your case any sooner than a month after filing it because lets face it... there are more important crimes going on other then some teenager consuming your bandwidth to the point of failure because your nephew talked trash to some other teenager on a videogame.

as i said change your ip, live, learn, move on.


ive heard the oppossite that the police will be more then willing to bust people for this since its easy money.
Member
Posts: 95
Joined: Nov 26 2012
Gold: 284.00
Jan 20 2013 10:42pm
Quote (Historic @ Jan 20 2013 08:03pm)
ive heard the oppossite that the police will be more then willing to bust people for this since its easy money.


its not easy at all. there would be multiple warrants that would need to be issued towards different companies within many countries. sure if everything was local to you it might be a bit easier assuming that they can track people through anonymous connection generating applications like tor (which if you did not know bounces your connection throughout encrypted tor nodes through out the world ranging from 2-30 hops depending on settings) which makes tracking people difficult. then there is the part about obtaining warrants to ask companies outside their jurisdiction for information such as vpn networks that are mostly hosted in europe (the good ones at least) and at that many of the good ones do not keep logs of who connects and does what.

tracking online cyber crime is not easy at all. if major investigative companies such as the fbi and the others (who are dedicated to tracking cyber criminals) have a hard time tracking down cyber threats what makes you think your local police department will have any success.

pretty much unless he was sending the attacks directly from his computer to yours without anything between you two, the local police will not really be able to do anything. there is more behind cyber crimes then you think, but if you are still convinced its the right thing to do go ahead and try, after all it doesnt hurt to take on a extremely difficult task lol.

overall they wont be able to do anything.

edit: overview of the attack that may be taking place depicting the scenario that you mentioned.

1) the attacker has his xbox rigged up to his computer to obtain other players ip address in his lobbies and you just happened to make him mad.
2) attacker has access to a "booter" which he purchased which is compromised of a remote control panel and a series of STOLEN* servers.
3) attacker may or may not be behind protective services but that wont really matter because of the way most booter control panels are designed.

*STOLEN servers mean that there is no link to the original attacker or the seller of the "booter". aka no recipts no logs no nothing. and since the person attacking you is not actually connecting the the servers doing the attacking (thats what the remote panel is for) his identity is kept safe.

just change your ip and forget this happened lol. after all its a regular occurrence when you play online games. also doesnt matter the console or environment you play on your ip address is readily available wither you play mmos on the computer and use ventrilo (admins or users who have RCON privs can get your ip), or direct connection games (fps, all consoles, etc). with the internet and most of this readily available on the internet this practice of gaming mischief will be more common in a few years.

This post was edited by Alithea on Jan 20 2013 10:53pm
Go Back To Programming & Development Topic List
12Next
Add Reply New Topic New Poll