Getting DDOSed. How to protect yourself?

[Guest]

Hello, my friend's kid is an amature hacker & game cheater. He's only 13 so doesn't know much better.

He managed to tick off the wrong person & now his home network is getting DDOSed. Every computer on the home network has slow internet.

 

I recommended that they call Verizon to have their IP address changed, & get a VPN service.

 

What else can they do to protect themselves? They've already had their IP address changed & they got DDOSed again.
I heard some companies get software that checks to see if a connection is sending too many pings and if so, it blocks the connection. I'm going to presume this script kiddy isn't using a network of computers to bring the network down. If they are getting DDOSed by a network of computers, is it settled that they're screwed no matter what? What else could they do if that's the case?

 

The kid believes he knows who the DDOSer is. I doubt there's any thing the government can/would do so it's kinda in our own hands.

Let me know if there's anything else they can do to protect themselves! I feel like this thread could be a great resource for targets of malicious intent.

 

I'm taking some classes in computer security but they were mostly presented for large companies & identification of what a DDOS is. No real solutions were proposed. After some small research, I'm seeing most suggestions as things I've mentioned. I'm guessing I'll need a network monitoring program like wireshark to view what connections are attempting to flood the network & block them manually.

 

Some other resource I'm looking at:

https://www.esecurityplanet.com/network-security/5-tips-for-fighting-ddos-attacks.html

Spoiler

Spoiler

Quote

• rate limit your router to prevent your Web server from being overwhelmed
• add filters to tell your router to drop packets from obvious sources of attack
• timeout half-open connections more aggressively
• drop spoofed or malformed packages
• set lower SYN, ICMP, and UDP flood drop thresholds

Bullet point 2 seems to say that some Routers can be configured to block obvious attacks.

Bullet point 5 says that UDP can be blocked in some way. This kid also plays online video games that likely use UDP for its networking protocols. (Minecraft, fortnite, so forth.)

 

[Viper9]

He got what he deserved for cheating. Usually if you want an anti DDOS protection you need a business grade firewall. 

[Windows7ge]

Running the games though a Proxy (a VPN) would probably be his best option. Increased ping but any DDoS attacks on him would be thwarted. After changing the homes Public IP the only way for the attacks to start again is he connected to a game and the attacker got the new IP address.

 

Wireshark wouldn't do anything for you here as it's a LAN based network management tool. You need something to reroute the traffic from the WAN. You won't be able to read or see DDoS attacks on the WAN interface from WireShark. That's how DDoS works. It doesn't infiltrate your LAN.

 

Most of the DDoS mitigation tools built unto consumer routers won't do a whole lot. Even if the router drops packets from a attack the CPU still has to react to the requests and that uses CPU cycles. If the attack is big enough it'll still overwhelm the router.

[schwellmo92]

There's nothing you can really do in a home environment. If his public IP address has changed and he is still being DDoS'd he is obviously leaking the new IP somehow. That could be via IRC if he uses that, he could be clicking on links that they send him, or it could be scraped from a forum/website he uses.

[Statik]

I think the best thing they can do to protect themselves is pull apart his PC and put all the pieces in the dishwasher, just to scrub any excess hacks off the components.

[jj9987]

First of all - how do you know it is a DDOS at all and not connection being slow for some other reason?

 

The thing about DDoS attack is that there are so many variants of them. ICMP pings is just one of many. It is not that easy to block away and even if you do, your home router will still be overloaded depending on the kind of the attack. If they are malformed packets that just target router, the router already drops them by default (unless there are some weird devices/configurations, that the router forwards the packets to). Adding another firewall rule is not going to help.

 

Depending on the volume, going for a business-grade firewall might not help. If the attacker has a 1Gbps line and you have 100 Mbps, he can send saturate your line so full, that even if the firewall can handle it, the line will still be saturated.

 

Your best bet is to contact the ISP for assistance, see what they say first. It is generally against ISP policy's to have their lines completely saturated using such attacks (causes loss of services). DoS attacks (so the ones that come from few IPs max) can be located and their ISPs can be notified - they are likely against their ISP's terms of service and might get their connection terminated.

 

Also - if it is not from a network of devices (it is not distributed), it is just a DOS attack - Denial of Service. DDOS is Distributed Denial of Service, where a large number of devices/computers are involved.

[Alex Atkin UK]

Your friend should change their IP again and ban their kid from the Internet.

Seriously, he needs to learn there are consequences to his actions before he pisses off the wrong person and your friend ends up in court.  Him being 13 doesn't alter the fact that what he is doing is illegal and the bill payer will be held responsible.

[WereCatf]

16 hours ago, fpo said:

my friend's kid is an amature hacker & game cheater retard and needs to learn a lesson

FTFY.

[RaiderZulu]

Make the kid pay for his own business connection?  Once on a separate connection, the kid should learn a lesson swiftly, all while freeing up the house connection.